One of the hardest responsibilities to tackle when
it comes to fraud management is identifying and anticipating emergent attacks that
seek to exploit your security controls. When I was in charge of rooting out
fraud at a well-known financial services company, I spent a lot of time and
money designing and deploying fraud solutions, as well as establishing
proactive mitigation efforts to help identify threats in their planning stages.
I know what it’s like to be on the client side of the fraud protection fence,
regularly evaluating tools to see which ones are effective and which are a
waste of time and money.
Gathering online brand intelligence is not a new concept, but it is something that many fraud organizations are just starting to look at due to the requirements set forth by the recent FFIEC guidance. There are a number of companies focused on helping others with patch management and checking for software exploitations, but few monitor for fraud threats related to bypassing controls, policies, or review processes. Cybercriminals know this, and are often able to take advantage of vulnerabilities in these areas with comparatively few obstacles thrown in their way.
At the time, my organization initially established a security intelligence department to identify and remove exploitations of a new account opening process, which permitted account applications to be queued even if they had no chance of being opened. This wasn’t necessarily a fraud concern, since the threat detection process was working smoothly on the back end. But it did artificially inflate my operations team’s workload, costing my organization time and money to remove these bad applications.
Once we started scouring the Internet to search for and remove these exploits, we serendipitously found a large number of social media discussions related to stolen debit cards, credentials for sale, targeted DDoS attacks in their planning stages and brand abuse cases on Twitter and other platforms. Many of our legitimate customers were also followers of fake accounts impersonating our brand, and could have easily been tricked into clicking the shortened URL links they contained to unknowingly access malware drop sites or phishing pages.
Proactively identifying these fake accounts, getting them removed from the Internet, and protecting my customers from falling for these scams had a positive affect on my account takeover numbers and helped resolve many customer complaints about fake e-mail and media campaigns. And to think, the social media intelligence was lying in plain sight, just waiting for the right tools to decipher it.
If you were not performing thorough Internet searches for evidence of malicious intentions against your brand before, the new FFIEC guidelines mandate that your organization do so now. While it can be tempting to simply check off all the regulatory boxes just to maintain compliance, organizations should see this new guidance as an opportunity to further safeguard their reputation and bottom line. Once a program for collecting brand intelligence is in place, it becomes very effective at taking down previously undetected threats, helping your fraud teams to proactively stop attacks and reduce customer-related compromises and losses.
Gathering online brand intelligence is not a new concept, but it is something that many fraud organizations are just starting to look at due to the requirements set forth by the recent FFIEC guidance. There are a number of companies focused on helping others with patch management and checking for software exploitations, but few monitor for fraud threats related to bypassing controls, policies, or review processes. Cybercriminals know this, and are often able to take advantage of vulnerabilities in these areas with comparatively few obstacles thrown in their way.
At the time, my organization initially established a security intelligence department to identify and remove exploitations of a new account opening process, which permitted account applications to be queued even if they had no chance of being opened. This wasn’t necessarily a fraud concern, since the threat detection process was working smoothly on the back end. But it did artificially inflate my operations team’s workload, costing my organization time and money to remove these bad applications.
Once we started scouring the Internet to search for and remove these exploits, we serendipitously found a large number of social media discussions related to stolen debit cards, credentials for sale, targeted DDoS attacks in their planning stages and brand abuse cases on Twitter and other platforms. Many of our legitimate customers were also followers of fake accounts impersonating our brand, and could have easily been tricked into clicking the shortened URL links they contained to unknowingly access malware drop sites or phishing pages.
Proactively identifying these fake accounts, getting them removed from the Internet, and protecting my customers from falling for these scams had a positive affect on my account takeover numbers and helped resolve many customer complaints about fake e-mail and media campaigns. And to think, the social media intelligence was lying in plain sight, just waiting for the right tools to decipher it.
If you were not performing thorough Internet searches for evidence of malicious intentions against your brand before, the new FFIEC guidelines mandate that your organization do so now. While it can be tempting to simply check off all the regulatory boxes just to maintain compliance, organizations should see this new guidance as an opportunity to further safeguard their reputation and bottom line. Once a program for collecting brand intelligence is in place, it becomes very effective at taking down previously undetected threats, helping your fraud teams to proactively stop attacks and reduce customer-related compromises and losses.
No comments:
Post a Comment