Arkose Labs, in conjunction with more than 50 experts from the industry, has created a five-point manifesto to help businesses stop fraud in 2021. The manifesto provides an in-depth understanding of how digital businesses fit into the fraud ecosystem and the action points they can take to stop fraud in 2021 and beyond
The year 2020 was a momentous year that turned the world upside down in a matter of a few weeks. Amid the devastation and uncertainty, a new normal has arrived, which is predominantly digital and where people continue to rely on digital channels for most of their life activities. As digital makes inroads into newer frontiers, fraud has followed suit.
In November 2020, Arkose Labs convened the Bankrupting Fraud Virtual Summit featuring more than 50 experts from the fraud and security space to understand the impact of an unprecedented increase in the number of digital natives on fraud trends for 2021. Unfortunately, it’s not a pretty picture, as trends indicate evolving fraud—with the nature of the attacks constantly changing and fraudsters becoming more creative in their approaches. This means fraud will only become faster, more efficient, and profitable unless urgent action is taken to stop fraud in 2021.
Digital businesses can fight fraud only if they have a clear understanding of the financial incentives and implications of fraud and view fraud prevention strategy as an essential driver for long term growth. To help businesses successfully stop fraud in 2021 while continuing to offer a superlative user experience, we have created a five-point manifesto for stopping fraud in 2021 as detailed out below:
Defending against an interconnected cybercrime ecosystem
Fraudsters are in the business of crime to make money. Therefore, when launching attacks, they must be able to extract profits that outweigh their investments. To this end, they tap into an interconnected and complex ecosystem of cybercrime that offers access to tools, people, and shadow services. Fraudsters use these resources to achieve scale, maximize ROI, and learn from each others’ successes. They share ‘expertise’ and successful attack tactics with their peers in this ecosystem, which then act as building blocks for novel fraud techniques and ensure fraud keeps evolving.
As fraudsters iterate and find inventive ways to monetize abuse, the number of customer touchpoints under attack has proliferated. To prevent abuse across the full spectrum of customer interactions, businesses must improve their ability to spot and defend against attacks. They must look beyond traditional fraud mitigation techniques and prepare themselves to ward off varied attack types—ranging from low-sophistication, high velocity bots, to more nuanced human-driven or hybrid attacks.
To defend themselves and stop fraud in 2021, businesses must understand why and how the fraudsters are attacking them. In the case of bot-driven credential stuffing attacks at scale, they must invest in a solution that will stop even the most advanced malicious automation. However, in cases where humans perform more refined attacks—such as the financial services industry—identifying and burdening these attackers will ensure attacks are disrupted enough so they are no longer cost-effective. All digital businesses must also look to share information and collaborate closely—via industry groups, as well as law enforcement—to stop cybercrime.
Undermining the business model of fraud
Fraud is like any other business where the key motivation is monetary profit. It is a multinational business that targets all sectors and causes damage to businesses and consumers, alike. However, fraud can have far-reaching and serious ramifications when it is used to fund crimes such as terrorism, drug- and human trafficking, and so forth.
In order to stop fraud in 2021 and beyond, it is important to understand the adversary and adopt strategies that focus on undermining the economic drivers behind fraud. The success of fraud depends on several global socio-economic factors, which include the cost of living in a particular geographical area, the strength of its currency, and access to technology, among others. These factors create different incentive levels for committing fraud. When businesses make efforts to nullify the incentives, attacks become non-viable.
Businesses can undermine the financial incentives of fraud by focusing on wasting the time and resources fraudsters spend on an attack. They can use friction intelligently to repeatedly obstruct the path of the attackers while allowing good users in without getting affected. When the cost of attacking a business is higher than the returns, attackers will automatically look elsewhere.
Protecting against the latest abuse and fraud trends
The coronavirus pandemic has opened up new attack vectors as people are spending more time online than ever before. This has provided novel opportunities to fraudsters and forced the fraud departments to revisit their priorities. An unusual surge was seen in chargebacks and friendly fraud, non-delivery scams and price gouging for important testing equipment and PPE kits, card-not-present fraud, and cryptocurrency mining, as fraudsters tried to exploit and monetize the fear around the pandemic.
