Posts By :

Stuart O'Brien

FRAUD DETECTION MONTH: Identifying vulnerabilities in UK online retail
By:

For senior e-commerce and payments security professionals, vigilance is paramount. The ever-evolving landscape of cyber threats necessitates a proactive approach to identifying and mitigating vulnerabilities. This article explores strategies to conduct a thorough internal risk assessment, helping you fortify your online store’s defences against fraudsters...

Why Internal Risk Assessments Matter:

While external penetration testing uncovers exploitable weaknesses from a hacker’s perspective, an internal risk assessment delves deeper. It allows you to proactively identify security gaps within your own systems and processes. By understanding your specific vulnerabilities, you can prioritize security measures and resource allocation effectively.

Conducting a Comprehensive Internal Risk Assessment:

  • Assemble a Cross-Functional Team: Engage a team with expertise in IT security, payments processing, fraud prevention, and e-commerce operations. This holistic approach ensures a comprehensive evaluation.
  • Inventory Your Systems and Data: Create a detailed inventory of all systems and data stored within your e-commerce environment. Identify the location, purpose, and access control mechanisms for each component.
  • Map the Customer Journey: Trace the entire customer journey, from product browsing to checkout and order fulfillment. Identify potential points of vulnerability where sensitive data, like customer information or payment details, might be compromised.
  • Review Security Policies and Procedures: Evaluate the effectiveness of your existing security policies and procedures. This includes user access controls, data encryption protocols, and incident response plans.
  • Test System Functionality: Conduct simulations of potential attacks (e.g., phishing attempts, payment card theft) to gauge your systems’ resilience and identify areas where security measures can be strengthened.

Identifying Your E-commerce Fraud Susceptibility:

Building on your internal risk assessment, hone in on the specific types of fraud your e-commerce platform might be vulnerable to:

  • Account Takeover (ATO): Assess the strength of your customer authentication protocols. Are two-factor authentication and strong password policies in place?
  • Payment Fraud: Review your payment processing procedures. Are you implementing fraud detection tools and collaborating with reputable payment gateways?
  • Content Scraping: Evaluate your website’s security measures to prevent automated bots from scraping product information and pricing data.
  • Chargeback Fraud: Analyze your customer order fulfillment processes. Are there clear and transparent return and refund policies in place to minimize frivolous chargebacks?

Beyond the Assessment: Actionable Strategies

  • Prioritize Security Vulnerabilities: Based on your risk assessment, prioritize the vulnerabilities that pose the most significant threat to your business. Allocate resources accordingly for remediation efforts.
  • Invest in Security Awareness Training: Regularly train your employees on cyber security best practices. This includes phishing email identification, password hygiene, and reporting suspicious activity.
  • Stay Informed of Emerging Threats: Subscribe to security advisories from relevant organizations and industry publications to stay abreast of the latest cyber threats and update your defenses accordingly.

By conducting a thorough internal risk assessment and implementing these strategies, senior e-commerce and payments security professionals in the UK can proactively identify and address vulnerabilities. This proactive approach will bolster your online store’s defences, fostering a secure and trustworthy shopping environment for your customers.

Remember, a robust security posture requires ongoing vigilance and continuous improvement. By staying a step ahead of fraudsters, you can safeguard your business and maintain a thriving online presence.

Are you looking for Fraud Detection solutions for your organisation? The Fraud Prevention Summit can help!

Photo by KOBU Agency on Unsplash

The Costs of Inaction: Why sticking with outdated SAP systems is risky business
By:

In business technology, the SAP systems that once drove efficiency and innovation within industries can become outdated as the demands of businesses evolve over time. Originally implemented as cutting edge solutions in their day, these systems may now only be seen as ‘fit for purpose’, or ‘getting the job done’ in the present. Choosing to maintain the status quo with a business’s SAP system means accepting limitations that could ultimately hinder growth. As industries approach extended maintenance phases, the perceived low Total Cost of Ownership (TCO) of maintaining current systems may seem appealing. However, in this context, this inaction comes with unexpected costs that are not immediately visible on financial statements, as Eilidh Semple, Senior Account Manager, Absoft, explains below...

The Hidden Costs of Maintaining Outdated SAP Systems

While the upfront cost of upgrading SAP systems can appear daunting, the consequences of not doing so are often far more significant. Businesses that delay upgrades to key elements of the system risk accumulating what is known as technical debt – time that is owed to IT systems, resulting in teams skirting the issue and finding workarounds, rather than addressing the heart of the problem. In the context of SAP systems, this takes the form of a backlog of necessary updates and maintenance to its essential systems, resulting in stifled innovation, and reduced system agility to adapt to client demands. 

