Tomer Barel, chief risk officer at PayPal, recently told CNBC he has five fraud predictions for 2016:
- Social networks will help fraudsters get more sophisticated.
Major social networks are becoming more searchable, allowing fraudsters to learn more about their intended targets. This will lead to more successful social engineering attacks as targets will be led to believe they’re interacting with legitimate entities with whom they have an established relationship. Even the strongest network security is only as strong as its weakest link—which often is the employee. Now may be a good time to remind employees of these tips:
- Do not provide data (confidential or not) and credentials via email, chat messenger or phone or in face-to-face conversations with unknown or suspicious persons or entities.
- Avoid clicking on that link to an unknown site in an email. Take a closer look at the URL and the sender’s email address. They may be similar to but not exactly what you anticipate. Check for misspellings, @ signs and subdomains.
- Beware of “baiting,” when an attacker tempts the user with a free or found USB or thumb drive, hoping someone will pick it up and plug it into their computer. Once you do, you’re hacked.
- More fraud will move to mobile.
Fraudsters follow the money, and the money is going mobile with the continued simplicity and popularity of online shopping. Moving to unique identifiers will help; use fingerprint sensors on your mobile devices if available.
- Financial companies will have to do more with less.
You’ve probably seen the TV ad: A customer walks into a store with a mobile phone and makes a purchase with the phone. The transaction is actually “tokenized,” meaning the merchant doesn’t receive any personal or financial information. From the merchant’s perspective, the customer has just made a sale to an anonymous “guest.” Merchants may need to find unique ways to do more with less to verify the customer’s identity; some are moving to fingerprint and facial recognition.
- Advanced machine learning combined with human detectives will be critical for fraud prevention.
As fraudsters take advantage of technology to perpetrate fraud, fraud investigators will take advantage of technology to fight fraud. However, the human touch still will be required. We already use various forms of advanced machine learning and predictive analytics to deal with Big Data when it comes to investigating fraud. But remember that data analytics really just shows patterns. Does the data fit the pattern you’re testing for? What it won’t do is tell you whether that exact pattern, given the circumstances, is fraudulent. That requires a trained fraud investigator.
- Data and advanced analytics will play a larger role in regulatory and compliance efforts.
We’re already seeing it—companies create and warehouse vast amounts of data, both structured and unstructured. Expert mining and analysis of this data can be used to monitor a company’s results with regard to both regulatory compliance and compliance efforts important to management. For example, we can monitor a company’s email using “tone analysis” or “sentiment analysis” to look for signs of pending fraud and corruption. This is particularly useful for companies that have reason to be concerned with the effectiveness of their anti-bribery and anti-corruption efforts, such as those subject to the Foreign Corrupt Practices Act of 1977 (FCPA), the United Kingdom’s Bribery Act 2010 or similar regulations from other countries. We also use this technology in our FCPA investigations and in post-investigation compliance monitoring to help identify transactions and persons of interest.
So technology has both good and bad applications. The goal is to keep the bad from outpacing the good.