FiVerity, a leading provider of cyber fraud defense, today announced the launch of the Cyber Fraud Network™, the industry’s first collaborative system built to combat the convergence of cyber tactics with fraudulent theft. FiVerity’s Cyber Fraud Network improves the collective cyber fraud knowledge of financial institutions, regulators and law enforcement by facilitating the secure exchange of intelligence on suspected fraudsters without disclosing personally identifiable information (PII).
We sat own with Greg Woolf, CEO of FiVerity to discuss the company's new Cyber Fraud Network, how fraud has changed, and what the future of fraud prevention looks like in the age of AI and ML.
How has fraud changed over the past 5 years? How has it changed specifically during the pandemic?
Without question, a sea change has been the development of cyber fraud – the merger of fraud-related theft with sophisticated cyber-attacks. A prime example of this is synthetic identity fraud (SIF), which is designed to fly under the radar of traditional fraud detection systems. It many ways, it acts unlike the forms of identity fraud that banks have, wisely, built up significant defenses against.
The initial loans these accounts request are small at the start. The identity is made up, so there’s no traditional victim that’s going to call the bank and alert them to an unfamiliar charge. This gives the cyber fraudster the luxury of time, so they can build up their credit limit and eventually bust out with a significant theft.
Unfortunately, the pandemic has given rise to a number of factors that essentially create a perfect storm for fraud. Even late adopters are opening accounts online, and with interest rates near zero, there’s been a massive increase in the number of digital loan applications. It essentially put the consumer lending industry’s plans for digital transformation into hyperdrive, but the system wasn’t prepared for the cyber fraudsters this attracted.
What technical challenge does this announcement solve?
Fraud and risk managers have been interested in sharing notes on suspected fraudsters for some time, but a variety of legal, competitive and logistical concerns have held this back. The biggest technical achievement of FiVerity’s Cyber Fraud Network is giving the consumer lending industry the ability to share information on suspected fraudsters while fully protecting their customers’ personally identifiable information.
The network’s double-blind approach splits the encryption key across members, so that no single institution – including FiVerity – holds the complete key to decrypt personally identifiable information (PII) data. This removes the risk of violating privacy requirements and it protects the user’s competitive advantage, as the only companies that can access a consumer’s profile are the ones that already possess the corresponding PII.
How has AI and ML shaped how organizations combat fraud?
I think AI’s impact on fraud and risk departments is similar to its deployment throughout big business – a lot of hype but not nearly as much progress. Legacy providers are understandably quick to claim they now have a machine learning (ML) component, and it’s difficult for the business decision maker to know which providers offer meaningful, AI-driven solutions. It’s early days however, and I’m confident the consumer lending industry will figure it out. Cyber fraud rings are successfully implementing machine learning right now, so harnessing these tools to fight back is an existential requirement for the industry.
What is the future of fraud detection and prevention look like?
There’s never been a silver bullet to fighting fraud, and that won’t change as criminal tactics evolve at a faster pace. There will be a place for rule-based systems that identify traditional forms of identity theft, but the industry will have to adopt machine learning models in order to stay a step ahead of these sophisticated, well-resourced cyber fraud rings.
The most important evolution in fraud prevention, however, may be increased collaboration between the fraud and cybersecurity teams. Criminals have already merged identity theft with cyber-attacks, so they’re essentially taking advantage of the gap between these siloed departments.