Consider a scenario where a business runs on outdated software. While it may seem stable initially on the surface, it misses out on opportunities for efficiency gains and competitive advantage. Perhaps more concerningly, running on outdated software presents further cybersecurity challenges too. Recent data from the Information Commissioner’s Office (ICO) shows that more businesses are experiencing security breaches now than ever before, with almost a quarter of the over 3,000 breaches reported in 2023 (22%) occurring in finance, highlighting the scale of the problem. More recent findings from the National Audit Office (NAO)show that the inefficiency problem is also prevalent within the UK government, which invests heavily in maintaining legacy systems that deliver poor quality data and drive up service costs.

Operational Inefficiencies and Economic Impact

Beyond technical debt and cybersecurity concerns, operating with outdated SAP systems can also significantly impact efficiencies and incur higher economic costs. According to Forbes (2024), businesses that delay upgrading their software systems face escalating costs in maintenance and support. This additional spending is compounded by decreased operational efficiency, stemming from software limitations that hinder streamlined processes and overall responsiveness to key clients and projects.

Outdated systems are also prone to higher maintenance costs due to the need for specialised support in the event of system failures, which can disrupt business operations further. Moreover, the inefficiencies introduced by outdated SAP systems contribute to higher labour costs, as employees spend more time navigating workarounds and managing outdated interfaces, rather than focusing on value added tasks. These outdated systems also limit scalability and agility, both of which are essential attributes for business aiming to adapt swiftly to market changes and scale operations efficiently.

The Path Forward: Strategic System Management

Recognising the risks associated with inertia is the first step towards mitigating them. Proactive management of SAP environments ensures that businesses remain aligned with their strategic objectives and remain able to deliver projects well and on time, fostering agility, innovation, and sustainable growth. However, a significant part of this is investing in the right upgrades at the right time. It is about maximising Return on Investment (ROI) by leveraging modern technologies that streamline operations, but also enhance overall business performance.

A key way to achieve this is to adopt SAP’s cloud-first, ‘adopt not adapt’ model, which avoids extensive customisations. This approach uses Best Practice Scenarios to define processes and embraces six-monthly product enhancements, reducing implementation time and costs. Businesses can migrate to SAP S/4HANA via several options: the Software as a Service (SaaS) model offers standard products in a public cloud with automatic updates, the Private Cloud Edition (RISE) allows companies to choose their hosting service, providing control over security and upgrades, and businesses can maintain their own SAP system in the cloud, preserving customisation flexibility.

Partnering with consultants who understand the cloud-first, standardised approach can help to deliver smoother implementations. Dedicated support teams support Fit to Standard workshops and continuous improvement using the SAP Business Technology Platform, enabling custom app creation without complicating the core system.

Conclusion

While many businesses focus on the initial cost of implementing new ERP systems, maintaining outdated SAP systems can lead to significant unexpected costs over time. These include higher maintenance expenses, increased labour costs due to inefficiencies, and potential security risks impacting operations and eroding client trust. If companies were to break down these long-term expenses today, they would likely find that investing in new ERP systems is not only a necessary step towards modernisation, but also a strategic move towards long-term cost effectiveness and sustainable growth. This broader perspective often reveals that while initial costs of new ERP systems may seem high, the cumulative expenses of maintaining outdated systems can exceed these costs considerably. 

While the prospect of upgrading SAP systems may initially appear daunting, the risks associated with maintaining outdated systems far outweigh the challenges of proactive management. Businesses also need to consider the long-term benefits of system upgrades, including improved productivity and reduced operational costs. By partnering with experienced consultants, for example, it is possible to navigate system upgrades effectively, while at the same time minimising disruption, and capitalising on new business opportunities. Moreover, opting for a cloud-first, ‘adopt not adapt’ model can help to streamline the process further, bring down costs, and ensure that the system is a good fit for specific business processes. Embracing change not only safeguards businesses against falling behind their competition and security threats, but also positions them for success to take advantage of the capabilities of new system upgrades and software suites both in the present and into the future.

If you specialise in Anti Fraud Platforms we want to hear from you!
By:

Each month on Fraud Prevention Briefing we’re shining the spotlight on a different part of the market – and in August we’ll be focussing on Anti Fraud Platforms.

