List: 5.8 million fraud and computer misuse incidents in the 12 months to the end of March 2016 – how can we stop that number rising?
Fraud: A victimless crime?
Sundeep Tengur, Banking Fraud Solutions & Financial Crimes Specialist at SAS, said: “Fraud is an insidious problem that challenges all businesses in the UK and around the globe. For far too long, fraud has been viewed as a victimless crime. On the contrary, it is continually being used by criminals for monetary gain and to fund a wide spectrum of illegal activities including drug dealing, human trafficking and even the funding of terrorism. Sadly, many of the victims are among the most vulnerable members of our society.
“Fraud has evolved from simple and opportunistic modus operandi to more complex and patient scenarios. Fraudsters are becoming increasingly sophisticated and often hide within complex networks where they employ ‘mules’ to do their bidding. Those networks are often hard to detect as they contain both fraudulent activity as well as legitimate and compliant transactions.
“Also contributing to the rising velocity of fraud is the proliferation of online services and the anonymity those digital channels provide to consumers. For example, when making insurance claims, it’s easy to inflate the value of a damaged or stolen item or to add a few additional items to the claim, therefore resulting in what’s often referred to as ‘soft fraud’.
Rise of a new industrial revolution
Andy Thomas, Managing Director at CSID Europe, said: “Cybercrime is going through its own industrial revolution – the barriers to entry are disappearing. Tools are automating the process and costs have plummeted: getting started in cybercrime has become child’s play. The ONS data released validates our concerns that the industry needs to up its game in terms of measures to prevent fraud, and consumers still need better education to avoid becoming victims to the most common fraud risk they now face.”
Benchmarks? What benchmarks?
Dave Webber, Commercial Strategy Director at LexisNexis® Risk Solutions UK said: “In an increasingly digital age, these figures illustrate just how vulnerable personal and corporate data is to attack. With bank and credit account scams the most common type of fraud, organisations need to swiftly strengthen their fraud prevention strategies. Today, most organisations can’t measure fraud consistently and so have no benchmark from which to measure current performance and, moreover, how advances in fraud defences are performing. Therefore companies should align fraud prevention with their overall business strategy, enabling fraud prevention teams to adapt to volatile market conditions as well as the changing behaviour of fraudsters.
“Cyber criminals are highly organised, well-funded and continually using advanced technology to up the stakes. As such, in the same way cyber criminals seek to innovate, so should businesses use technology to monitor for fraud and protect their data. Increasingly, we are seeing organisations using sophisticated data, technology and analytic linking to determine not only whether a business is a legitimate entity, but also to link owners, employees and identify other people who have a stake in the business. Deploying this type of information must be an organisation’s first line of defence against fraud. That said, as the figures mark the first time the ONS has measured fraud and cyber crime in full, it remains to be seen whether more organisations will respond in kind over the next 12 months.”
Security is fundamentally flawed and consumers like it easy
Johan Dalhert, BehavioSec said: “The nature of security as we know it is fundamentally flawed. We recently found that over 1 in 3 of us even admit to sharing our passwords and log-in details for services including social media, banking and online-shopping, while over 70% choose to stay ‘logged-in’ when possible. “Convenience” proved to be a key driving force of this behaviour.
“Quite simply, security is no longer a consumer’s number one priority when operating online. Today we prioritise convenience – meaning laborious tasks such as multiple authentication processes are often side-stepped. A password is only as secure as a user’s desire to safeguard it and for this reason we need to lift the burden for consumers. If digital platforms are selling consumers convenience and always-on availability, then they need to take on the bulk of the security burden themselves and implement security measures that accurately authenticate users without forcing them through frustrating, inefficient authentication barriers.”
Passwords of old
Brian Spector, CEO at MIRACL, said: “These figures suggest that nearly one in ten of us fell victim to online fraud in the last year. This is hardly surprising, given how laid back most people are about the potential risks of data theft and identity fraud. When it comes to banking fraud, most people still consider this to be their bank’s problem, and assume that they will be reimbursed no matter what. But considering the huge volume of personal and financial data that most people place online, it’s vital that consumers become more vigilant about protecting their digital footprints. Identity fraud is a multi-billion dollar business, so this trend is unlikely to reverse any time soon.
“In almost all cases of online fraud, the problem can be traced back to that relic from a bygone age: the password. The username and password system is old technology that simply cannot secure the deep information and private services that we all store and access online today. Passwords don’t scale for users, they don’t protect individual services and they are vulnerable to a myriad of attacks. By contrast, new, secure methods of two-factor authentication can eliminate password risk and at the same time be user-friendly. It’s time for online services to contribute to the restoration of trust on the Internet by removing the password from their systems altogether.”
The evolving hacker
Piers Wilson, head of product management at Huntsman Security, said: "For the majority of organisations, the main two lessons to take from these statistics are the rapid evolution of cyber-crime, and the number of threats that any individual or organisation will face.
"With attackers able to constantly modify their attacks for a particular target, or come up with entirely new ways to steal data or commit fraud, organisations cannot simply assume that they will be able to spot known attacks before they can cause damage. Instead, organisations need to be alert for the signs of completely unknown or insider attacks that could have already breached their defences, and react before they can cause significant damage."