Skip to content
All Blogs

6 ways to defend against evolving cyber and fraud attacks

Author: Laura Ballam


It’s tough to figure out what’s real these days. We are, after all, in the age of deepfakes and ChatGPT - where videos can be doctored, and journalistic-sounding articles can be written by bots. These technological advances make it harder than ever to recognize real human actions vs. machine-led events. Cyber and fraud attacks are growing more common and more intelligent, and it’s harder than ever to identify real customers from fraudsters. For example, an online purchase can look like it was made by a real customer when the transaction was actually completed by a bot.

How can we protect ourselves, our businesses, and our people at a time when fraud has become so hard to tell apart from the real thing? The answer is by adding a powerful layer of defense that leverages robust first-party data capture and comprehensive identity resolution.

Today, fraud affects more organizations and consumers than ever. In fraud expert Frank McKenna’s latest top 10 predictions, he projects 2023 will bring serious challenges in the fight against fraud. These educated predictions include check fraud pushing banks to the breaking point, soaring attack rates on digital channels, merchant fraud losses spiking, and an increase in fraud-related defaults — especially as fraudsters leverage bots and other AI tools.

At the same time, banks and financial institutions are being held increasingly responsible for protecting consumers from these attacks, like being required to reimburse scam victims. This will come at a huge cost unless they can reduce fraud losses, and it’s a big motivator for businesses to step up fraud prevention strategies and show they’re capable of effectively and quickly curbing cyber and fraud attacks.

A single type of fraud system isn’t enough in today’s complex world. The best approach to countering increasing cyber and fraud attacks is a multi-layered fraud defense solution that layers many different elements and unifies them into a comprehensive solution that protects you from all angles. Let’s take a closer look at those predictions, and how first-party data capture and real-time identity resolution can deliver an effective defense in the fight against evolving fraud.

  1. Curtail online fraud and money mule scams

Mail-related check fraud is increasing. To fight against this type of fraud, banks need ways to protect themselves and their customers — such as pushing consumers to alternative money transfer options like online bill pay and Zelle. Unfortunately, instant transfer tools like Zelle have their own fraud issues which need to be addressed. Financial institutions can also reduce the success of check fraud by impeding money mules and walkers — real people who use legitimate or fake bank accounts, to deposit illegal or fraudulent funds.

To actively prevent money mule scams and reduce check fraud, a comprehensive, real-time fraud prevention solution is the only answer. By leveraging an end-to-end solution that captures all customer and fraud-related information, banks can analyze data and patterns at a deep, granular level. This enables institutions to build comprehensive identity profiles of customers, connecting their personal identifiable information (PII), historical activity, and behavioral biometrics.

With comprehensive ID graphs that capture all customer behavior and interactions, it’s much easier to identify and sound the alarm on activities that don’t fit the norm. Behavioral biometrics are especially key in identifying money mules and direct-pay fraud. When a customer seems to be engaging in unusual behaviors and activities, banks can catch the anomaly right away by comparing “me vs. me” and take immediate action to stop potential fraud.

Even when a single transaction doesn’t look suspicious on its own, a comprehensive fraud prevention solution can identify multiple transactions that look suspicious when viewed in aggregate, while also tracing mule accounts to bigger schemes. With a multi-layered approach, banks and financial institutions can spot bigger patterns of fraud that may involve entire mule networks or criminal organizations.

  1. Defend against sophisticated bots and AI

Online banking and shopping have brought convenience and simplicity to both organizations and consumers. Unfortunately, these innovations also open the door to online fraud and attacks.

Today, cyber criminals use smarter bots than ever, some of which can perform complex transactions on their own. There are bots that can even pull off account opening fraud, creating new bank accounts from start to finish by fooling the security measures of financial institutions into believing real people are signing up as customers. Bots have evolved in sophistication to the point that some companies like Discover have pulled back on digital products because they were too heavily affected by online fraud. More banks are expected to follow suit in the coming months.

Advanced deepfakes and AI can even bypass typical fraud detection and identity verification systems that rely on solutions like facial recognition and password authentication. Passwords can be stolen, and facial recognition fooled – in short, all copyable and imitable authentication features are bound to fail.

As sophisticated as they are, AI and bots can’t fake behavioral biometrics — which include an individual’s unique way of interacting with their devices, such as their typical swipe direction, push pressure, or typing speed. These personal traits and habits of each person can’t be mimicked by bots because they’re highly unique and create a collective portrait of an individual’s digital identity rather than a single factor. It’s like digital body language - imagine trying to copy the exact speed of someone else’s mouse movement down to the millisecond. Not likely. And if a human can’t do it, a bot can’t be trained to do it either.

Behavioral biometrics is an essential component of a multi-layered approach to fraud prevention. It successfully detects and prevents fraud attempts by even the smartest bots, catching the fraudster before the fraud. By providing proper cross-channel, cross-domain data capture and behavioral biometrics on both legitimate and fraudulent activities, financial institutions can solve identity verification issues and figure out which activities are performed by real customers vs. bots - no matter how sophisticated.