It is clear that fraudsters set their goals and sharpen attack techniques according to the target industry. Therefore, to successfully stop fraud in 2021, businesses must understand how fraudsters target their industry and how their business fits in to the fraud ecosystem. They can protect themselves and their customers from account takeover attempts by plugging in the holes that leak identity information and credentials.
Businesses must, however, overcome the temptation of free solutions that bots can easily bypass and end up costing more in the long run. Instead, they must invest in strong network security and IAM solutions that help monitor login attempts in real-time and classify traffic into legitimate users, suspected bot, and human-driven fraud attempts. Further, they must use secondary screening to test high-risk traffic with authentication steps designed specifically for that threat type.
Elevating the strategic importance of fraud and abuse protection
For sustained growth in a post-pandemic world, businesses must gain an in-depth understanding of individual customers (KYC) form a powerful basis for identity verification. They can consider a hybrid ‘digital backed by people’ approach that provides customers with a streamlined, efficient service supported by real humans—via phone, video chat, and live chat—as necessary.
However, in an effort to reduce friction for customers during onboarding, businesses have provided fraudsters with the same benefit. Rather than rejecting friction altogether, businesses can use it smartly to ensure sustained growth. They must accurately map risk at every stage and tailor appropriate levels of friction that will help reduce false positives and enable business growth. Further, fraud and risk teams must clearly communicate and collaborate with product, marketing, and strategy teams to collectively pursue the same goals: successful growth, smart risk management, and robust fraud protection.
Even though effective fraud prevention is critical to growing revenue, preserving a good brand image, and maintaining the bottom line, often businesses consider fraud prevention as a cost center. With fraudsters ramping up their resources and scaling up rapidly, businesses must realize the importance of investing in robust fraud and security departments.
To stop fraud in 2021, it is important that fraud teams “get a seat at the table” and explain how strong fraud and security protocols also support marketing and sales functions as safe user experience leads to happier customers and enables new customer acquisition. Further, fraud teams must be able to quantify the savings in dollar terms, for example, if a major bot attack was thwarted; or how an improved user experience improves customer trust and leads to more user interactions and profitability.
Delivering exceptional UX for an expanded digital customer base
The unprecedented influx of new digital users is here to stay—and increase. Businesses must enhance their capabilities to efficiently handle this increased usage without affecting the digital experience of genuine users while remaining vigilant about stopping fraud. Businesses, often, find themselves caught between the competing forces of rising fraud levels and rising customer expectations as consumers demand security, but show little tolerance for any delays or barriers in their digital transactions. Being too heavy-handed or too lenient with authentication can obliterate business and fraud prevention goals, respectively.
A blended approach, which allows using targeted friction to deter fraud without impacting the user experience for authentic users, is what businesses must look for. Friction can be a vital component in the user journey by helping safeguard security, building customer trust, and maintaining reputation.
Instead of using a cheap or legacy security technology that fails to keep privacy and user experience at the forefront, businesses must deploy different levels of screening based on the risk profile, ranging from invisible risk assessments, in-session user challenges, to out of band authentication when absolutely necessary. Businesses must consider investing in a platform that will continuously learn from past assessments to make smarter decisions about who to challenge in the long run. Further, businesses must use machine learning to quickly identify emerging attack patterns while reducing customer intervention rates. This will help stop fraud in 2021 and improve the overall user experience.
Arkose Labs’ manifesto to help stop fraud in 2021
The unprecedented influx of new digital users has opened up innumerable vectors for fraudsters to exploit—in the form of more severe and frequent attacks. We hope our manifesto for stopping fraud in 2021 will help businesses understand the motivations behind fraud, how the global fraud ecosystem is connected, and how they can bankrupt the business model of fraud to effectively stop attacks without impacting good users.
If you would like to know more about how to stop fraud in 2021 or need further guidance on the manifesto, please contact us now.