Subscribe to Dynamics Matters:
RSS Feed | Spotify | iTunes

HSO Michael Lonnon and Jon Rallings

Transcript

Intro

Welcome everyone to episode 42 of the HSO Dynamics matters podcast.

Your regular sonic dive into the world of Microsoft technology related matters and much more besides.

I’m your host Michael Lonnon and in this episode, we’ll be discussing the issue of fraud.

Which is a big issue, and growing concern as more people and businesses operate online. So I conducted my very own phishing attack to snare Microsoft’s Fraud expert from across the pond, Sondra Feinberg.

We had a great chat about why fraud is becoming an increasing problem and what you can do to protect yourself.

So, grab a brew, sit back, relax, and enjoy the show.

Michael Lonnon

Is greater digital accessibility a good thing or bad?

Sondra Feinberg

I’m split on that one because the more assets we have to utilise and make life easier or more informative is a good thing. To the younger generation, I think it’s a bad thing, because the younger generation tends to not know how to speak and have a conversation. How to approach somebody else. So, I’m equally split on that one.

Michael Lonnon

I couldn’t agree with you more. In fact, I was just telling my twelve-year-old to put her phone down and get off those silly videos that they sit there and waste endless hours watching, and actually communicate with the world around her. It drives me bonkers. So, topic of discussion today is fraud. And as an expert in this area I’ll give you a nice easy opening question. Is fraud becoming a greater problem? And if so, why do you think this is?

Sondra Feinberg

I do think it’s becoming a bigger problem because fraudsters are getting more sophisticated. They’re very smart. We always say if a fraudster can take what they know and apply it in an legal fashion, they probably would be billionaires. I do think it’s a bigger problem and I think why is because we as merchants tend to get complacent. We like to stay with what we know and as I’m in the crime prevention business, and I’m presenting these solutions to various merchants, they always tell me well, what we have is good enough, and I think to myself in life, why is good enough just good enough? That’s ridiculous to me.

Michael Lonnon

Do they not think criminals are becoming more sophisticated? Are they aware that their skills are improving all the time and they have better technologies to break into businesses?

Sondra Feinberg

sometimes they’re not aware. And that may come from the top, but the day-to-day analyst is concerned that other technologies may be replacing them. So, they have to do all that they can within their environment, and they take fraud as a cost of doing business, as opposed of turning that around, and maybe making it a profit centre as opposed to a cost centre.

Michael Lonnon

How do you think they could change that thought process of complacency? Of thinking of it as a cost? How could you get the higher ups to think of fraud management as more of a profit generating, or protecting, activity?

Sondra Feinberg

I think they should audit their own results and by doing that shadow test some other innovative technologies against their current solutions of what they’re using today. They don’t have to do anything different, just let those other solutions shadow the processes and see if they can obtain a better result.

Michael Lonnon

Is that how organisations managing fraud prevention better approaching it?

Sondra Feinberg

Yes, because they’re at least open to innovation. They’re open to looking at machine learning, and not just using a rules-based system, for example. So, you have to be able to open your mind and explore the various opportunities for new data inputs that are out there.

Michael Lonnon

Is there a perceived cost? Is that also part of the reticence to embrace more innovative technologies to tackle fraud, is it a cost thing?

Sondra Feinberg

It may be that cost is an issue, but also it is a bandwidth issue. A lot of merchants say that their book is done for the year. That they don’t have enough engineers to work on this kind of thing. As far as a true cost from Microsoft perspective, we offer free proof of concepts, we know the struggle as both being a merchant and a provider of the same fraud technology. We have a little different view on it as it’s a little unique in the market. We do encourage organisations to take advantage of our no cost proof of concept so they can shadow test. Or even do historical data analysis. You don’t have to disrupt the flow, you don’t need an engineer involved and it gives you a good indicator of how your solutions are performing.

Michael Lonnon

That’s a great proposition, and Microsoft’s story behind this is actually quite interesting, isn’t it? If you can give it a sixty second overview, because Microsoft’s fraud solution is something Microsoft developed to tackle problems they were facing themselves, isn’t it?

Sondra Feinberg

Exactly. As you know, Microsoft’s a top 10 e-Commerce company. And about six years ago, we were using third party providers, different device fingerprinting, vendors, things like that. Our executive said, guys, we’re getting killed with fraud, we were Microsoft, we should be able to do better than this. Our engineers came up with an internal solution. We’ve been using it for the last six years. We commercialised it about three years ago, the results were outstanding and personally, I come from the payments and fraud industry for the last 25 years, so when I saw their technology, I just thought to myself, wow, I need to be a part of that because it was a game changer.

Michael Lonnon

If you’re an organisation then and you’ve got a problem, or you think there’s a perceived problem, or perhaps a gap in your defences, how do you go about finding that gap? Or how can you go about being ready to tackle problems as they evolve, because as you say, or as I’ve heard, actually, tackling fraud is like a battleground. As you develop ways to tackle it the forces find new ways, new technologies, new approaches to find new loopholes. So how can companies evolve with those changes as well?

Sondra Feinberg

That’s a great question. I would recommend taking a layered approach because when you’re layering your approach, you’re layering your data and each approach should be able to share the data. For example, if you have an account creation or account signing on your website, then those risks check should speak to your e-Commerce protection as well. Then those risk checks should speak to your Omni-channel purchases, things like people returning goods or asking for refunds, voids, employee discounts. If you have data shared between all three of those categories, it makes you much smarter and it makes you much more likely to stop fraud than if you were working in siloed areas.

Michael Lonnon

Data and Analytics that comes up with absolutely every conversation I have when it comes to technology. But it’s really, really important here as well isn’t it without the information without the data, there’s no way you can spot where the loopholes are where the gaps are in your defences is there.

Sondra Feinberg

Exactly, and we call that the ‘network effect’. When all those different pieces of data are feeding into the same network, obviously in a compliant, and secure way, then you take those network effects, and you look for patterns of fraud within them. Then you’re able to identify where those fraudsters are laying low within your organisation, and how to stop them when they come to the forefront.

Michael Lonnon

Where’s Microsoft’s going next with this then?

Sondra Feinberg

That’s a great question. First of all, most people don’t even know that Microsoft has a fraud detection solution. So that’s good we’re talking about it. We’re very well versed in gaming retail travel fraud, but that next frontier is really employee collusion and anomaly detection. You may think that all your fraudsters are coming from external sources but with COVID and the work from home scenarios, we’re finding more and more employee collusion going on. How do you detect those anomalies that are coming from your point of sale and things of that nature, I think that is the next frontier as well.

Summary

There are smart people out there using technology to do some bad things. And if only they’d put those abilities towards the power of good, they’d likely be doing very well for themselves.

This is the view of Microsoft’s Sondra Feinberg.

But while they put their time to more unscrupulous activities you need to protect yourself.

For this you need intelligent technology that learns and evolves from attacks in other organisations and evolves to match the patterns and behaviour of the fraudsters, so it keeps you protected even if they use new methods to target your business.

I hope you enjoyed this episode, and if you’d like to learn more about fraud management, check out episode 39 in the series with HSO fraud expert Pete Sharp.

BACK TO THE SERIES OVERVIEW