The battle against fraudsters in the digital era has evolved into a never-ending arms race. The tools we use to detect, score and prevent fraud — particularly card-not-present fraud in digital transactions — have improved exponentially in the last half-decade. Unfortunately, the more the good guys refine the defensive tools necessary to lock out fraudsters, the more the vast cybercrime ecosystem evolves the offensive tools they use to force their way in.
And make no mistake, as GIACT’s Chief Experience Officer David Barnhardt told Karen Webster in a recent conversation — cybercrime is not the province of individual actors hiding out in basements attempting to do quick digital snatch-and-grab. These are sophisticated criminal organizations that are methodical, patient and extremely proactive. As of today, 85 percent to 95 percent of synthetic fraud identities are easily slipping past risk detection systems that are failing to flag them.
“They are doing the same things we are: always evolving their tactics to meet the newest technology and offers out there,” he noted. “Whenever a new thing in security comes along, they come out and see if they can beat it. When I was working in banking, we knew for certain that with any new initiative we rolled out, we would be attacked for six months and would have to tweak our approach every day. What they’ve learned is that they don’t have to rob a bank in person — they can do it with malware, make more money and get away with it.”
continue reading »