Combatting Digital Fraud with Security Convergence | F5 Labs
- by nlqip
Even Strong Defenses May Contain Weaknesses
One could argue that fraudsters’ tactics are not novel and that investing in specialized products with machine learning and artificial intelligence should solve the issue of fraud. But somehow fraudsters still manage to outsmart security defenses. In a recent discussion that F5 Labs had with the head of the fraud risk and compliance team at a major bank, a question was posed: Is your product capable of blocking the malicious transactions by itself?
On the surface, this seems like a normal question that any security-minded professional would ask, but the question definitely had a deeper meaning for organization fraud and compliance teams. As fraud is a complicated issue that cuts across various groups in an organization, including governance risk and compliance (GRC), network, security, and application teams. By the time the teams reach a consensus, fraudsters have met their objectives and have moved on to a different tactic or target.
Building on this understanding of organizational silos, the potential for gaming an ecommerce business’s security controls would look like the following:
- Run credential-stuffing campaign using leaked data from credential spills.
- Take over accounts and check for stored payment information and, if needed, add a stolen credit card for payment.
- Purchase expensive luxury items.
The fraudster wins the goods; the retailer loses in the form of inventory, chargebacks, and customer trust. Nike was hit with similar fraud.
In this potential method, the fraudster would cross paths with the information security team and the fraud and risk team and would capitalize on the gap between the two organizational functions:
- The information security team would battle the fraudster’s bot by attempting to block credential-stuffing attacks and has valuable information on accounts being tested, the origin of the request etc.
- The fraud and risk team would get involved after a customer lodges a complaint, when the retailer is hit with a chargeback, or when monitoring system alerts.
By narrowing the barriers between these teams, the fraud and risk team could monitor the accounts and other identifiers flagged by the information security team. This would greatly reduce the likelihood of the fraudster’s success.
Building an Effective Antifraud Platform
Source link
lol
Even Strong Defenses May Contain Weaknesses One could argue that fraudsters’ tactics are not novel and that investing in specialized products with machine learning and artificial intelligence should solve the issue of fraud. But somehow fraudsters still manage to outsmart security defenses. In a recent discussion that F5 Labs had with the head of the…
Recent Posts
- The 10 Hottest Semiconductor Startups Of 2024
- Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
- Healthcare Ransomware Attacks: How to Prevent and Respond Effectively | BlackFog
- Black Friday Versus The Bots
- Over 2,000 Palo Alto firewalls hacked using recently patched bugs