Cybersecurity: Better solutions to combat savvier cybercriminals

This article first appeared in Enterprise, The Edge Malaysia Weekly, on August 13, 2018 - August 19, 2018.
-A +A

Security breaches involving identity theft, phishing, malware or fraud can damage the reputation of the companies responsible for protecting customer data. That is why safeguards are a must and not a “nice to have” for every business.

However, not many companies invest in such measures. Instead, they rely heavily on legacy solutions, says SAS vice-president of fraud and security intelligence Stu Bradley.

This can be a problem in a number of ways, especially as businesses today are more agile in introducing new services or products, he adds. “Over the past few years, a lot of companies have tried to develop services and capabilities that are ‘first in the market’, hoping to better serve their existing customers and acquire new ones more quickly. Typically, fraud detection is only an afterthought, which puts a lot of pressure on the security function.

“Only after rolling out the service do they consider the overall risk of the new application and how they can secure it. If their legacy fraud detection technology cannot keep up with the new services and products they are launching, the companies will struggle to maintain their footprint in the market.”

Greater fraud-detection solutions are needed as cybercriminals are becoming as savvy and professional as the businesses they attack, says Bradley. “Enterprising criminals — or those who combine illegal activity with a legitimate business environment as a front — are becoming more organised and technologically sophisticated. Thus, the analytical tools used to thwart their schemes must outpace their advances.”

Bradley was speaking on the sidelines of the SAS Global Forum 2018.

Recognising the need, SAS introduced its new global fraud and security intelligence division, which aims to better detect and combat the ever-present threat of fraudsters and hackers. According to Bradley, fraud and security intelligence has been one of SAS’ fastest growing areas over the last decade. So, the new division will strengthen the company’s cybersecurity portfolio.

“We want to meet customers where they are in their analytics journey, particularly as they adopt technologies such as artificial intelligence, the Internet of Things and cloud computing. With SAS, they will be even better equipped to break down data silos, adjust to shifting regulations and safeguard against present and future risks,” he says.

There is a growing number of fraud victims worldwide. According to PwC’s 2018 Global Economic Crime and Fraud Survey, 49% of the companies said they had been victims of fraud or economic crime over the past two years compared with 36% in 2017.

At the same time, there is increasing awareness of such issues as almost half (42%) of the survey’s respondents said they had increased spending to combat fraud and economic crime in the past two years, having a higher allocation for more powerful technology and data analytics tools to fight fraud.

SAS looks at a wide range of fraud cases, with the four biggest sectors affected being banking, government, insurance and healthcare. Within the banking space, it offers solutions to combat financial crimes of all payment types, monitors anti-money laundering activities, implements know-your-customer (KYC) and customer onboarding as well as manages cybersecurity risks within a corporate infrastructure.

“Back then, we only had cheques and credit cards. Now, banks offer a wide range of services such as online banking, mobile payments and digital wallets. These, unfortunately, have created new opportunities for fraudsters who want to gain access to the banks’ or their customers’ funds, which is why they need to enhance or replace their legacy fraud solutions,” says Bradley.

SAS has a wide range of solutions for governments as it serves a multitude of agencies. Its biggest businesses are government healthcare programmes, such as Medicare and Medicaid in the US. “We also work with government tax and revenue departments on personal and business income tax. We look for misfiling, return fraud, repair fraud, value-added tax (VAT) carousel fraud and a slew of others,” says Bradley.

Return fraud occurs when customers return stolen goods to retailers while repair fraud is when home contractors or auto repair shops deliberately cause more damage to defraud their customers and insurance companies. VAT carousel fraud occurs when fraudsters import VAT-free goods from other countries and sell them to domestic buyers with the tax included.

SAS is able to develop comprehensive, cross-channel customer risk profiles using entity link analysis to identify complex patterns of behaviour and suspicious associations among customers, accounts or other entities. “Customers’ behavioural profiles — something as granular as how they navigate, where they tend to click on the screen, how they type on the keyboard and how they use abbreviations — can be seen as fraud indicators,” says Bradley.

“For example, if someone has taken over my account by somehow obtaining my username and password, they will navigate through the website and use the keyboard differently from me. By looking at this personal behavioural profile, we are able to assess whether someone has potentially taken over that particular account.”

Consuming new technology is not cheap. However, Bradley says companies that enhance their fraud detection abilities not only reduce their losses but also streamline their processes, optimise operations and increase productivity. According to the Association of Certified Fraud Examiners, a typical organisation loses 5% of its annual revenue to fraud. That means trillions of dollars in losses worldwide each year.

Recently, there have been more discussions on how blockchain — the shared ledger technology that powers cryptocurrencies — can help reduce and even prevent fraud through greater transparency. As it is an immutable record that can only be validated through consensus among a network’s participants, it is very difficult to manipulate the blockchain.

Blockchain-based start-up Everledger, for example, uses the technology to track the provenance of luxury items. Using an inscribed serial number linked to a diamond’s myriad attributes, which are recorded on blockchain, the company helps banks, insurers, open marketplaces and consumers to ensure that the diamonds are authentic and have been obtained through reputable means.

While Bradley thinks blockchain technology can add a lot of value in preventing fraud and securing data, he says it is still early days yet in terms of determining how it can be applied. “I think the technology will certainly have a bigger role to play as we move forward and SAS is looking at how it can be applied. The downside, however, is that it also supports the cryptocurrency marketplace. There are some major challenges from an illicit behaviour perspective that need to be resolved,” he adds.

“I know that there are a lot of discussions going on at the federal level in the US and other countries on how they can better control and regulate the area to ensure that it is not fostering and supporting criminal activities. So, hopefully, there will be a clearer regulatory stance going forward.”