"We should stop thinking that online fraud is a single specific event, and embrace the idea that it’s a journey consisting of a number of events that bad actors can take advantage of during an online experience. Larry Venter, Head of EMEA and APAC at IPQS, says all the steps in the journey need to be secured and verified all the time, so that your organisation can effectively defend against fraud and abuse. It all starts with onboarding. “Every customer needs to be onboarded in the most secure, verified, and validated way. Onboarding is the start of your customer’s journey with you. Doing it right at the beginning will set you up for success,” Venter says.”
Larry Venter
Head of EMEA and APAC at IPQS
In South Africa, IPQS partners with Sybrin, which has a seamless and effective onboarding process built around ID verification. This allows for quick and easy setup in an automated and streamlined way that builds in defences from the outset of your relationship with an online customer. What’s interesting is that the traditional methods of verification haven’t changed much over the years. Companies still consider different factors during onboarding such as IP reputation, email verification, phone validation, and device fingerprinting. What has changed is how those traditional means of verification have become augmented with threat intelligence from dark web scans and honeypots as well as the frequency at which that data is refreshed. It’s these changes that allow you to supercharge your decisioning.
“IPQS stands alone in the market when it comes to analysing the relevant data with industry-leading accuracy and frequency. This allows you to identify fraudulent users, suspicious payments, and abusive behaviour that could put your organisation at risk with greater integrity and specificity than before,” adds Venter. “What sets IPQS apart from other fraud prevention providers is the freshness of our data. The more up to date and comprehensive the data is, the better decisions you can make when onboarding a new customer and verifying a returning one.”
IPQS leads the way in terms of the scale at which they spot emerging risk signals, with refresh rates that significantly outpace industry norms. They can verify every IP address on the planet and analyse over one billion user actions per day. “Through our fraud APIs, we feed a massive amount of data to our algorithms for intelligent processing. It’s an enormous engineering task, but it means that new threats can be detected before they impact your site. You can’t make good decisions off old data. Put differently, if your decision engines are not using our data, you’re likely making poor decisions.”
Brute Force Attack.
The attack surface has also changed over the last decade. Today, fraud is committed on a vast scale, hackers work cooperatively and the pace is breathtaking. There is more bot activity than human activity online and the profile of synthetic attacks has become more complicated with the advent of AI. Using AI, a brute force attack is no longer signaled by a significant rise in traffic that you defend against. Today, it’s quiet and unobtrusive. Imagine a small kernel of code sitting on a data model whose sole job is to patiently learn enough about your defences to get through and breach you. When that day happens, it does so with a ferocity that you cannot defend against. “The only way you can stay ahead of the evolution of attacks is by having better data that keeps up with the constant shifts in attack patterns,” Venter says. “You fight fraud by protecting yourself and your customers the whole way through the journey with the best data points available. IPQS uses advanced algorithms to look for subtle shifts in risk signals. Identifying fraudulent attacks at the data level allows the alert to occur early, assisting you to make optimal decisions. For every period of time that your data has degraded, you are more at risk. Fresh data also allows you to avoid taking unnecessary security steps that frustrate your users.
“To combat fraud more effectively, we’ve also seen the evolution of “fusion teams”. Traditionally, there are different departments that a customer will unknowingly traverse while interacting online. These include the cybersecurity department headed by a CISO whose role it is to secure interactions, the fraud department headed by fraud strategists who mitigate risk, and, finally, the marketing or business development departments whose goal is growth. Having these departments working together seamlessly can be tricky in large oganisations.
Threat Intelligence.
“Our data traverses all these areas. It can be used in cybersecurity, fraud decision-making, or the customer sales journey,” says Venter.
While you need to confirm a customer’s credentials, you also need to ensure that they have a seamless experience on your website. Fast, efficient verification leads to a better experience, and this leads to the customer buying more from your site, using it more often, and returning again and again.
“The single best advancement in fighting fraud is the evolution of threat intelligence. This fast-changing field allows you to rely on IPQS to keep you ahead in proactive ways. We have the largest privately owned honeypot network in the world, where we attract nefarious actors, and learn what they’re doing. Hackers try to gain access to it, and as they do, we learn from them. This allows us to see attack patterns very early on, and advise our customers on what is happening out there before it comes to them. “In today’s online world, where stringent fraud defences are required, you should always be open to investigating the freshness of your data. There is no downside to this and the upside is you defend and enable your business better.”
Being able to make decisions off the most recent data gives IPQS, and their customers, a huge advantage.
Source: ITWeb Brainstorm
About Sybrin.
Leveraging their 30+ years of industry experience, Sybrin uses AI, machine learning, and data science to overcome challenges in the financial services, insurance, and telecommunications industries. Passionate about risk reduction and identity verification, Sybrin leans on the power of AI and ML to automatically perform real-time screening against global sanction lists and watchlists to identify and flag potential high-risk customers for further review, while onboarding low-risk customers quickly and efficiently.