Page 169 - Cyber Defense eMagazine December 2022 Edition
P. 169
adversarial AI, and automate attacks by testing millions of stolen identities in seconds. They use stolen
and synthetic data to open new credit accounts, hijack existing accounts for payment and personal info.
They deploy highly convincing techniques like social engineering to trick users into handing over data
and money, and use stolen card details to make fraudulent payments.
According to one estimate, new account fraud (NAF) in the US surged 109% between 2020 and 2021,
account takeover (ATO) increased 90% and credit card scams rose 69%. Another predicts that payment
card fraud losses alone will exceed $343bn globally between 2023 and 2027.
The problem with point-in-time: the risk of digital snapshots
The challenge for fraud teams faced with this onslaught is that they’re mainly working with first- or second-
generation tools which exacerbate existing operational silos between security and fraud divisions. In
short, attacks span the entire user journey, from browsing and new account creation to logins, payments
and more. Yet security and fraud teams lack full visibility and context. Security analysts might have insight
across all traffic, but without the full context of customer behavior further downstream. And fraud teams
have full business context but only make risk assessments based on single, point-in-time digital
interactions. Put simply, attacks happen across the journey so why is prevention technology currently
point in time?
For fraud and risk specialists, this disjointed approach plays right to their opponents’ strengths.
Fraudsters masquerade as real customers in ever more complex attacks across a business’s digital
touchpoints, safe in the knowledge that risk decision engines will not be able to join the dots between
user information silos to flag suspicious behavior. Even worse, these legacy systems require significant
integration effort and a high level of front and back-end development resource. And they often create
extra customer friction, leading to cart abandonment and churn.
Why understanding risk is a continuous journey
Rather than adopting this point-in-time approach, fraud teams need a way to continuously scrutinize the
digital journey of their customers from before they even land on a site to the second they leave it.
How would this work in practice? The smartest move would be to install these risk-based orchestration
capabilities at the content delivery network (CDN) layer, residing on the network edge. This way
businesses could risk assess all digital traffic from the perimeter edge, rather than via individual API calls
on certain pages of their website. This delivers several advantages around latency, security and privacy.
Data is processed within existing infrastructure; reducing risk and better protecting customer experience.
Making sense of complex data
Once a continuous view of a customer journey has been established, how can businesses best aggregate
this complex and extensive data to make effective and quick risk decisions? One of the challenges of
Cyber Defense eMagazine – December 2022 Edition 169
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.