“…they never attack the same place twice. They were testing the fences for weaknesses, scientifically. They remember.”
This quote is from the 1993 film Jurassic Park, where Robert Muldoon (played by actor Robert Peck), is explaining the intelligence of velociraptors enclosed in a state-of-the-art compound….
Cybercriminals aren’t physically confined in compounds, but they do have advanced technology at their fingertips, and they act in exactly the same way: testing your defenses and looking for weaknesses in your technology, processes and colleagues.
They do this by building a picture of you, like a jigsaw puzzle, determining your fraud strategy piece by piece. They’ll start at the edges, looking for quick wins… then they move to the center, perhaps seeking help from cohorts on the dark web offering guides on general jigsaw puzzles, or even the specific one you have.
Suppose we take away the puzzle box with the picture on it so they have no reference. Then we hide some of your pieces and throw in a couple from another puzzle…. By dynamically changing your strategy, your puzzle becomes harder to complete and the criminals must keep starting over, getting frustrated and eventually moving on to easier prey.
Letting cybercriminals through (but ring-fencing them along the way) means that more info can be obtained from them. With more data points available, machine learning, behavioral biometrics and other defenses become more effective because there is a more holistic view of specific criminal behaviors. Then, by comparing those behaviors with genuine customer activity, you become more effective at stopping crime and reducing false alerts.
Causing more friction is usually the last thing financial institutions want, however by increasing friction for fraudsters, you reduce their ROI, make them change their MO and ultimately become more desperate. And desperate people make mistakes.
About the author:
Steve has worked within the fraud and payment industry for over 14 years, in the banking, travel and retail space. He has worked closely with merchants advising on fraud strategies as well as running operations teams. He has worked with Banks and PSPs globally in product management roles, leading major development initiatives to deliver solutions to external customers.
Mark has worked within the fraud and risk industry for over 18 years, he has experience working with the UK’s largest banks and acquirers. This extends from setting up operational fraud teams to overseeing fraud strategies and loss management.
Mark’s has been responsible for fraud teams specialising in card, telephony and digital payment fraud in the retail and commercial sectors. He has lead strategic transformations by introducing new fraud technologies, where he has enhanced fraud and customer experience strategies.
More from Steve:
Do you stop fraudsters in their tracks, or lead them down a path to tip them off to your methods?