Fraud represents an asymmetric challenge. A fast reaction time plays an important role in minimizing the attacker’s advantage and the severity of a financial loss.
Take a financial services company where an attacker has compromised a dozen different accounts as one micro example; each account will have different amounts of associated loss from theft, take varied times to be detected as compromised, and be varied in the time it takes to resolve the breach.
A single weakness in security can mean outsized impacts on a company, and because of this, more organizations are beginning to see potential fraud risks as emergencies where harm is imminent, and as with any emergency, agility in response is essential.
In this post, we’ll explore why it is critical to foster a company culture of rapid response when fighting fraud and propose some ways companies can introduce agility into their risk mitigation strategy.
The Cost of Slow Response
In 2017, the FTC conducted an experiment in identity theft, hoping to learn how quickly PII would be used by scammers once it was made available publicly. Over 100 bogus accounts were created with fake names, addresses, phone numbers, email addresses, passwords, and financial account info.
Within nine minutes of data being posted, they tracked over 1100 unauthorized attempts to access email services, use credit cards, and access payment accounts. Unsurprisingly, attackers are quick to use compromised data, hoping to do so before they are detected.
Statistic after statistic also shows that remediation costs post-discovery (fees, interest, labor in investigation, fines, legal fees, external recovery) are often greater than the actual theft by attackers, where in 2018, financial services companies spent $2.92 for every dollar lost in the fraud.
An IBM research report backs this notion, where it found a data breach with a lifecycle (from detection to resolution) of less than two hundred days ($3.74M) was $1.12M cheaper to resolve on average than a breach over two hundred days ($4.86) in 2022.
Fostering a Culture of Rapid Response
Understandably, the numbers above show that truncating the lifecycle of a breach shrinks the costs involved in remediation, as less time and resources are deployed on shorter incidents. Costs shrink even more with a strong incident response plan and a well-trained IR team (~$2.66M per IBM).
Though might there be a way to shrink fraud costs even further or reduce the chances of any cost or risk faced?
In a fraud context, milliseconds matter, and those organizations which continually foster a culture of rapid response to fraud events prepare themselves to move faster than attackers, effectively eliminating vulnerabilities and minimizing the chances of an incident.
Technically speaking, agility in responding to fraud is enabled by quality data, acute visibility into circumstances that invite fraud, and the ability to quickly deploy or iterate risk models and rulesets.
High-quality Data “Ingredients”
In virtually every kind of fraud typology, making accurate determinations on incidents is extremely difficult without a complete understanding of behavioral context.
Many vendors that provide off-the-shelf risk models miss capturing this context to keep their models broadly applicable across industries and fraud types. They do not incorporate device-specific or user-specific fine-grained data (touch points vs. mouse movements or accelerometer readings).
Without nuance in data type collection, behavioral assumptions about users are included in behavioral contexts, giving way to blunt models and guesswork once emergencies arise.
Fine-grained source data reduces guesswork made about users so that decisions during remediation can be made quickly with an actual understanding of users and the circumstances involved.
Real-Time Analytics & Decisions
Once high-quality user data can be collected to understand individual user or fraud context, teams can then display that data in meaningful ways to expound on that context via analytics.
For example, immediately drawing out common behavioral patterns across a subset of users confirmed as compromised is helpful in preemptively monitoring similar users or in finding another heuristic that might be as useful at the moment.
Real-time analytics are useless if the data being analyzed sheds no light on fraud or behavioral context but is incredibly powerful when the data does. Analytics of this kind also allow risk teams to better and fully understand their users on aggregate and ask new questions which may spurn investigation to prevent fraud down the line.
Iterative Risk Models
The last component in fostering a culture of agility and rapid response to fraud is the ability to make adjustments to risk models as needed. Every risk model degrades in efficacy over time, some more than others.
Without the ability to change a risk model and quickly deploy it, teams are beholden to their old rulesets, which might not apply to an attack around the corner.
Being able to change a decision might just be as important as making the correct one in the context of fighting fraud, where attackers exploit a single weakness and incur loss within minutes. Gaps in efficacy also bring about false positives and false negatives, spurning even more costs in remediation and a longer resolution process.
Eventually, a company grows its user base and features and outgrows its risk models. Having the ability to iterate and deploy new rules quickly has benefits over the long term and is essential to moving faster than attackers when the risk calculus becomes too complicated for base sets of rules or third-party engines where change is limited.
Advantages of Agility
Attackers will continuously find new ways to turn single exploits into outsized losses for companies.
For a risk team, staying ahead of attackers doesn’t just mean immediately responding to fraud incidents in real time but also means creating the right data, tooling, and company culture as a foundation for immediate response in the future.