It’s all part of our ‘Recommended’ editorial feature, designed to help industry buyers find the best products and services available today.

So, if you specialise in Anti Fraud Platforms and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jennie Lane on 01992 374 098 | j.lane@forumevents.co.uk.

Aug – Anti Fraud Platforms
Sep – AI for Fraud
Oct – Chargebacks
Nov – Biometrics for Fraud prevention
Dec – Mobile Fraud Prevention
Jan – Digital Identity Verification
Feb – Fraud Prevention Solutions
Mar – Risk Prevention & Compliance
Apr – Financial Crime
May – Multi-factor Authentication
Jun – Digital Identity Verification
Jul – Fraud Detection Tools

Moody’s study highlights Entity Verification as critical for risk management
By:

Organisations face greater challenges to understand who they do business with amid rising risks and evolving regulations, according to a new Moody’s survey and interviews with senior risk and compliance professionals.

Moody’s study found that Entity Verification – a data-driven process that helps verify and authenticate the credentials of each entity a firm onboards or already conducts business with – is deemed essential to avoid regulatory fines and reputational damage. 

Businesses are exposed to an increasingly complex risk landscape, as underscored by new insights from Moody’s Grid risk database: 

·         Nearly 14% growth in the number of organisations and people added to sanctions watchlists in the last 14 months to June 2024 

·         Cyber-attacks are more prevalent: cyber-related risk events nearly doubled from 2022 to 2023 

·         Human trafficking is on the rise: Moody’s registered a 22% increase in human trafficking events from 2022 to 2023 

Firms are typically required by regulations across multiple jurisdictions to screen and report on such risks. Those that fail to comply can be liable to financial penalties and risk harming their reputation, which is why 64% of risk and compliance professionals cited regulatory compliance complexity as a key challenge. 

The German Supply Chain Due Diligence Act, for example, holds enterprises across the globe accountable for human rights in their supply chains, while the UK’s Economic Crime and Corporate Transparency Act makes organizations liable for failing to prevent fraud. From 2025, the scope of entities who are required to comply with the European Union’s anti-money laundering regulations will expand to include professional football clubs, crypto asset service providers, crowd funding platforms, as well as buyers and sellers of luxury goods like jewellery, jets and yachts. 

Against this backdrop, Moody’s global study found that 9 in 10 respondents rate Entity Verification as ‘essential’ or ‘important’. The value of Entity Verification is also on an upward trajectory, with 73% of businesses anticipating its importance to increase over the next two years. 

Entity Verification is predominantly used today for customer onboarding (78%), ongoing customer risk monitoring (73%) and investigations & enhanced due diligence (71%). Sales & marketing, supply chain management, crypto-currencies and gambling represent less common use cases that are quickly increasing in importance. 

However, the focus on Entity Verification is not uniform across financial and non-financial services sectors: 

Financial services:  

·         As banks seek to introduce more automation, there is a recognition of the criticality of Entity Verification as a precondition for other risk screening activities 

·         Banks cite a desire to improve customer experience and streamline onboarding 

·         The pressure to meet ever-more stringent regulations 

Non-financial services: 

·         Corporates are quick to flag supply chain complexity, and the risks from bad actors who are ever more sophisticated 

·         A heightened awareness of Entity Verification as part of a wider risk framework among unregulated, non-financial sector companies 

·         Professional Services cite the additional factor of wanting to demonstrate their Entity Verification robustness as part of their appeal to customers  

While the importance of Entity Verification is apparent to those surveyed, firms cite a myriad of data challenges, including data siloes (51%), high costs (46%), updating data in a timely manner (44%) and data inaccuracy (43%). Fewer than 1 in 10 firms described the maturity of their data governance strategy as ‘advanced’, with most (49%) at the ‘developing’ phase. Leaders in data governance are more likely to be larger firms, with a Chief Data Officer in place and priority given to this topic at board level. Of those surveyed who had a data governance strategy in place, 82% cited improved data quality and accuracy, 72% cited strengthened risk management and 70% had enhanced operational efficiency and reduced costs. 

The study also probed on the extent to which companies had achieved a ‘golden record’ – a single, accurate, and complete version of data for a specific entity – that helps decision-making and operational efficiency. However, only 1 in 10 firms claimed to have a golden record and only a small minority of respondents (14%) have fully achieved a ‘single customer view’ – a comprehensive aggregation of all the data relating to a specific customer. Firms who have fully or mostly achieved a single customer view are overwhelmingly closer to having a golden record (22%) compared to those who have partially or not achieved a golden record (1%). 