  1. Break down silos and fight coordinated attacks

Legacy fraud management systems are known for creating a lot of false positives, creating too many hassles and delays for legitimate customers. Why? These legacy systems are ultimately third-party systems that sit outside a company’s own security layers. As a result, encryption issues and data sharing challenges are common. A company’s important customer and security data is often separated into different silos that don’t communicate with each other.

In contrast, a comprehensive fraud solution sits within a company’s own system. This means all data can be shared quickly and frictionlessly without struggling to bypass firewalls, encryption systems, or other security measures. Capturing data as part of the company’s internal data system enables more comprehensive data to be captured and contextualized in real-time, so it can be leveraged immediately and in full. This provides a cross-departmental view of what’s happening and removes the limitations of typical data silos and black boxes that plague less sophisticated fraud tools. As bots grow smarter, having a comprehensive, birds-eye view that quickly analyzes all the activity happening in all sectors of the company is essential.

Fraudsters today take advantage of every weak spot and hole they find, whether they were created on purpose or by chance. By using each small weakness as an opportunity for fraud, these scammers can piece together bigger attacks that come from multiple directions against multiple systems.

These kinds of coordinated, multi-pronged attacks are tough for partial or disconnected fraud systems to detect. Only an FDP with a complete view of everything that’s happening can put the pieces together to figure out the connections between small, seemingly unrelated events.

  1. Reduce merchant losses due to BNPL and card fraud

 Vendors of goods and services are fighting a two-sided battle these days. On one end, credit card fraudsters continue to steal from merchants at high rates, using increasingly harder-to-detect methods — especially through buy now pay later (BNPL) programs. On the other, credit card companies are making it tougher for merchants to win fraud chargeback claims. Visa, for example, plans to change its rules in April 2023 to require “compelling evidence” to prove a cardholder used their credit fraudulently. This will likely mean a spike in fraud losses for merchants.

A multi-layered fraud prevention solution that leverages real-time data capture can prevent this spike by stopping fraudulent transactions in their tracks. Unlike many fraud detection tools that only sound the alarm after a cyber or fraud attack has already happened, real-time fraud prevention captures deep, nuanced information about the behaviors of real account holders and how they differ from those of fraudsters — and can stop fraud in real-time.

For example, the legitimate owner of a BNPL account will use a different typing speed, copy-paste habits, or IP address than a fraudster attempting to sign into the same account. By immediately detecting these differences, organizations can prevent BNPL fraud, shutting down fraudsters before they successfully complete any illegal activities.

Leveraging real-time data and behavioral biometrics to prevent fraudulent transactions enables merchants to reduce not only fraud losses, but also the time and effort required to contest those transactions with credit card companies.

  1. Mitigate friendly fraud

In addition to cyber and fraud attacks by professional criminals, banks and merchants must deal with first-party fraud and defaults — in other words, friendly fraud. These events are caused by legitimate customers who either obtain goods, services, or money through fraud - or intentionally default on their payments.

An economic downturn tends to increase friendly fraud because financial struggles can incite people to use fraud as an easy way out. As a result, first-party fraud and defaults are expected to become a bigger problem during the recession. Unfortunately, this type of fraud is especially difficult to detect because the transactions involve legitimate customers.

To reduce friendly fraud, businesses must use a first-party fraud solution that captures comprehensive customer data to create complex, individual profiles. Creating a robust identity graph for each customer, including every digital interaction from all devices, delivers insight into what behaviors are normal for any individual. So, when irregular actions take place they’re immediately flagged.

This customer understanding also empowers businesses to spot trends. When seen in the context of everything else a customer is doing, a single seemingly-innocuous transaction — i.e., switching to make all purchases through BNPL programs or claiming lost packages — may be flagged as a risk.

  1. FDPs provides stronger identity resolution

Although some legacy fraud management systems claim to use customer identity profiles to fight fraud, most solutions can’t offer a complete picture that captures all interactions across digital channels and domains. These solutions are either siloed and can’t persist identity from one fraud prevention system to the next, or are stuck in a black box with no connected identity at all. For identity resolution to be effective, it must track all user activities —from behavioral biometrics to shopping habits.

In contrast, a multi-layered fraud solution will build robust identity profiles, stitching together first-party data across multiple devices, domains, channels, and over time for true identity resolution. Critically, this includes before, during, and after sign-on – not just once the user is authenticated. There’s a ton of valuable intel that can be gathered when a visitor is navigating your site(s) that can be used to resolve identity - or highlight potentially fraudulent activity.

This means organizations can accurately detect legitimate activities and pinpoint fraudulent ones in real-time. A user who starts creating an account with one of your websites, then jumps over to create a different account on one of your other properties with different information, will be quickly discovered and can be stopped before the damage is done.

Fighting fraud is a challenging task in a world where fraudsters use increasingly sophisticated tools and launch multi-pronged attacks on multiple fronts. To truly defend against cyber and fraud attacks today, businesses must go beyond limited or partial solutions and invest in a unified, end-to-end fraud prevention solution that drastically enhances existing fraud detection and risk management tools.

Subscribe to our blog for regular updates!