June 19, 2019 - Priya Rajan

React, or Prevent? Why Organizations Must Embrace A Proactive Approach To Fraud Management

The increasingly rapid emergence of new tools and technologies—and the ready access to them which fraudsters enjoy—has enabled bad actors to adjust their techniques and approaches with unprecedented speed and finesse.

In the June edition of their Digital Fraud Tracker, the editorial team from PYMNTS used an unexpected metaphor to describe what it’s like to battle modern fraud, and to make vivid the realities of modern fraud management:

“Stopping digital fraud is a lot like playing whack-a-mole: as soon as one fraudster is caught, two more pop up where they’re least expected.”

The description is apt, as it vividly illustrates the agility of the modern fraudster. The increasingly rapid emergence of new tools and technologies—and the ready access to them which fraudsters enjoy—has enabled bad actors to adjust their techniques and approaches with unprecedented speed and finesse.

The Shortcomings of Speed

The metaphor is also helpful in that it affords an easy way to enunciate the importance of adopting a proactive approach to fraud management. In a game of whack-a-mole, moles appear at random from different holes across the landscape; as a player, your job is to use your mallet to “whack” them before they return below the surface. You’re ultimately doomed to fail in the game because no matter how fast you play, the moles eventually outpace you.

In the real world of fraud management, speed—on its own—is a doomed power as well. No matter how fast you respond, fraudsters will find ways to move faster, and at the end of the day, you’re still in reactive mode. They act, you respond. That’s not fraud prevention. That’s just damage control.

This is why a proactive approach is so critical. The proactive approach to whack-a-mole would be to stop the moles from ever appearing in the first place.

If You Are Only Keeping Up With Fraud, You Are Already Behind

DataVisor Co-Founder and CEO Yinglian Xie spoke about proactive fraud prevention at length in a new interview with Financial IT:

“If you are only keeping up with fraud, you are already behind. Both rules-based and supervised machine learning-based approaches are inherently reactive, and as such, can only identify known fraud. So they help, but they can’t do everything. To meet emerging threats and prevent fraud before damage occurs, organizations must be able to accurately identify unknown fraud types as well. Unsupervised Machine Learning (UML) offers fraud teams a new superpower—the ability to deploy highly accurate detection models without the requirement of historical data or preexisting labels. This approach can feed into an overall strategy that prioritizes holistic analysis and contextual detection. It is important to look at events as a whole as opposed to reacting to them one at a time, and businesses must be empowered to discover the clandestine correlations and patterns that signify fraudulent attacks before they’re unleashed.”

Proactive Fraud Management At The Modeling Level

Proactive fraud prevention is a concept, but it’s also something that can be applied in very tangible and tactical ways. A recent product announcement highlighting new enhancements for dCube—DataVisor’s flagship fraud management solution—offers a look at how our tools and capabilities continue to advance the practice of proactive fraud prevention:

“Just as proactive detection and automated model development represent a quantum leap forward from legacy fraud solutions tethered to labels, rules, and manual review, these enhancements further push the envelope by introducing an intelligent optimization mode that offers access to a wide range of additional parameters to further precision and recall. Teams can now tune fine-grained model parameters including feature similarity threshold, cluster size, correlation features, and more.”

The Account Incubation Use Case

Account incubation is a particularly vexing fraud problem, and it’s only through proactive detection that it can be solved. A new article from CyberScoop titled “When Your Apps Are Dormant, You Become A More Likely Target For Crooks” explores current challenges with account takeover fraud (ATO) and includes proprietary research from DataVisor on how ATO attacks take advantage of account dormancy to hijack accounts for malicious purposes. The article also notes the role incubation plays, particularly as it applies to social platforms:

“It’s different for social media accounts, where hackers can afford to linger for some time before they risk exposing themselves by taking action. In one large attack, DataVisor found, 81 percent of the compromised accounts started posting spam and attempted scam messages three weeks after initially logging in. Researchers dubbed this technique “account incubation,” a method that’s especially hard to detect because scammers’ activity may have mingled with the true account owner.”

Proactive Fraud Management for Social Platforms

Momo, a DataVisor client, is a revolutionary mobile-based social networking app that enables users to chat and meet with people nearby. It is one of the largest social platforms in China, with more than 290 million users. Our work with Momo has involved directly confronting the challenges associated with account incubation. The following is an excerpt taken from a recent case study highlighting the success Momo has achieved since adopting a proactive approach:

“DataVisor was able to detect these “sleeper cell” accounts at their incubation stage to prevent damages. This early warning system resulted in a dramatic reduction of spam, illegal commerce, phishing, prostitution ads and account hijacking for Momo so they could keep the focus on their core business and continue the rapid expansion of their user base.”

React, or Prevent?

In a game of whack-a-mole, the ending is foreshadowed; eventually, the pace is too fast, and the player cannot keep up. This is not unlike what we are seeing today as bots become an increasingly omnipresent fixture of modern fraud. Here is Yinglian Xie again, from her Financial IT interview:

“Bot-powered fraud is supremely challenging to detect and even harder to prevent. Attacks are often massive in scale and can adapt very rapidly. So the question isn’t whether your organization can afford to invest in prevention. The question is, can you afford not to?”

It comes down to a simple choice. React, or prevent?

about Priya Rajan
Priya Rajan is CMO at DataVisor. She is a highly-regarded leader in the technology and payments sectors, bringing more than two decades of experience to her role. She has previously held leadership roles with high-growth technology organizations such as VISA and Cisco, and Silicon Valley unicorns like Nutanix and Adaptive Insights.
about Priya Rajan
Priya Rajan is CMO at DataVisor. She is a highly-regarded leader in the technology and payments sectors, bringing more than two decades of experience to her role. She has previously held leadership roles with high-growth technology organizations such as VISA and Cisco, and Silicon Valley unicorns like Nutanix and Adaptive Insights.