BusinessToday speaks to Ian Holmes, Global Lead for Enterprise Fraud Solutions, and Cheam Tat Inn, Managing Director (Malaysia) for SAS Institute on managing cyber threats from the process of adopting digitalisation.
1.Since the pandemic, many industries have opted for digitalisation. Do you think that digital fraud would be a threat, especially for small scale businesses that may not have good cybersecurity? What can they do about it?
The pandemic has pushed businesses to adopt digitalisation. It is going to be a threat to both large and small businesses. Large businesses are usually targeted by big hacking in terms of data compromising perspective. Hackers use more sophisticated and innovative ways to obtain customer information.
Things such as login credentials are key to be able to access people’s accounts. But they utilise different strategies to exploit the weakness and vulnerability within systems and technology.
They are very sophisticated in their approach and when you have an organisation that is just focused on business digitalisation, it does not have a lot of financial resources to be able to invest in sophisticated software or cybersecurity to protect their business.
I suggest focusing on digitising your business and work with cloud providers or payments companies that have invested significantly in the areas of cybersecurity.
Leave the security and protection to the people who have invested a significant amount of resources in the area while you focus on running your business. You do not have to worry about managing the IT infrastructure.
2.How does digital fraud impact organisations particularly in the financial services industry?
Organisations need to manage the risks by moving from traditional payment types like cash to digital type with mobile devices. It’s very important to protect digital endpoint and to make sure that the impact of digital fraud can be identified.
Once it can be identified, only then it can be reduced. So, digital has undoubtedly increased the speed at which processes can occur. This includes the processing of money. It can also refer to opening an account and having credit facilities available or the ability of the company to offer other digital services.
Identity validation and authentication of customers’ payments are becoming key considerations in the prevention of fraud.
Financial institutions need to be ready to be able to look at digital identities. No more waiting for someone to bring their passport or driving license to a branch to prove their identity. They have to directly integrate with things like Government registers for social security information, employer validation as well as third party data which is available from our devices.
For example, digital fingerprints are unique to us on our specific devices, and these are utilised within the identification process.
3.Compared to other countries in ASEAN, where does Malaysia stand in terms of digital fraud?
ASEAN as a whole has a very young population as you can see from the adoption of mobile phones or subscriptions to the internet. This region has an increasing number of internet adoption.
It is a population that accepts digital payments quite easily and adjusts very well to all the new mobile commerce, digital wallets, and so on.
If you look at Malaysia, its e-commerce market has grown rapidly in recent years. If you look at some of the online sites like Alibaba, you can notice that Malaysians tend to be quite a heavy buyer of products from online sites.
So, this is where the problem starts to come in because you tend to trust more sites when it says enter your financial credentials to allow the transaction to proceed. People normally quite easily accept and key in the details without really thinking if it’s a legitimate site.
With the increase in acceptance of payments and different forms of payments, the younger population that’s driving their adoption of e-commerce or internet growth, that is when more sophisticated hackers will come in.
Credit card fraud used to be one of the major issues for us in terms of fraud. But now people are taking control over your account and moving your money, hacking your e-wallet. We need to be more careful as we increase our adoption of digitalising our business.
4.What are the challenges faced by industries, specifically for those working from home?
We have all had to adapt to working from home. One of the biggest aspects of the pandemic has caused is the threat from scams in the industry and this can affect anyone. Google has indicated that they are blocking 18 million coronavirus scam emails every day.
Hackers are undoubtedly targeting individuals but also through corporate networks. The pandemic is providing new opportunities and in fact, the number of URLs or website domains have increased and there are over five thousand covid-19 internet domain names registered during this period.
It is expected that at least 10 – 15 percent of those will be of malicious or fraudulent nature.
A recent FBI internet crime report lists over 30 different types of scams, and payment fraud scam is top of the list.
5.How has the whole threat of fraud changed for banking customers during this pandemic?
Younger and older people are at greater threat from some of these fraudulent activities. Those are the people suffering from these frauds.
The younger generation is digitally savvy but a little naive. They often submit details to websites without thinking about it. That can often make them victims of scams.
The older generation may be less digitally savvy and are more likely to click on links without thinking of the consequences.
Some of the scams are actually interactive with the fraudsters, as they use a lot more social engineering, where you’ll have people phoning you to get bank details or payment details.
6.Why is data and advanced data analytics critical to overcome digital fraud and financial crime?
There is a lot of information that many consumers do not understand or even know about. It’s not just as simple as looking at the IP address and knowing the location. There is something called user behaviour data which can actually pass to your bank the angle you are holding your mobile phone as you type or key in your verification details.
They can work out which finger you’re typing with, based on the other buttons that you press as you enter your password or login details. It is indicative of those undoubted human errors which could occur amidst these processes.
It can all be stored and utilised in real-time, in order to be able to identify when the next login occurs, if this is a human person making mistake or if it is a similar mistake made before, or if it is in the same angle the phone is held or is it a computer-initiated bot.
The other thing to consider is biometrics, to scan the faces of people. The amount of data that is available for identifying fraud has been increased dramatically with digitisation.
We need the ability to process this data and then pass that data through AI machine learning technologies like what SAS offers.
The key thing here is that, with the strength of the SAS advanced analytics software, is the ability to detect potential fraud before it happens, especially for financial institutes because this may lead to loss of reputation and customers. In some cases, may even put the organisation out of business if the financial loss is significant.
7.Apart from the financial services industry, which are the next top industries that are targeted?
We are seeing a great deal of increase in fraud threats within the retail and the telecommunications industry. These industries have always been the new entry points for fraud.
We also know many of the big names in retail are aggressively trying to complete the full services spectrum including payments for customers. Things like mobile wallets have been provided by some of the telco operators to group all of your cards and allow you to use the digital spending capability of your device.
The other industry is insurance, where there is an increase in suspicious claims due to pandemic.
Next is the public sector, in areas such as tax fraud, using advanced analytics for policing, commercial crime & investigation, and Government procurement integrity.
8.In the process of setting up a business, when is the right time to invest in cybersecurity?
The right time to invest in cybersecurity is in the beginning. Although it is nice to think about the setting of a new business, fraudsters would undoubtedly utilise this as an opportunity to target you and to use your platform to achieve and try out an attempt of fraud.
So, you really need to consider cybersecurity to be there since day one. Cybersecurity is key to ensuring that you protect your reputation and make sure that customers have confidence in utilising your services.
9.How can businesses both big and small tackle issues such as digital fraud and at the same time, who are the right parties to raise awareness on this matter?
From a business perspective, it’s not just the technical issue, it needs the board of C-level members involved in this because it’s a business issue. It will surely affect the Chief Risk Officer and the reputation of the organisation. Therefore, everyone should be involved in this matter.
The enterprise fraud solution can look across all customer channels and is suitable for traditional as well as new digital-first companies regardless of size. It covers the main pillars of fraud detection, prevention, and investigation.
The ability to detect fraud through a powerful analytics engine that will process data as well as the real-time capability in an AI machine learning perspective is going to be key.
They also need to consider the communications with the end-user. So, end-users do not expect a phone call anymore, it’s interactive SMS, emails, or push notifications instead to resolve the fraud.