adversarial AI, and automate attacks by testing millions of stolen identities in seconds. They use stolen
            and synthetic data to open new credit accounts, hijack existing accounts for payment and personal info.
            They deploy highly convincing techniques like social engineering to trick users into handing over data
            and money, and use stolen card details to make fraudulent payments.


            According to one estimate, new account fraud (NAF) in the US surged 109% between 2020 and 2021,
            account takeover (ATO) increased 90% and credit card scams rose 69%. Another predicts that payment
            card fraud losses alone will exceed $343bn globally between 2023 and 2027.



            The problem with point-in-time: the risk of digital snapshots

            The challenge for fraud teams faced with this onslaught is that they’re mainly working with first- or second-
            generation tools which exacerbate existing operational silos between security and fraud divisions. In
            short, attacks span the entire user journey, from browsing and new account creation to logins, payments
            and more. Yet security and fraud teams lack full visibility and context. Security analysts might have insight
            across all traffic, but without the full context of customer behavior further downstream. And fraud teams
            have  full  business  context  but  only  make  risk  assessments  based  on  single,  point-in-time  digital
            interactions. Put simply, attacks happen across the journey so why is prevention technology currently
            point in time?

            For  fraud  and  risk  specialists,  this  disjointed  approach  plays  right  to  their  opponents’  strengths.
            Fraudsters masquerade as real customers in ever more complex attacks across a business’s digital
            touchpoints, safe in the knowledge that risk decision engines will not be able to join the dots between
            user information silos to flag suspicious behavior. Even worse, these legacy systems require significant
            integration effort and a high level of front and back-end development resource. And they often create
            extra customer friction, leading to cart abandonment and churn.




            Why understanding risk is a continuous journey
            Rather than adopting this point-in-time approach, fraud teams need a way to continuously scrutinize the
            digital journey of their customers from before they even land on a site to the second they leave it.

            How would this work in practice? The smartest move would be to install these risk-based orchestration
            capabilities  at  the  content  delivery  network  (CDN)  layer,  residing  on  the  network  edge.  This  way
            businesses could risk assess all digital traffic from the perimeter edge, rather than via individual API calls
            on certain pages of their website. This delivers several advantages around latency, security and privacy.
            Data is processed within existing infrastructure; reducing risk and better protecting customer experience.



            Making sense of complex data

            Once a continuous view of a customer journey has been established, how can businesses best aggregate
            this complex and extensive data to make effective and quick risk decisions? One of the challenges of




            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         169
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.