Voice of the Industry

The rise of RiskOps in 2022

Monday 13 December 2021 09:30 CET | Editor: Alin Popa | Voice of the industry

Ken Jochims, Director of Product Marketing at Revelock, a Feedzai company, discusses how the increasing complexity of digital fraud trends will give rise to ‘RiskOps’ – risk management through a multi-layered approach to fraud – next year

The banking landscape has fundamentally changed. Consumers across the globe are wholly adopting digital banking and ecommerce – according to Feedzai’s 2021 financial crime report, online transactions increased by 109% this year.

However, the USD amount of online fraud has matched this upward trend; the same 2021 report found this type of fraud increased by 23%. The uptick in digital transactions has provided bad actors with the opportunity to scale their operations. However, it’s also true that digital fraud had been steadily rising year-on-year long before the pandemic hit. What’s more worrying now is that fraud and money laundering are increasing despite efforts to safeguard against the heightened danger.

Three main trends that emerged in 2021 and are here to stay 

Part of the issue is that cybercrime is becoming an increasingly sophisticated (and lucrative) illegal industry. Attacks are often the coordinated activities of organised crime gangs, which can operate much like legitimate companies and use advanced technologies to perpetrate crimes. 

As a result, there are three main fraud trends we expect to see top of the agenda next year:

1. Mobile threats have become a dangerous reality

Europol’s Internet Organised Crime Threat Assessment (IOCTA) 2021 demonstrates that mobile threats have become dominant over the past year in the cyber-dependent landscape. 

For example, mobile malware always has been a ‘looming’ – but very much ‘in-the-future’ – threat inhibited by a lack of scalability. Unfortunately, bad actors seem to have finally made a breakthrough in overcoming this problem based on the jump in the number of mobile malware reported by law enforcement agencies over the past year. 

Mobile banking trojans likewise continue to add new tactics and techniques for stealing credentials and other sensitive information as this year comes to a close. For example, banking trojans such as Cerberus and TeaBot are now capable of intercepting text messages containing one-time passcodes (OTPs) and two-factor authentication (2FA) applications such as Google Authenticator.

2. Criminals mix fraud techniques as phishing and social engineering increase

Legitimate personal information has become increasingly available and accessible on social media due to data breaches, making it easier than ever for bad actors to use social engineering to fill in the gaps. 

Armed with this information, bad actors are increasingly using phishing and social engineering techniques to heighten the credibility of their impersonation or hugely improve their chances of success by targeting their attacks, such as in CEO fraud – a type of spear-phishing attack where the attacker impersonates your CEO. What’s more, mobile threats can self-propagate through similar techniques. FluBot – one of the most prolific mobile banking trojans wreaking havoc in Europe and the US – spreads by sending phishing text messages from the infected device to its contact list.

3. Contact centre fraud to proliferate further

Also due in part to data breaches as well as to industry trends such as EMV transition, the intent of the contact centre to deliver positive experiences to customers can also leave it open to exploitation by bad actors. Sitting as it does as an important human link between businesses and their customers, it is a prime target for social engineering techniques. According to an Aite Group report, 61% of account takeover losses can be traced back to the contact centre at some point, and in an increasingly digital age, fraudsters will continue to target it.

2022: The year of RiskOps

Guaranteeing optimal protection against a complex fraud landscape next year will require multiple layers of security, an approach called ‘RiskOps’. Gartner has highlighted the importance of protecting users by collecting and analysing data on every level, including at the device level, behaviour level, historical data, cross-channels and cross-devices, and using server-side analytics, including machine learning.

As Gartner’s payments fraud expert and Senior Director Akif Khan notes, this is particularly important when considering that different channels present different challenges. For example, in online banking, a customer will log in again and again, whereas, with ecommerce, consumers often create new accounts to perform a transaction or conduct guest checkouts.

The upshot is, omnichannel data holds the secrets of truly effective fraud prevention, and the more data you have, the more keys you’ll find to unlock these secrets. Next year, we will see a consolidation of data into single platforms that collect and analyse data across the entire user journey, from onboarding to account activity to transactions. This is the core principle of RiskOps; unifying this information is the best way to continuously protect against the broad spectrum of fraud and money laundering – breaking down data silos for truly effective risk management.

About Ken Jochims

Ken Jochims is Director of Product Marketing at Revelock, a Feedzai company. Ken has over 25 years of enterprise software product marketing experience delivering fraud prevention, customer support, identity and access management, and IT infrastructure solutions to financial institutions and Fortune 1000 companies. Before Revelock, Ken worked for Arxan Technology, Neustar, ThreatMetrix, Guardian Analytics, Genesys, CA Technologies, NeXT Computer, and Apple. Ken received a B.S. in Engineering Technology from California State University, Long Beach. 

About Feedzai

Feedzai is the world’s first RiskOps platform and the market leader in safeguarding global commerce with today’s most advanced cloud-based risk management platform, powered by machine learning and artificial intelligence. Feedzai is securing the transition to a cashless world while enabling digital trust in every transaction and payment type. The world’s largest banks, processors, and retailers trust Feedzai to protect trillions of dollars and manage risk while improving the customer experience for everyday users, without compromising privacy. 

About Revelock

Revelock, a Feedzai company, enables financial services and fintech companies to reveal and respond to online identity impersonation & manipulation attacks without hindering the customer experience. Protecting more than 50 million banking customers worldwide, the Revelock Fraud Detection & Response (FDR) Platform combines behavioural biometrics, network and device assessment with hybrid AI and Deep Learning to create a BionicID™ and continuously Know Your User (KYU), spot bad actors and mitigate risk regardless of the type of attack.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: digital banking, online fraud, mobile banking, cybercrime, social engineering
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime

Industry Events