Monday, January 18, 2021

Does Increased Compliance Mean More Fraud?


Regulations like GDPR and PSD2 are creating an attack shift for fraudsters and alternative methods for them to create havoc. Forter’s CTO Iftah Gideoni discusses how to fight back against fraud with similarly evolving fraud prevention measures.

Today, data is the most valuable asset for consumers, businesses and fraudsters alike. Thanks to the rise in technological innovations, including the cloud, remote work and e-commerce breakthroughs, we now have the ability to do anything, from anywhere, at any time. But there’s also a dark side to this constant connectivity: criminals seeking to exploit personal, sensitive information, ranging from bank account numbers, credit card credentials and even customer loyalty accounts. In fact, according to recent research, fraud attacks on loyalty accounts increased by 89 percent in the past year alone.

In parallel with this data evolution, we are witnessing a growing focus by consumers, enterprises and regulators on the privacy and security of data collected, stored and shared online. Legislatures and regulatory bodies are passing more wide-reaching and comprehensive privacy laws, including Europe’s GDPR, which became binding in May 2018, and the California Consumer Privacy Act (CCPA), which takes effect in 2020. We should expect this trend to only increase; any enterprise dealing with personal data must be able to stand behind its privacy compliance program.

In the European Union, the Second Payment Services Directive (PSD2) came into effect last month. This regulation is intended to democratize access to data and simultaneously protect it through strong customer authentication. Given the complexity of compliance and attendant business implications, the U.K. and several other nations have announced enforcement delays, which vary from country to country. And while this regulation is intended to better safeguard data and payments, it may create headwinds for customer conversion — in fact, as many as half of consumers (49 percent) are likely to abandon online/mobile purchases if faced with a multi-step authentication process as outlined by PSD2.

As regulatory and legislative bodies continue their efforts to protect consumers and personal data, businesses need to build compliance programs that still optimize user experience and customer satisfaction and that take into account the adaptability and ingenuity of fraudsters and cybercriminals.

The Unintended Consequences of Increased Compliance

While both GDPR and PSD2 are intended to protect data, in reality, today’s payments ecosystem is too complex for legislation to predict and guard against fraudsters’ next moves. Making matters worse, online fraudsters are only growing in sophistication. These criminals are shifting their focus from brute-force attacks, where a high quantity of attacks increased the likelihood of a payoff, to investing in higher-quality, targeted attacks, where one attack translates to a larger and more meaningful payoff.

In the case of PSD2, a potential unintended consequence of this regulation is the shift in fraudulent activities outside the EU. PSD2 may make fraud more difficult at the point of transaction in the EU, leading fraudsters to shift to other geographies and attack points outside of the region. Criminals who stop using European data won’t stop stealing; they’ll just start stealing elsewhere.

Privacy regulations like GDPR and CCPA are giving consumers more rights to access and request deletion of their data. This introduces the risk of fraudsters disguising themselves as legitimate actors and demanding all data on their personas be removed. The ability to identify fraudsters as returning bad actors is vital to all fraud-fighting efforts, and the loss of historical data would be a serious handicap to proper prevention.

Fighting Back Against Fraud: Understanding Your Ecosystem

- Advertisement -

One of the most effective ways to combat the unintended risks that regulations like PSD2 and GDPR bring is to develop a deep understanding of your organization’s ecosystem, as well as the users who are a part of it. This includes:

  • A full understanding of good and bad actors, as well as the connections between them, which can provide the necessary framework for protecting an online business.
  • Knowing how your fraud prevention system recognizes fraudulent behavior – for example, can your system detect fraudsters when they return in different guises?
  • Going beyond matching obvious data points such as addresses, names or even IP addresses to instead, match behavioral data and patterns, while using cyber intelligence to piece together unclear elements.
  • Lastly, in order to guard against the risk of geographical fraud patterns, it’s important that your fraud prevention system be sensitive to genuine behaviors within different geographical areas and be able to flag when a user does not match the expected norms for their location.

Fraudsters are becoming ever more sophisticated, so your organization needs to evolve in turn when it comes to fraud prevention. Add to this equation the ongoing challenges and changes that compliance regulations like PSD2 and GDPR bring, and it may create a recipe for disaster.

Make sure your customers and accounts are protected by a system that knows your customer base just as well as you do. It requires flexibility, continuous innovation and an ongoing effort to stay ahead of criminals and to keep up with the evolution in customer behaviors and expectations. However, with constant, accurate and informed protection, you can maintain compliance, security and customer trust.

Source: Corporatecomplianceinsights


Must Read

Samsung Electronics Co. heir Jay Y. Lee was sentenced to 30 months in prison over bribery charges, a dramatic setback for the world’s biggest...
Credit card firm Capital One Financial Corp has been fined $390 million for engaging in what the U.S. government called willful and negligent violations...
European Central Bank President Christine Lagarde took aim at Bitcoin’s role in facilitating criminal activity, saying the cryptocurrency has been enabling “funny business.” “For those...
Consumers should be prepared to lose all their money if they invest in schemes promising high returns from digital currencies such as bitcoin, a City...
The Trump administration on Monday slapped sanctions on seven Kremlin-linked individuals and four entities for attempting to interfere in the 2020 U.S. presidential election. The...

Latest News

Samsung Electronics Co. heir Jay Y. Lee was sentenced to 30 months in prison over bribery charges, a dramatic setback for the world’s biggest...
A Connecticut man has been charged with defrauding investors in an alcoholic beverage company and diverting hundreds of thousands of dollars for his personal...
The prosecution case against three NCAA insiders who bribed families of college basketball players was a slam dunk, a federal appeals court in New...
The Serious Fraud Office today dropped its investigation into allegations of bribery at British American Tobacco’s East African operations but said it would continue...
A former government contractor was sentenced today for his role in a bribery and kickback scheme where he paid bribes to secure U.S. Army...
Enable Notifications    OK No thanks