Recent headlines and cybersecurity reports have shown how the risks are increasing. Fraudsters hack systems to extract personal data so they can bombard customers with phishing scams, or they implant malware into apps so they can access and control smartphones.
We now carry networked computers wherever we go. CSPs must guard against new frauds made possible by the hyper-connectivity of an expanding array of networked devices.
Fraud managers are the intelligence agents of the communications sector, patrolling the wild frontiers of networks and cyberspace, and protecting its heartland.
For many of them their role, however, is more about fraud detection than fraud protection. As quickly as fraudulent activity is recognized and blocked the fraudsters are working on another scheme or variation of an existing one to circumvent the traps.
Their work is real and important. They play a vital role in countering organized crime, and worse – but is it sustainable?
One theory states if you can keep the bad guys out, they can’t hurt you. If regular costumers can access your network and services then fraudsters can too, and they will always find a way through. Balancing security and customer usability is a perennial problem and not one that is easily solved.
Security is not enough
Though our network borders will never be perfect barriers to fraudsters, we must make access controls as effective as possible. However, preventative measures are greatly improved when integrated intelligence is shared between the security and fraud management ‘agencies’ - not unlike national intelligence and security agencies.
Rather than being a lone wolf, a typical intelligence agent works as part of a deep and cooperative web, and that is also true of the best fraud managers.
The intelligence ‘gathered’ by the fraud department may come from very varied sources. Within a single CSP, different departments tend to operate as ‘silos’ collecting and utilizing the data often independently of each other.
That is simply not good enough and plays into the hands of the fraudsters clever enough to take advantage of the gaps. Today, it is essential and possible to pool the combined knowledge resources to become more effective in fraud detection and management. Much the same as national security agencies do.
With so much information to share, technology plays a vital role in eliminating mistakes and reducing bureaucracy, whilst ensuring sensitive information is kept secure and only made available to the people who need to receive it.
If we view fraud management as one intelligence agency in the CSP, then its work is greatly enhanced if it can efficiently access information held by other agencies, both internal (such as the Network Security function) and external (law enforcement authorities, industry organizations, and cybersecurity updates). But having a lot of data is not the same as being able to efficiently use that data.
Rather than depending solely on human judgment, fraud managers today make the right decisions by implementing automated analysis. Timely action is key, and that means combining data with context, to synthesize the right decisions at the right time. And it is that context, determined from information provided by other systems that adds this critical element.
Contextual analysis encourages optimal decisions by repeatedly adding the latest new data to the foundations of accumulated history.
The correct approach is to build intelligent anti-fraud measures upon the foundations of solid security. This is similar to how intelligence agencies and security bodies work together to counter terrorism.