Keith Berry, General Manager, Compliance and Third-party Risk Management Solutions, at Moody’s, said: “‘Who are you doing business with?’ is a deceptively simple question that can be very complicated to answer. In today’s ever-evolving business landscape, economic and geopolitical uncertainties, stringent compliance rules, and the challenges of data management have heightened the need for robust Entity Verification practices. Our study demonstrates the growing significance of Entity Verification not only to manage financial crime and prevent fraud, but also to drive operational efficiencies and improve customer experiences.” 

Fraudulent UK banking transactions to total 38 million over next five years
By:

A study from Juniper Research asserts that the number of fraudulent banking and money transfer transactions in the UK will increase 111% over the next five years, from 4.2 million in 2024 to 8.8 million in 2029. 

Despite the UK being one of the most technologically developed FDP (Fraud Detection & Prevention) markets, it anticipates additional measures, such as AI-based real-time FDP, will be required to mitigate the growing threat of fraud.

The UK Fraud Detection & Prevention in the Banking Market 2024-2029 report predicts the UK’s upcoming PSR (Payment Systems Regulator) reimbursement regulation will significantly impact fintechs’ adoption of FDP solutions.

The regulation aims to reduce fast-growing APP (Authorised Push Payment) fraud; the act of fraudsters tricking their victims into willingly making large bank transfers. However, increasing concerns surround the regulation’s impact on faster payments; potentially slowing them to ensure APPs are legitimate.

Therefore, AI needs to be implemented into FDP systems to enable financial institutions to quickly identify APP fraud without diminishing the value of faster payments.

However, the research also identified data sharing between stakeholders in the payments landscape as vital to maximising the value of FDP solutions, especially within faster payments where real-time fraud detection will be key. 

Report author Cara Malone explained: “The plethora of data collected throughout the payments processes will be utilised to develop several different FDP tools, ranging from behavioural biometrics to identification.”

Photo by Alex Tai on Unsplash

FRAUD DETECTION MONTH: How to select excellence in a sea of vendors
By:

As a seasoned anti-merchant fraud professional, you understand the ever-evolving landscape of financial crime. Equipping your organisation with the right fraud detection solutions is crucial for safeguarding your business and customer trust. But navigating the sea of vendors and promises can be daunting. Here are some top tips to help you source trusted fraud detection solutions for your organisation

Know Your Needs:

  • Identify Your Vulnerabilities: Conduct a thorough internal risk assessment to identify your specific weaknesses and the types of fraud you’re most susceptible to.
  • Prioritise Features: Make a list of the essential features you require in a fraud detection solution. This might include real-time transaction monitoring, device fingerprinting, velocity checks, or machine learning capabilities.
  • Consider Integration: Ensure the solution integrates seamlessly with your existing payment processing systems and other security tools. Avoid siloed solutions that create data management headaches.

Research and Evaluate:

  • Go Beyond Marketing Brochures: Don’t rely solely on vendor claims. Seek independent reviews and analyst reports to gain unbiased insights into different solutions.
  • Free Trials and Demos: Many vendors offer free trials or demos. Utilize these opportunities to test the solution’s functionality and user interface within your specific environment.
  • Talk to Existing Customers: Reach out to existing users of the solutions you’re considering. Their real-world experience can provide valuable insights into the system’s effectiveness and customer support.

Focus on Security and Compliance:

  • Data Security is Paramount: Ensure the vendor adheres to the highest data security standards, including PCI DSS compliance and robust encryption protocols.
  • Regulatory Landscape: Verify that the solution meets all necessary regulatory requirements in the UK, such as GDPR and PSD2 compliance.
  • Vendor Track Record: Investigate the vendor’s reputation and experience in the fraud detection industry. A proven track record and a commitment to innovation are key indicators of a reliable partner.

Beyond Technology: Building a Partnership:

  • Look for Long-Term Collaboration: Fraud detection isn’t a one-time fix. Seek a vendor who understands your business and is committed to a long-term partnership with ongoing support and system updates.
  • Training and Onboarding: Ensure the vendor provides comprehensive training for your team on the new solution.This empowers your staff to utilize the technology effectively and maximise its potential.
  • Communication and Transparency: Open communication and information sharing are critical for a successful partnership. Choose a vendor who is transparent about their solution’s limitations and proactively communicates potential updates or changes.

