Technologically savvy consumers seek convenience, or they may be drawn to the latest and greatest app. Point – Click - Done. If it’s a product or service that involves the movement of money, the reality is that it will likely attract attention from the fraudsters. If you account for any added industry buzz, this could become sooner rather than later.
When developing new products, is detecting and mitigating fraud a top priority for the organization? Has anyone taken a step back, looked at the product features and ask how the product could be susceptible to fraud? If not, that could spell trouble once you are live.
Does your organization take more of a wait and see approach? Get the product live, work to get a feel for how your customers will use it and then decide how you will fortify defenses? Is there concern that up-front fraud prevention strategies may negatively impact too many customers too soon and turn them off from adopting the new product?
Does fraud detection move to the top of the priority list after some significant loss event has occurred? Here, the event will probably getdissected and any proposed solution under consideration may only address what had happened (reactionary), but fail to consider what else could happen in the future.
“There is no magic bullet, nor is there a one-size-fits-all solution”
Your innovation is being gladly received by the fraudsters. The constant emerging threats become the challenge. The fraudster’s capabilities, tactics and technical savvy evolve much faster than the tools available to stop them. An attacker will reverse-engineer processes faster and better than you could do. They will look for weaknesses and will seek to exploit them with impunity. They do not have to follow any rules.
You don’t know what you don’t know. When something happens, you need to figure it out.
What tools are already available and do the teams on the ground fully understand how they work – inside and out? Does your organization have a multitude of disparate single end-point solutions operating in various silos that do not communicate with each other? If there is a problem, how quickly can you get to the data and reconstruct how the attack unfolded?
How often does your fraud team find themselves flat-footed and find themselves calling upon IT resources to pull data and help reconstruct fraud scenarios? Shouldn’t this information be readily available and at their fingertips? When the fraud team wants to place a rule (speed bump) in front of an attacker, does the IT team have to build and implement it? When you need a custom report to identify a specific pattern, does IT have to build it?
If you do not understand and learn, your product could become labeled an easy target. If so, they’ll keep at it until you can stop the proverbial bleeding.
What I see as the key point when talking innovation and fraud prevention in the same sentence: There is no magic bullet, nor is there a one-size-fits-all solution. The fraudsters will attack your 10-foot wall with their 12-foot ladder. When you add bricks and raise the wall to 14-feet, they’ll return with a 16 foot ladder.
I wish I owned a crystal ball or had the ability to look into the future. It certainly would make my job much easier.