Voice of the Industry

Modern online fraud prevention requires a shift in focus from identity to intent

Friday 22 March 2024 11:46 CET | Editor: Irina Ionescu | Voice of the industry

Alisdair Faulkner, CEO at Darwinium, discusses the change in the threat landscape and what payments professionals need to know to efficiently fight fraud.


Identity – confirming that an online entity is who (or what) they say they are has long been the cornerstone of digital fraud prevention. However, a perfect storm of trends – from the rise of mobile payments to the emergence of AI-powered fraud, requires new fraud prevention methods. So, in addition to identity verification, security and fraud teams are adopting measures to determine a user’s intent. 

The shift from identity to intent-based methods in digital fraud prevention marks a significant evolution in how organisations secure digital transactions. Traditionally, fraud prevention strategies have focused on verifying the identity of a user to ensure the person initiating a transaction or accessing a system is who they claim to be. This verification process often relies on static data points, such as passwords, PINs, and even biometric identifiers, as well as digital identity points such as device recognition or location verification. However, as fraudsters acquire or mimic these identifiers, focusing on the intent behind a user's actions creates new avenues for prevention. After all, with many scam typologies, the fraudster is not pretending to be the customer, but tricking them into making a payment on a fully authenticated web session. 

Intent-based fraud prevention analyses the context and behaviour associated with a user's actions. It seeks to understand the purpose behind a transaction or activity, determining whether it aligns with the expected behaviour of the legitimate user. This approach considers a variety of dynamic factors, including transaction patterns, user behaviour, device usage, and interaction with the system.

Cyber-fraud fusion centres help defenders implement intent-based fraud prevention

Security and fraud teams are also innovating how they function operationally. While the two teams are long-time collaborators, new fraud technologies such as deepfakes and scams, including Authorised Payment Push (APP) fraud – which requires real time, targeted actions to discern intent – have expedited the rise of  Cyber Fraud Fusion Centers (CFFCs). CFFCs represent an innovative approach to combating cyber threats. These centres – essentially specialised Security Operation Centers (SOCs) – integrate cybersecurity and fraud prevention teams, tools, and strategies to create a unified defense mechanism. By merging these functions, CFFCs can leverage a broad spectrum of expertise and data to better understand and mitigate threats, including those that conventional systems might not easily detect. 

This pooled knowledge leads to a more comprehensive understanding of advanced AI threats and enables defenders to correlate seemingly unrelated events to identify sophisticated attack patterns. Examples might include bots that bypass the perimeter to inflict damage further downstream, the use of deepfakes for identity fraud, or behaviours that indicate social engineering across a user journey.

Sharing a SOC also enables cyber-fraud teams to assess and respond to anomalies faster and better. CFFCs can analyse vast amounts of data from diverse sources in real-time. This helps in detecting anomalies that could indicate fraud, such as unusual transaction patterns or login attempts that deviate from a user’s normal behaviour. The integration of teams allows for quicker decision-making and response to detected threats. 

Given the rise of deepfake technology capable of spoofing biometric systems, CFFCs can enhance the analysis of other types of biometric data, looking for signs of manipulation or inconsistencies that typical fraud systems might not catch. Beyond traditional biometrics (like fingerprints or facial recognition), CFFCs can also analyse behavioural biometrics, which includes patterns in the way a user interacts with a device (typing speed, mouse movements, etc.). These patterns are difficult to mimic and provide an additional layer of security against spoofing, making them integral for discerning intent. Additional tactics include: 
  • Behavioural analytics analysis: monitoring user behaviour across the customer journey for deviations from their typical transaction patterns. Analysing previous spending patterns, login frequency and time spent on a page, the speed of typing, mouse movements, or navigation patterns.

  • Tailored messaging in-session: implementing live prompts for users, such as requiring them to actively acknowledge the risks associated with specific transaction types, can serve as a deterrent to hasty decisions. Messages that are specific to the session – such as whether the user is making a high-value payment that is unusual for them, could be effective for flagging potential scams.

  • Slowing down payments: introducing delays for certain high-risk transactions can deter fraudsters looking for quick wins and give systems and users time to identify suspicious activity. 

Embracing an intent-focused approach and leveraging the power of cyber-fraud fusion enables payments professionals to better safeguard their platforms and customers against the ever-changing threat of online fraud. Additionally, the better they become at recognising users as they transact, the more they can tailor experiences to them in real-time, such as a VIP offer for a good customer. This approach not only reduces fraud risk, but can also be used to improve the customer experience, making it an important and strategic paradigm shift that can help level a playing field in which fraudsters usually have the advantage.

 



About Alisdair Faulkner

Alisdair is an expert in online fraud, cybercrime, and evolving AI threats, and the CEO and Co-Founder of Darwinium, a leader in next-generation digital security and fraud prevention. Prior to Darwinium, Alisdair was Co-Founder and Chief Products Officer of ThreatMetrix, the world's leading digital identity company. ThreatMetrix was acquired by LexisNexis Risk Solutions for USD 830 million back in 2018.

 


About Darwinium  

Darwinium is a provider of digital security and fraud prevention solutions. Its technology unifies complete visibility of user behaviour  everywhere with the ability to make better risk decisions and take action on real-time evolving threats. Using Darwinium’s platform, businesses can make more accurate, real-time decisions, and take dynamic, tailored remediation that favours the customer and not the fraudster.  For more information, visit www.darwinium.com 


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: fraud management, fraud detection, online fraud, identity fraud, cybercrime, cybersecurity, behavioural biometrics, biometrics, biometric authentication, deep fake, artificial intelligence, transactions , transaction fraud, generative AI, APP fraud
Categories: Fraud & Financial Crime
Companies: Darwinium
Countries: World
This article is part of category

Fraud & Financial Crime

Darwinium

|
Discover all the Company news on Darwinium and other articles related to Darwinium in The Paypers News, Reports, and insights on the payments and fintech industry: