Roberto Valerio, CEO of leading fraud prevention software company Risk Ident, outlines the threats that businesses will face and the strategies that will keep them safe in 2017.
Online fraud made the headlines for a number of reasons in 2016. We saw a 17-year-old sentenced for stealing 21,000 customer account details, nearly bringing down a UK national broadband provider, and the first pan-European ecommerce fraud operation, culminating in the arrest of 42 professional fraudsters.
But these are small victories in the context of the broader fraud landscape. Fraud is now one of Europe’s most prevalent crime, and consumers in the UK are now 20 times more likely to be robbed online than on the street.These trends are receiving huge amounts of press attention and customers are growing more anxious about sharing their personal data. In 2017 it is critical that online businesses protect their reputations and revenue by using effective fraud prevention. Here are my top trends to look out for:
- Mobile-first shopping
A recent Visa report estimated that the number of Europeans regularly using a mobile device for payments tripled between 2015-2016 (54% vs 18%).More than ever, Europeans are making the most of in-person, online and in-app digital payments. However, so are fraudsters.Technologies such as device fingerprinting can detect which devices fraudsters are using and block transactions originating from these sources. Fraudsters will often try to counter this by using multiple portable devices, alongside other masking techniques. These techniques can sometimes avoid fraud alerts but fortunately a combination of device fingerprinting and machine learning can help merchants to access a much more complete map of the fraudsters activities and limit the damage they can cause.
- Data breaches will intensify
In 2016, we saw one of the biggest data breaches in history. Yahoo revealed that sensitive data from more than 1 billion user accounts had been compromised, creating huge repercussions for the business and its reputation. In the UK, telecoms company TalkTalk was fined a record amount by the authorities for failing to apply “the most basic cyber security measures” for 150,000 customers. Looking to 2017, we can expect to see private and state-sponsored hacking continuing to target private user information, including names, telephone numbers, email addresses, passwords,dates of birth and security question answers.Threats such as these are a matter of survival for online businesses and it is imperative that the industry has the correct measures in place to identify attacks early and minimise the damage caused.
- Social media weaknesses will come to the fore
Today’s internet users have an average of 5 social media accounts, each containing different segments of their lives and crucial nuggets of personal information. Fraudsters have become highly adept at putting together these pieces of information to entire identities which can be easily misused or to break into existing online accounts. Fraudsters often use advanced technologies to achieve this but sometimes little technological expertise is needed, as they can simply take advantage of internet users sharing too many details online.Social media users need better education on the use to which fraudsters can put seemingly harmless information.
- Identity theft will feed an account takeover rise
An average of five social media accounts spreads our defences thinly but when we look at our wider online lives, the problem becomes far more significant. We have a lot user accounts, each containing our personal details and most secured by a memorable password. The temptation to re-use passwords or simplify them to make them easy to remember is understandable but fraudsters are aware of this weakness and are on-hand to exploit it. For example, shopping on the black market in the dark corners of the web, fraudsters can buy usernames and passwords and use them to try multiple other accounts online. In 2017, we can expect these strategies to evolve, and customers with weaknesses in their online security may find themselves victim to hugely comprehensive attacks.
- Bots will be a big challenge
Smart software is highly effective at generating bots and wreaking general havoc whether that be through generating spam, vandalising information on Wikipedia or influencing opinions on social media. Fraudsters have devised a number of ways to make use of bots. For instance, in the ticketing industry, bots can order tickets en-masse before selling them on at a hugely inflated price. In 2017, we can expect to see the number and effectiveness of bot attacks increase sharply.
- Machine learning and artificial intelligence will be even more important
More and more businesses are already capitalising on the scalable benefits of machine learning technology. Research into fraud prevention is revealing new uses to which the technology can be put and the difference it can make to online security. As the evolution of artificial intelligence continues, systems will improve steadily and security with it.
However, itis important to recognise that technology alone is insufficient. A human being with years of experience fighting fraud can never be replaced by a machine, but a combination of the two entities can produce extraordinarily accurate results. If managed properly by a knowledgeable fraud manager, modern machine learning technology, based on a data science approach, is able to recognise changing patterns and irregularities in datasets. It learns from the data it processes to continually create new models and better, constantly evolving algorithms that help online businesses stay ahead of the fraudsters.
Increasingly sophisticated fraudsters commit fraud with the help of machines; we must do the same to counter them. By constantly feeding artificial intelligence, online businesses can grow a scalable, accurate and consistent defence and ensure their business’s security in 2017.
About Roberto Valerio:
Roberto Valerio is founder and CEO of RISK IDENT, a software development company specialising in fraud prevention and credit risk evaluation based on machine learning. He plays an active part within the fraud prevention community and he is a member of the European Advisory Board at the Merchant Risk Council. Beforehand he founded and worked within different management roles for software startups. He has a background in business administration.