Sourcing the right fraud detection solution requires careful planning and an understanding of your specific needs. By following these top tips, anti-merchant fraud professionals can navigate the marketplace with confidence, select a trustworthy vendor, and implement a solution that effectively safeguards their organisation from the ever-present threat of fraud. Remember, the best defence against financial crime is a combination of robust technology, a well-trained team, and a strong partnership with your chosen fraud detection provider.

Are you looking for Fraud Detection solutions for your organisation? The Fraud Prevention Summit can help!

Photo by Javier Sierra on Unsplash

Join these first class organisations at the Fraud Prevention Summit
By:

Can you make the date to join us at the Fraud Prevention Summit? This unique event will allow you to network with peers, meet with leading suppliers & enjoy a series of seminar sessions.

Wednesday, 6th November 2024 | Hilton London Canary Wharf

As a fraud professional, you can attend for FREE – Secure your place here

Add your name to the guest list HERE, where you’ll be joining peers representing the likes of:

  • AS EU Ltd
  • Aspers Casino
  • Baxi Heating UK Ltd
  • Citi
  • Domestic & General
  • HSBC
  • John Lewis Partnership Plc
  • KFC
  • London Borough of Lambeth
  • PWC
  • Senior Plc
  • Sky
  • Tesco Mobile
  • Vanguard
  • Vanquis Bank
  • Virgin Atlantic Airways
  • Vitality
  • Which?

….And many more!

BOOK YOUR FREE PLACE!

As well as multiple opportunities to network with other industry professionals, your pass will also include:

Your own itinerary of 1-2-1 meetings with suppliers, access to our educational seminar programme presented by top industry speakers, lunch and refreshments throughout, personalised attendance options to suit your schedule, and more! – See what you can expect at the event >>>
 

To find out more, please get in touch with me and I will be happy to provide more information.

Aviva reveals huge spike in car insurance fraud
By:

Aviva reported a 39% increase in the number of claims declined as a result of fraud in 2023, uncovering more than 11,000 suspect claims worth £116m – the equivalent of 30 bogus claims a day with a value of £318,000.

The company says it’s investigating a further 13,100 claims for suspected fraud. Fraudulent motor insurance claims for injury and vehicle damage represented the majority of detected fraud, accounting for two out of three (66%) suspect claims.

Motor injury fraud remains the most popular target for fraudsters, accounting for 35% of all bogus claims Aviva detected. The number of fraudulent injury claims declined for suspected fraud grew by 19% and was worth more than £23m – £6m of which came from declined crash for cash claims.

A large proportion of the injury claims Aviva declined for fraud are opportunistic claims brought by third parties (not Aviva customers) – for example, an exaggerated injury claim stemming from a low-speed accident, such as a shunt in a car park. Aviva defended more than 400 such fraudulent or exaggerated bodily injury claims at trial to limit the impact that these claims can have on customers’ motor premiums.

Fraudulent claims for motor damage rocketed by 123%, as third parties sought to exaggerate and inflate the cost of repair and credit hire claims. As highlighted by Aviva in 2022, organised whiplash fraudsters have refocused their efforts on the repair aspects of a motor claim, including credit hire and repair. Aviva has witnessed particular growth in motor damage fraud after the Whiplash Reforms came into effect in 2021, signaling a shift in focus for organised fraudsters.

Though not technically fraud, the use of ‘spoof ads’ on internet search engines by a small number of unscrupulous claims and accident management companies (CMC / AMC) continues to mislead customers into thinking they are contacting their motor insurer to claim for an accident they’ve had.

The trouble arises when the at-fault insurer challenges the inflated costs presented by the CMC or AMC. The claims company will then pressure the customer into paying, as they will have signed contracts obliging them to pay if the repair, credit hire and other costs can’t be recovered. These costs are frequently in the tens of thousands of pounds. Although this would normally be covered as part of the customer’s insurance policy, because the customer inadvertently (and often unknowingly) claimed via a CMC or AMC, the insurer is both unaware of the claim and unable to help the customer.

To protect customers from the effects of fraud, Aviva continues to invest in its detection capabilities. This has seen Aviva double the number of employees dedicated to investigating fraud, as well as delivering more than 6,000 hours of counter-fraud training for its people.

