Legacy controls don’t apply to new scammers - The EE

Legacy controls don’t apply to new scammers

Fraudulent activities across various industries have evolved over the last few decades, haunting the legacy controls painstakingly developed by organisations. Typically, it was the institutions like banks and ATMs that required fool-proof cybersecurity.

Now, every industry, and the companies therein, are at stake. Report by Arun Rishi Kapoor, senior lead analyst, Digital Transformation Services, Infosys BPM & Anand Chandrashaker, senior domain principal for Digital Transformation Services, Infosys BPM.

As we move deeper into digitisation, more so in the current pandemic times, the need for more sophisticated controls has emerged. With the advent of emails, mobile phones, online stores, and now BOTs & social media support, there has been a paradigm shift in how companies are delivering an omnichannel experience to the consumers. As more and more virtual channels of communication are added by an organisation, the fraudsters are learning new ways to abuse those channels.

Better customer engagement

This renewed need for superior data security has a direct correlation with the evolving push towards better customer engagement. Battered by fraudulent activities, most of the companies in the retail and ecommerce industry started focusing more on customer-centricity. But the old rulebook to identify and prevent suspicious activities is still in play, which leaves the incumbent players susceptible. Similarly, the legacy techniques and procedures used by telecom and utility space to detect fraud are no longer effective, as fraudsters already know the risk controls. Some of these examples are stated in the table below:

Tech-savvy generation

It is even more challenging to handle the tech-savvy generation that not only understands the workings of technology, but also new age processes of businesses such as Know Your Customer (KYC) protocol, refunds, subscriptions, returns, and so on. Fraudsters often use their social engineering skills to explore products, services, and processes of companies, bypassing the need for investigative homework.

What kind of anti-fraud controls businesses have installed, how are they being implemented, can be gauged simply by looking at product catalogues, client testimonials, press releases, service information, all of which are available at a click of Google search. Needless to say, such information helps fraudsters think ahead and beyond the anti-fraud controls installed, learn on the go, and find new ways to hack. Reviewing of alerts by fraud detection teams is also cumbersome with legacy systems, to say the least, as they are reviewed manually.

A human review is required, but only for suspicious transactions performed by the outliers. To evolve in the ways we detect fraud and deal with it, businesses must put cybersecurity at the centre stage around which an organization’s technology strategy, transformation programs, and budgeting are built. Currently, fraud detection teams stand low on the list of functions integrated with machine learning, statistical algorithmic, or analytics based anti-fraud implementation programs. Customer experience and sales & marketing projects take priority in budget allocation.

Fraud detection team

Recently, scammers posing as members of a bank’s fraud detection team were caught fooling businesspeople and charity organisations in the UK. They convinced their targets that their accounts have been compromised and must immediately transfer their funds to an alternate account the scamsters created in the victim’s name. Eventually, fraudsters ended up transferring huge chunks of money from the victims’ accounts into their own.

Such fraud incidents can be averted easily by combining analytics with behavioral profiling, which can generate alerts on a fraudster’s digital footprint, uncovering new and hidden patterns that legacy systems might have missed.

Improve detection

Clearly, engaging fraud teams at a broader level is crucial to improve the accuracy of detection. Till today, fraud departments work in silos, or with the help of third-party forums/vendors. This disconnect leaves the potential of analytics in understanding consumer behavior untapped, such that teams often stumble in differentiating between legitimate and illegitimate practices by consumers.

Technology integration can help fraud teams to identify all structured (and non-structured data feeds (e.g. social media, surveys, customer care chats, etc.) required for anti-fraud modeling. Advanced technology layer of ML or Statistical modelling, combined with Analytics can empower fraud detection systems to process such huge chunks of data, making it possible to also detect the extent of social engineering skills used by scamsters, and how particularly it can manipulate consumer feelings.

Fraud teams, when integrated with other essentials functions, can also effectively foresee vulnerabilities in, say, customer services or marketing processes, by drawing insights from daily transactions, usage records, and historical patterns. Learning from the actions thus taken, the algorithmic models can help companies drastically reduce false positives, helping organisations define robust processes and create future-ready controls.

The authors are Arun Rishi Kapoor and Anand Chandrashaker of Infosys BPM.

About the authors

Anand Chandrashaker
Arun Rishi Kapoor

Arun Rishi Kapoor is Senior Lead Analyst at Infosys BPM and has 13+ years of experience in telecom, retail and utility industries. He helps develop new and innovative service offerings in digital transformation function of his organisation. He brings process consulting, fraud analytics, service management and strategic view on risk management in his current role. Besides this, he is also involved in writing blogs and research papers on emerging technologies.

Anand Chandrashaker is Senior Domain Principal at Infosys BPM and is responsible for driving growth of Digital solutions across capability areas such as Supply chain and Finance. Also across industries such as Telecommunications, Utilities, Financial Services, Retail and CPG. He has 18+ years of diverse experience in Analytics, Finance, Corporate Planning, M&A, Post Merger Integration and Consulting. Currently, he works with global clients to advise them in all areas Digital – Analytics, RPA, technology platforms – to achieve targeted business outcomes.

Follow us and Comment on Twitter @TheEE_io