The threat landscape continues to be ever changing and complicated, and 2017 will be no different. Some attacks that we saw emerge in 2016 will escalate, while new and dynamic fraud attacks will also emerge. As organizations try to stay one step ahead of today’s sophisticated cybercriminals, we will see an increase in adoption of authentication technology, machine learning and probabilistic tools. Organizations will put an increased focus on systematic approaches to information security and anti-fraud. OODA (Observe, Orient, Decide and Act), Cyber Kill Chain and Reflexive Control theory will all serve as guides to risk management decisions, risk measurement and implementation of effective controls. So, what trends do we expect to see in emerging technologies? We break down what you need to know for 2017:
Machine Learning Eats Expert Rules
Internal tests and leading edge vendors prove the value of machine-learning based fraud detection over legacy expert rules. Commoditization of sophisticated machine/deep learning toolchains from Google, Amazon and others only accelerate this trend. We will also see financial institutions take a deeper dive into machine learning and artificial intelligence. Banks of all sizes will increase their adoption of more and more advanced AI tools. Large banks will rely more on their internal data science teams, while smaller banks will look to vendors and FinTech providers to offer AI-enhanced capabilities.
Global Financial Institutions Shift to Passive Session Risk Identification and Analyzing Transaction Data Technology
In U.S. financial institutions, we’re seeing more and more banks interested in the transparent risk assessment of users and their sessions in an effort to minimize friction. This shift to passive session risk identification will be a big trend in 2017 and will also help to improve customer satisfaction in financial institutions.
Biometrics In, SMS-based OTP Out
Authentication was a big trend in 2016, and biometrics authentication, in particular, isn’t going away. Biometrics will no longer be seen as novel in 2017, but necessary. We’ll see SMS-based One-time Password (OTP) become an obsolete technology, but unfortunately it will die slowly.
Increased Use of Probabilistic Tools
Blacklists don’t work to detect threats, and expert rules don’t work to predict risk or to identify fraud. Even though blacklists theoretically approach perfect accuracy over time for the URLs they know, it’s another story for unfamiliar URLs. By design, this problem cannot be solved easily.
Predictive systems should leverage probability and previously learned URL phishing patterns to determine whether to block or allow URLs in real time. Probabilistic tools will continue to redefine how risk is measured, how actions are coordinated and how risk reporting is conducted.
Contactless Payments on the Rise
Paul Wilson, an Easy Solutions Product Manager, believes contactless payments are on the rise for 2017. “We will continue to see a massive increase in the number of contactless payments, particularly in Canada, Australia and the UK. Transactions are happening pretty much transparently, causing customers to want to keep tabs on their spending through mobile applications like Push. Shopping is easy, so authentication and fraud checks need to get easier too.”
Brand Protection More Critical Than Ever for Businesses
In the 1st quarter of 2016, an average of 56 percent of phishing URLS contained some form of the target name. “Cybercriminals mimic legitimate brands by imitating logos, emails, websites and mobile applications -- and they’re not going to stop in 2017,” said David Lopez, Easy Solutions’ LATAM Sales Director. For example, fraudsters spoofed a major Peruvian bank by making a fake Facebook page that linked to a phishing website. This type of brand abuse smears the reputation of organizations, damages consumer confidence and causes economic losses all over the world.
Companies in every global region need to gain control of their brands and images by keeping a watchful eye on social media, establishing domain monitoring, protecting email channels and removing rogue mobile applications.
Mobile Fraud Will Expand Around the World – Especially in Asia
Until recently, language barriers often protected Asian countries such as Japan, China and Korea from many of the well-publicized mobile attacks that plagued the United States and Europe. However, that is no longer the situation. Masafumi Hatakeyama, Easy Solutions’ Business Development Manager for Japan, says as more people turn to mobile banking, fraudsters will continue their attempts to expose digital banking channels in the Asia region and beyond. He predicts fraudsters will use more sophisticated attacks, like variants of the Acecard malware, to steal sensitive information.
It can be frustrating to feel like fraudsters are always one step ahead of your preventative technologies. But as much as 2017 will bring new threats, it is clear we are also in the early stages of being able to leverage deep learning from larger data sets than were ever previously available to help anticipate some of these attacks. And that should help us all sleep a little better at night.