Aviva identified fraud on more than 51,000 motor policy applications, up 64% on 2022 policy fraud detection figures. The sharp increase reflects the continual training and investment that Aviva has made in its policy fraud detection capabilities. By keeping known fraudsters off its books, Aviva is able to protect customers from the worst effects of policy fraud, ensuring its genuine customers don’t pay for the actions of fraudsters.

These figures also include policies sold by unregulated third parties, known as ‘ghost brokers’. Ghost brokers act as an insurance intermediary and purchase insurance policies using false or misleading information about the customer to acquire cheaper insurance. Ghost brokers will then frequently alter the insurance ‘policy’ before sharing with their ‘customer’ to show ‘proof’ of their insurance purchase. However, the insurance policy is all but worthless, as the ghost broker obtains the policy through lying and misrepresenting the identity and/or nature of the risk being insured (such as address, age of driver, etc.). 

The result is that the ‘policyholder’ directly compensates the fraudster for a worthless policy, meaning they are driving without valid insurance which is not only illegal, but also carries all of the associated risks of driving uninsured.

The next largest area for fraudulent claims is in liability, such as bogus slips and trips. Fraudulent claims for liability represent 23% of all fraudulent claims detected by Aviva. Despite the number of fraudulent liability claims remaining flat, the value of these claims has grown by 9% year-on-year, highlighting the importance of detection in this area.

Household fraud accounted for 6% of detected fraud and was primarily comprised of claims for valuable items. The most popular items that were fraudulently claimed for were:

  1. Jewellery/rings
  2. Mobile phones
  3. TV’s
  4. Laptops
  5. Tablets

Pete Ward, Head of Claims Counter Fraud at Aviva, said, “We’re here to help our customers when something’s gone wrong, settling their claim quickly and fairly. But where we detect fraud, we will vigorously defend fraudulent or inflated claims and, where appropriate, prosecute those who target Aviva.

“That’s why we’ve invested in the tools, technology and people necessary to create a robust counter-fraud capability, helping to ensure the cost of insurance fraud is not passed onto our customers. This investment has improved our ability to detect fraud across all lines of business and has contributed to the steep rise in the number of fraudulent claims we detected last year – particularly in motor, where exaggerated claims for damage have rocketed.

“Last year also saw Aviva, working with IFED, secure the industry’s first Serious Crime Prevention Order against Hamed Sediqi, who repeatedly targeted Aviva in an organised motor fraud campaign. This is a landmark result against a serial fraudster which will not only protect Aviva and its customers from being targeted, but should also act as a wake-up call to other professional fraudsters about the consequences of their actions. Combined with our recent successful application of the Proceeds of Crime Act, Aviva continues not only to detect fraud, but also create powerful deterrents against committing insurance fraud in the first place.”

Photo by Yeka.UK on Unsplash

FRAUD DETECTION MONTH: How the latest tools are helping to shield the bottom line
By:

Fraudulent activity is a persistent threat for both retail and banking sectors in the UK. Anti-fraud professionals are constantly on the lookout for innovative solutions to combat ever-evolving scams and safeguard customer funds. The landscape of fraud detection is experiencing a significant shift, with technology playing an increasingly crucial role in mitigating financial losses and protecting consumers...

The Arsenal of Modern Fraud Detection:

  • Machine Learning and AI-Powered Solutions: Advanced machine learning algorithms are revolutionising fraud detection. These algorithms can analyse massive datasets of historical transactions, identify suspicious patterns, and predict fraudulent activity in real-time. This allows for proactive intervention before losses occur.
  • Behavioural Analytics and Biometrics: Solutions that analyse customer behaviour patterns can flag suspicious activity, even if the purchase amount is small. Biometric authentication like fingerprint or facial recognition technology can further strengthen fraud prevention measures.
  • Fraud Case Management and Network Analysis: Fraud case management platforms streamline the investigation process, allowing anti-fraud professionals to track trends, identify networks of fraudsters, and share intelligence with other institutions.
  • Collaboration and Data Sharing: Fraudulent activity often transcends individual institutions. Data sharing agreements between banks, retailers, and law enforcement agencies can create a more comprehensive picture of fraudulent activity and facilitate a coordinated approach to combating it.

