Podcast: £2.3bn lost to fraud

Improved digital access has unlocked opportunities and potential for many. It has made it easier to bring ideas to reality. From opening an online store, to building applications to take advantage of a market opportunity. Imagination is now your only barrier. And it doesn’t matter whether your office is a tower block in London, or a desk in your bedroom. Digital access has levelled the playing field. But it has also created opportunities for less savory characters to exploit.

During the pandemic, online fraud was up a third, and £2.3bn reported lost by consumers. So how can organisations tackle fraud and reduce its threat while taking advantage of all that digital technology offers?

Is digital accessibility a blessing or a curse?

Well, the answer is both. New digital tools offer many more ways of sharing useful information. They enable organisations to improve efficiency, reduce costs, serve customers better and so on, but by the very nature of their newness means they also come with unknowns. And it’s often those unknowns that are first found by unscrupulous types, and then manipulated to their means. For all the benefits of digital technology, it’s relatively easy to use it to open the wrong doors.

Digital access opens your front door to anyone anywhere. If you’ve a physical retail store, and you’re worried about people stealing items, you keep an eye on anyone coming through the door. You can see them and watch them as they wander around. There are only so many people that can come in. But when you start a website, you give access to anyone on the planet to enter. You’ve got to be very careful about how you set up and manage it because unlike the store, you can’t watch every person coming in.

Why we’re not getting to grips with fraud

Fighting fraud is a constant arms race. As fast as loopholes are discovered and closed, new one’s are found and exploited. It’s a never-ending war.

If you’re of the opinion you are managing risk well today, perhaps you are. But by tomorrow things will have changed, as they have a habit of doing in the digital world. And you won’t be dealing with it well. After a year, if nothing has changed, you’re going to be dealing with it very badly. It’s a constant arms race between protecting yourself and your organisation, and the people trying to find new ways through your defences.

Over the last two years there has been a step up in attacks. And in the complexity and sophistication of what is being used to inflict harm. But equally, we’ve seen defences evolve over that time too.

How the best companies are dealing with fraud

There are two ways to look at this. The first is the number of different ways organisations look at the problem. And the other is the tools that people use to counter it. The organisations managing risk well are those looking at every possible direction an attack can come from. This means considering their people and social engineering, and the tools and protection provided to manage it.

It means looking more at what people can do online beyond just payment fraud. Such as how fraudsters can manipulate different accounts, abuse the refund process, use gift cards or fraudulent credit cards and all the different ways they can worm their way in.

Consider also how people operate. Based on behavioural trends, look to identify ‘human’ gaps in your defences. Many will put up frontline defences and say, ‘we’re going to check your credit card against a service that tells us whether it’s been stolen’, but somewhat fewer are looking at every point in the process.

Points such as whether you can see who visitors are when they first get in contact with you. Or whether you can track behaviour all the way through a digital journey. This means not just reviewing fixed identifiers such as lists of banned postcodes or bad credit cards, but using Artificial Intelligence to track behaviour, score risk, and anticipate threats on an agile basis.

Part of the solution also comes in sharing fraud intelligence across organisations, rather than relying on a single view of the world. And this has become the basis on which Microsoft has developed their fraud solution.

How technology can help you deal with fraud

Cloud technology provides a counter solution in the war against fraud, and Microsoft’s continuous investments in prevention provide some hope of staying ahead of the crooks. Microsoft have come at this in the way they do for many things, which is first tackling the problem for themselves, before going more widely with a tried and tested solution.

For example, the Microsoft Store, which operates in 130 countries, and X-Box, with over 10 million users, has seen a huge amount of fraud. Over a billion pounds a year is lost. So, Microsoft started tackling the problem. They looked at what was in the market and decided it didn’t give them the right tools to deal with their fraud issue, so they built their own service.

Microsoft took the best of everything they could find in modern technology. From adaptive AI and anomaly detection to virtual fraud analysts and device fingerprinting. Microsoft built their own Fraud Management solution, which reduced fraud and has saved hundreds of millions of pounds a year. And now they’ve rolled it out.

Fraud protection is the sum of all the parts

Microsoft’s approach is to build on a broad view of fraud activity from across many organisations, then update their fraud solution to counter threats. Changes are then shared with everyone using the service, thus reducing threats for others before they occur.

What this means is if you install Microsoft’s fraud protection solution, you gain protection from everything already tried. The fraud solution is analysing data from every place it’s installed. If you attack website A and then you go to website B, the solution has already learned who you are, what your mechanisms are, and your attack signatures. The offender is blocked the second time around without the solution having to re-learn who the offender is and how they’re trying to defraud you.

Microsoft’s fraud protection solution has been built on a ‘better together’ mentality. But fraudsters will always find a way, so best to stay on your toes.

For more information on how you can combat fraud, click here.