Finding the Right Balance in the Fight Against Online Fraud
Mo Data stashed this in Cyber Security and De-Identification
According to the Association of Certified Fraud Examiners, the typical organization loses 5 percent of its revenues to fraudulent behavior each year, amounting to an annual total of nearly $3.7 trillion. There are many methods through which fraud can be initiated, but the increasing use of the Internet for making financial transactions, its international reach and the difficulties of checking the identity of users accurately have contributed to the rapid growth of online deception.+
A recent report by the Economist Intelligence Unit found that 70 percent of organizations reported suffering from fraudulent activities in the past year. And of those people surveyed, 81 percent thought that their exposure to fraudulent activity had increased over the past 12 months.+
Are organizations doing enough in the face of these figures? According to Sage Pay, 39 percent of organizations don’t spend anything on preventing fraudulent activities. Furthermore, 40 percent of large organizations would void a transaction completely rather than undertake further checks on a customer — a factor that could translate to lost business if the customer is merely turned away.+
However, in a separate report featured in The Telegraph, Sage Pay’s CEO cautions that an organization that experiences no fraud whatsoever may be using controls that are too tight; therefore, organizations need to find the right balance between turning away customers and protecting the business.+
Tackling Fraud in the CloudA new method for preventing fraudulent behavior is required that protects businesses but is not onerous for consumers looking to purchase from them or use their services. Keith Walker and Brian O’Donnell, two IBM Master Inventors, have recently patented such a method: IBM’s user-browser interaction-based fraud detection system.+
According to Walker, this invention is necessary because it is so easy for a user to purloin someone else’s account credentials and because it is easy for attackers to use automation, scripts and malware to enable them to log in as legitimate users. Security practitioners need a way to prevent fraud after login credentials have been breached.+
The technology works by analyzing the way that people navigate a website — how active they are in terms of browsing speed and their use of mouse clicks or keyboard controls. The idea is that people who log in to websites exhibit patterns of behavior and styles of interaction that are particular to them. Those behaviors can be analyzed when users first log in to a website — which can be done in a relatively short period of time — and then algorithms are applied to check their behavior on each subsequent visit. Should behavioral patterns differ from those initially detected, such as a user logging in using a tablet rather than a fixed PC, or using the keypad rather than the mouse, a simple security measure can be applied, such as asking them a step-up security question.
The technology was extremely effective in trials, with no false positives encountered. According to the inventors, it has already been included in Trusteer Pinpoint, one of IBM’s suite of security tools that is designed for fraud prevention
IBM’s support for such an invention is a testament to its ongoing commitment to providing security practitioners with the tools they need for detecting, responding to and investigating fraud, as well as forensically discovering patterns of fraudulent behavior in historic transactions through the use of analytical techniques. In March 2014, IBM unveiled its new, integrated Counter Fraud Management solution to allow security practitioners to proactively anticipate, handle and respond to threats related to fraudulent activity.+
A Fully Integrated ApproachThis invention for tackling fraudulent activity in online settings adds to its existing solutions and expands its Trusteer portfolio beyond detecting and responding to malware threats to those posed by the malicious behavior of individuals. It is not meant to be a stand-alone authentication technique, but rather a secondary verification that the user is who they say they are in a manner that is nonintrusive to the user. This will help to allay many of the security concerns of those organizations that are loath to impose extra, more invasive security checks on their customers because the process is so simple to follow.+
Having already been incorporated into IBM’s offerings, this solution is applicable for a wide range of other scenarios. According to the inventors, it will be invaluable for any websites with a vested interest in ensuring that the right people are logging in to use their services, be they employees or customers. Thus, it could well prove popular in the e-commerce and banking sectors as well as for social media and collaboration services. Beyond that, it could easily find a following among enterprises that rely on the provision of safe and secure services both nationally and globally.+
This likely won’t be the last we hear from IBM in the battle against fraudulent actions. Its new Counter Fraud Management portfolio testifies to this, as does its commitment to supporting new inventions within its ranks — evinced by the fact that the United States Patent and Trademark Office consistently ranks IBM as the leading recipient of patents annually worldwide. According to the inventors of this new technology, a company does much better if it holds lots of patents.