The risk landscape is evolving faster than ever before, and disruptive changes are happening everywhere in the industry. Mobile and other cardless payments are gaining significant traction. Open banking is seeing increased momentum. Finance is increasingly moving to the cloud. With these evolutions come new authentication approaches such as 3DS2. Many other changes are looming over the horizon, all of which will fundamentally change fraud, and how we fight it. As the industry evolves, so do its bad actors. With the widespread availability of cloud services with free tiers and sign-up promotions, it is now easier than ever for criminals to rapidly spin up multiple servers and conduct attacks at scale. Cloud-based machine learning platforms are increasingly accessible, making advanced technologies available for abuse. What does this all mean for fraud risk? One thing is certain: new and previously unknown patterns of fraud, abuse, and crime will continue to emerge. As with previous waves of change, these changes will initially disrupt the status quo, increasing fraud in some channels but reducing it in others. Conventional wisdom suggests that this cycle of disruption is inevitable. That may be so, but that doesn’t mean we can’t develop a response that will consistently stay ahead of the changes. The truth is, we can, and we have. An Anti-Fraud Strategy for the Next Decade Defining a fraud strategy that can accommodate continuous change is no easy task. As fraud experts know, the only thing constant is change when it comes to fraud. This truth is complicated all the more by the fact that our adversaries are human beings who can evolve and refine their techniques over time. By definition, there exists no such thing as a single static fraud system that can stand the test of time. However, it is possible is to design and implement a system that can respond to change virtually as rapidly as it happens. Doing so achieves the ultimate goal of fraud prevention: disincentivization. The speed and adaptiveness with which you can respond to new and emerging threats will not only limit your financial loss, but it will also protect your business from being targeted by criminals in the first place. Fraudsters are generally very pragmatic when it comes to both techniques and targets. Inevitably, they will gravitate towards whatever scheme will net them the most illicit revenue for the least amount of time and effort. If you can minimize the financial loss resulting from each fraud scheme, this will also minimize the fraudsters’ gains and discourage them from targeting you again. The result is a virtuous cycle—the better your fraud system is at quickly detecting and shutting down new schemes, the less likely you are to be targeted in the future. Here are three tips on how you can implement a fraud strategy that enables you and your team to react rapidly to emerging fraud channels, patterns, and techniques. 3 Tips for Adopting a Fraud Prevention Approach for the Long Term 1. Invest continuously in data infrastructure With fraud detection, everything starts and ends with data. Whether you are using a rules-based system or advanced machine learning, your ability to identify fraud is entirely dependent on whether you have the infrastructure in place to collect and compile relevant signals from various data sources. Even if you are not able to leverage every signal, it is it better to make the investment today so that you are better equipped when you are ready to make use of the data. Is there a new product launching next month? You should have data collection in place from day one. Are you working with external vendors that provide fraud and risk signals? Make sure that you are not only using the signals at the time of decision, but also storing the signals for future reference. All stored data should be easily mapped back to the original customer, account, and event so that there is no confusion later as to what each attribute represents. The single most important infrastructure to have in place is a data pipeline to collect and join together data from your various data stores. For the best fraud detection, customer profile data, transaction data, web and mobile access data—along with additional customer touchpoints and 3rd party signals—should be combined to construct a holistic customer profile. Additionally, you should make sure that the data being stored is relatively clean and free of errors. Machine learning, in particular, relies heavily on historical data to generate features and train models. In traditional slice-and-dice analytics, data issues can reveal themselves with sufficient exploration. However, machine learning models can be more of a black box where the cause of the subpar model performance is often difficult to trace back to a specific data issue. As the old adage goes, “Garbage in, garbage out.” Machine learning is no exception. 2. Make sure your fraud technology stack is adaptive and future-proof Gone are the days of buying a monolithic platform and expecting it to serve your needs over the next five years. With the pace at which both fraud and technology are advancing, you can consider yourself lucky if the platform requirements have not changed significantly between the time that you purchased the platform, and when the implementation is complete, and the platform goes live. Fraud systems being built today must be architected for change, with the expectation that data sources, detection algorithms, business logic, and infrastructure needs will be subject to ongoing upheaval. Does the system allow you to add or replace components easily as business requirements evolve? Can you easily incorporate additional signals to enhance detection over time? Are you able to leverage the latest open-source machine learning models? How quick and easy is it to build a solution for a new fraud use case? These are all questions that should be asked when evaluating how future-proof a fraud platform is. Over time, the flexibility and adaptability of your fraud technology will make a huge difference in how quickly you can identify and respond to new fraud use cases. 3. Consider new fraud pattern discovery to be a core capability Fraud is ever-changing by nature, and new fraud patterns and techniques are being tested and used by bad actors every day. Historically, new fraud patterns were discovered only after the fact, when the damage had already been done and customers impacted. However, this kind of reactive approach is clearly not ideal—some types of fraud such as credit card application fraud will only surface months after the originating event, which means that hundreds or thousands of similar cases may have slipped through the cracks before an alarm is sounded. What is needed is the ability to proactively identify new patterns of fraud prior to damage spreading—ideally before any damage is even done. Such a capability is impossible to achieve using rules-based or supervised machine learning systems. As these types of systems rely on historical data to validate rules or train models, by definition they are optimized for identifying fraud that is similar to historical cases. The alternative is technologies that are designed to catch new and unknown fraud patterns. One example is DataVisor’s unsupervised machine learning, which can detect new types of fraud with high precision by identifying suspicious correlations across users and accounts. You should consider the ability to detect new and unknown fraud to be an integral component of a modern fraud system. This is important not only from the perspective of limiting your loss—successful fraud attempts on your business encourage criminals to target you again and again, changing up techniques each time. It’s only when they fail, that they cease. Taking the Fight to the Fraudster The fight against fraud is a marathon and not a sprint, and minimizing your long-term damage requires you to make the right investments today. In order to take the fight to the fraudster, continuously putting out fires is not enough—the fraudster will simply keep on making adjustments to their techniques to evade detection. Instead, what is necessary is to put in place a system that will enable your team to identify and respond to emerging attacks as rapidly as possible. If you can make it prohibitively expensive or time-consuming for bad actors to crack your system, while simultaneously limiting the illicit revenue they can obtain as a result, the criminals will naturally gravitate away towards easier and more lucrative targets. With such a system in place, there is nothing to fear from change, now or in the future. At DataVisor, our proactive solutions are built to ensure maximum agility over time. Reactivity is a doomed approach from the start. As our CEO and co-founder Yinglian Xie is fond of saying, “If you’re just keeping up, you’re already behind.” We may not be able to forecast fraud’s next move, but with a comprehensive fraud management solution like dCube in place, we can ensure that the moment a storm begins to gather force, we’ll know it. With that knowledge, we can put up defenses that will neutralize the attack before any damage can occur. Most importantly, we can do it again, and again, and again. View posts by tags: dCube | fraud | Fraud Management | fraud prevention | fraud strategy Related Content: AI-Powered Solutions, AI-Empowered Clients Defeating Mass Registration with Unsupervised Machine Learning 3 Keys to Fraud Detection for the Modern Wave of Sophisticated Fraud Stay up-to-date on the latest fraud insights and intelligence. Thank you for subscribing.