The Evolving Landscape of Fraud Detection:

The fight against fraud is an ongoing battle that requires constant adaptation. Here’s a glimpse into how anti-fraud approaches are likely to evolve:

  • Focus on Artificial Intelligence (AI): AI capabilities within fraud detection solutions will continue to advance.Natural Language Processing (NLP) will enable systems to understand complex narratives behind fraudulent schemes, while self-learning algorithms will adapt to new fraud tactics in real-time.
  • The Rise of Open Banking: Open Banking initiatives in the UK are fostering collaboration between financial institutions and third-party providers. This collaboration will lead to more sophisticated fraud detection tools that can leverage a wider range of data sources.
  • Customer Education and Empowerment: Consumer awareness of fraud tactics remains crucial. Enhanced customer education campaigns and user-friendly tools for fraud reporting will empower consumers to play a more active role in protecting themselves.
  • Focus on Regulatory Compliance: As technology evolves, so too will regulatory requirements. Anti-fraud professionals will need to stay abreast of changing regulations and ensure their chosen solutions comply with evolving data privacy and security standards.

Fraud detection in the UK’s retail and banking sectors is no longer a reactive process. By leveraging technological advancements like machine learning, AI, and data analytics, anti-fraud professionals are proactively mitigating financial losses and safeguarding consumers. As technology continues to evolve and fraudsters develop increasingly sophisticated tactics, collaboration, data sharing, and an ongoing focus on innovation will be key to staying ahead of the curve and protecting the financial well-being of British consumers.

Are you looking for Fraud Detection solutions for your organisation? The Fraud Prevention Summit can help!

Photo by rc.xyz NFT gallery on Unsplash

Research: European businesses ‘unprepared for increasing cyber attacks’
By:

A Cloudflare study has revealed that 64% of business leaders, including the retail and financial services sectors, expect a cybersecurity incident in the next 12 months, but only 29% feel highly prepared to defend against them

The report, called “Shielding the Future: Europe’s Cyber Threat Landscape Report” shares the latest data on how organisations are coping with rising volumes of cybersecurity incidents, their levels of preparedness, and top challenges.

These new findings reveal an ongoing concern around growing cybersecurity threats and a feeling of unpreparedness among European businesses.

The survey, which was conducted with more than 4,000 business and technology leaders across 13 European markets (Benelux, CEER, DACH, Nordics, Southern Europe, UK), found that 40% of organisations experienced a cybersecurity incident in the last 12 months. 

Of those that suffered such an event, 84% report that the frequency of these events has increased over the same period, with almost one in five (16%) suffering a cybersecurity attack every 6-11 days. Meanwhile, 62% say that attacker dwell time has also increased in the same time period. 

Looking ahead, two-thirds (66%) of respondents believe that they will see even more attacks within the next year and a significant 64% say that they expect to suffer a cybersecurity incident within the next 12 months. 

Concerningly, despite the increasing volume and frequency of these attacks, only 29% of respondents say they are highly prepared for cybersecurity incidents in the future.

Additionally, industries that had experienced fewer attacks were also among those least prepared. Just 28% of those working in healthcare and 31% of those working in education claimed to have suffered an attack in the last 12 months. For those same industries, the perceived level of preparedness for an incident in the future was low – just 18% and 19%, respectively.

The reverse is true for those in the IT & technology industry. With almost half (49%) being attacked in the last year, however, organisations in this field are seemingly on their guard. Over a third (35%) of respondents from this sector say they are highly prepared for an attack, making it the industry most confident in its ability to deal with an incident, followed by companies in financial services and retail (32% and 31% respectively).  

When looking at organisational size, the lack of preparation by smaller businesses is a particular concern, with only a quarter (25%) claiming to be highly prepared. Medium-sized and large businesses do not fare much better though, with only 27% and 32%, respectively, claiming high levels of preparedness.

For those businesses impacted by a cybersecurity breach, more than a third of respondents (39%) say that the most significant effect remains financial. More than one in five (22%) claim to have lost revenue following an incident. In addition, 23% have suffered increased insurance premiums, 22% have paid fines, and another 23% have experienced legal action. A further one in five (19%) have been forced to lay off members of the team due to the financial losses experienced in the aftermath of an incident. 

Looking at the numbers more closely, almost two-fifths (38%) of respondents say that the financial impact of the incidents they suffered cost between £788,000 and £1.576 million, while a quarter (25%) estimated the loss to be £1.576 million or more. 

A further 17% said that reputational damage was the most significant effect. Additionally, 31% put growth plans on hold in the aftermath of an incident, while over a quarter (28%) have temporarily suspended business operations. 

It’s unsurprising that financial gain was at the heart of many attacks (48%) across the European countries surveyed. However, survey respondents also believe that the threats they have experienced have a much wider range of objectives.

