The focus on fraud prevention has accelerated as the number of new cases has increased, e.g. Yahoo's recent admission that 500 million of their accounts had been hacked:
Over the last month the useful tips on fraud prevention have included:
- the merchant’s account on file-based e-commerce model in file-based e-commerce model in which they store all sorts of personal information requires a whole new holistic approach according to Andrew Nauman at CyberSource. He recommends a holistic approach to fraud management at each stage of the buying process, while helping to control costs and minimise the impact on the customer experience. (This is key: minimising impact on the customer.) He recommends tuning each layer individually and optimising the system as a whole, e.g. deploying selective asset authentication instead of a manual review, adjusting the rules in automated screening to send fewer orders for review. He believes that fraud prevention optimisation is a process, not an end state. Collecting information, tracking trends and testing new rules are the key to effective ongoing fraud prevention.
- Europol’s 2016-internet-organized-crime-threat-assessment report shows that one of the biggest threats is from the so-called ‘Darknet’ in which the techniques that have normally been associated with cybercrime are now being used elsewhere. They are particular concerned about the use of ransomeware to extract huge sums of money from corporate's. (This report is essential reading.)
- PwC’s Global State of Information Security Survey 2016 highlighted the prospects of increasing state sponsored hacks.
- CyberSource are promoting machine learning which, they believe, outperforms traditional methods of fraud detection - manual checking just takes too long. See The Balancing Act report for tips on how to use machine learning to choose the right models to apply to the historical dataset and optimise the levels of recall and precision.
- Cardinal Commerce published an important note on the seven secrets of online fraud, see.
Develop your own fraud prevention strategy
Fraud prevention is a combination of processes and systems. Each company has to develop their own methodology for minimising fraud an excellent starting point is place is what these organisations recommend:
- ’10 steps to Cyber security from UK’s GCHQ’ (UK Government Communications Headquarters) who monitor the Internet and many other networks, see
- SANS (System Administration, Networking, and Security Institute) ‘Critical Security Controls’ —a short list of controls developed by security experts world-wide based on practices that are known to be effective in reducing cyber risks
- NIST (National Institute of Standards and Technology) Framework for Improving Critical Infrastructure Cybersecurity—combines a variety of cybersecurity standards and best practices together, see
- Shared Assessments—an organization that develops assessment questionnaires for use by its members, see
- ACFE’s Fraud Prevention Checklist, see
- ’40 questions you should have in your vendor security assessment’ from BITsight which shows how to monitor and manage vendor security.
Fraud levels are really scary: Google looks to ditch password for good as they are insecure and ECB
Google engineers are looking at ways to stop using passwords, which they believe are no longer enough to keep users safe. They are testing new tools that could replace passwords as the primary way of authenticating
Fraud from disgruntled and dishonest insiders using invoicing to help themselves can be controlled i
Recent fraud cases in the UK and Singapore have highlighted how disgruntled employees and dishonest managers can use invoicing systems to carryout serious levels of fraud that can threaten the business.
10 fraud blind spots for corporate treasury departments to watch out for in 2013
"Just like legitimate businesses, fraudsters are planning ahead for 2013," says James Gifas, head of RBS Citizens Treasury Solutions.