The majority (53%) of those impacted by an incident in the last 12 months say that the main purpose was to plant spyware. And  almost half (48%) of those surveyed say that ransomware plants were the main purpose for the attack. 

When it comes to the most commonly experienced attack vectors, these too are diverse. Phishing tops the list, with almost three in five (59%) respondents claiming to have seen this approach. That’s closely followed by web attacks (58%) and DDoS attacks (37%). Also prevalent were stolen credentials and business email compromise, with almost a third (32%) having experienced these.  

When it comes to tackling these issues, onboarding more products seems to be the go-to response. In fact, nearly half (49%) have more than 11 different products and solutions. The vast majority (72%) believe that this complexity is having a negative impact on their effectiveness, and yet two-thirds (67%) expect the number of tools they adopt to increase in the next 12 months. 

Notably, the three most pressing challenges cybersecurity decision makers and leaders face are: consolidating and simplifying cybersecurity estate (48%); modernising applications used by organisation (47%); and modernising networks operated by organisation (42%). 

Further education on Zero Trust is required for maximum impact

Respondents report three clear problems in the existing architectures they work with: applications and data stored in the public cloud; limited oversight over IT supply chains; and over-reliance on VPNs to protect applications (with each factor mentioned by 34% of respondents).

Given these problems, it is unsurprising that securing a hybrid workforce is a top priority, coming in the top three for more than a third (36%) of our respondents. 

Worryingly, for many organisations, deployment of countermeasures is a long way behind, and in some cases not yet started. Despite widespread recognition of its ability to protect hybrid or remote workers, when looking at deployment of Zero Trust network access., just 25% of respondents say this solution is fully deployed and over half (58%) say that Zero Trust adoption is still in its early stages.  

While two-fifths (44%) say they are optimistic about the ability of Zero Trust to consolidate technology upgrades, our respondents also indicated a lack of faith in their leadership teams’ knowledge of the tool. In fact, the majority (86%) believe their leadership does not fully understand it, while nearly one in five (16%) say their leadership has either partial or no real understanding. According to 42% of those surveyed, this lack of understanding is the single biggest barrier to adoption.

Despite increased budgets, funding, talent, and training remain challenges

With business leaders anticipating more cybersecurity incidents, it’s positive to see that 54% of respondents expect their IT budget for cybersecurity to increase in the next year.

A quarter (25%) of business and IT leaders expect cybersecurity to make up at least 20% of their organisations’ IT spend in the year ahead. And of those expecting a budgetary increase, two thirds (66%) anticipate a rise of more than 10%. 

For the majority, protecting their networks remains the number one investment area, with nearly 24% of the budget allocated to this pillar on average. Despite being the area where respondents see a significant lack of preparedness, devices are set to receive the second lowest allocation of budget share. 

In terms of how this budget allocation is decided, the top two determinants were the number of incidents experienced (34%) and the cost of dealing with them (20%), revealing that most organisations appear to remain reactive in their funding allocation decisions. 

Funding remains the top concern for 46% of our respondents. However, other concerns, such as a lack of talent (41%) as well as the evolving business requirements and user needs (30%) also keep business and tech leaders awake at night.  

Interestingly, despite the increasing volume of attacks, a quarter (25%) cite a lack of buy-in from leadership as a key challenge. With less than a quarter (23%) having not undertaken leadership or general employee training, it is therefore unsurprising that 21% of business and IT leaders rate their organisations’ cybersecurity culture as weak or neutral.

“Organisations across Europe are managing an increasingly complex cybersecurity landscape, all while ensuring operational efficiency, regulatory compliance, and uninterrupted productivity. With incidents on the rise in both volume and frequency, this balancing act becomes even more challenging, leaving leaders with a sense of diminishing control over their organisations’ technological and security frameworks,” said Andy Lockhart, Head of EMEA at Cloudflare. “This significant challenge requires innovative solutions capable of integrating diverse technological components into a cohesive and agile framework. The age of siloed legacy infrastructures is giving way to a new model of “any-to-any” cloud platforms, creating catalysts for innovation and growth. By concentrating on strategic integration any-to-any cloud platforms empower leaders to transform technological challenges into competitive advantages. Adopting this approach will help shape a future where connectivity and innovation are at the heart of business success, opening the door to unlimited possibilities,” adds Lockhart.

Photo by Kasia Derenda on Unsplash