In Chapter 5 of our “Fraud Fighters Manual for Fintech, Crypto, and Neobanks,” Zack Pierce, Risk Operations Lead at Lithic, covers the main types of fraud detection and prevention solutions, and what makes them so viable.
He dives into the pros and cons of rules engines, machine learning solutions, data enrichment tools, and data consortiums. He also covers best practices for transaction monitoring and looks towards the future of fraud detection and prevention.
In this installment of our Fraud Fighters Manual: Community Insights, we explore a recurring concept that respondents brought up when discussing fraud detection and prevention strategies—the importance of thinking like a fraudster.
We discuss this, and how risk professionals can leverage this mindset to move from fraud detection to fraud prevention.
Think Like a Fraudster
The best fraud prevention professionals can think like a fraudster. It’s just a state of mind. You look at your own processes and try to find ways to overcome them.
One of the best ways to actually detect and prevent fraud comes down to thinking like a fraudster. This is especially true of prevention. It’s nearly impossible for teams to effectively prevent fraud without being able to think like a fraudster and really consider how they’d attack you, what systems they’d target, and what loopholes they’d look to exploit.
It’s also imperative that this process happens before launch so that teams can anticipate potential fraud and have prevention measures set up from the beginning. As Shivi Sharma, Data Scientist at Varo, says, “it is important to identify any loopholes in the products before product launch and have anomaly alerts set up to act fast and prevent fraud from scaling.”
Pratik Zanke, from PayMate, echoes this sentiment, stating that “having detailed knowledge about the product is the first step.” Once you understand the product, your risk team can begin to understand how it may be attacked, exploited, or manipulated and begin working on strategies for protecting it from those threats.
Pratik says that “a Fraud Fighter can ‘think like a fraudster’ by understanding their tactics, motivations, and how they exploit system vulnerabilities.” He emphasized that Fraud Fighters can use this mindset to “stay proactive, anticipate risks, and improve fraud detection mechanisms, ultimately protecting against emerging fraud techniques.”
And ultimately, this mentality goes a long way in helping teams focus on fraud prevention (and not just detection) efforts.
Moving From Fraud Detection to Fraud Prevention
If you’re struggling with the shift from fraud detection to fraud prevention, don’t fret—it’s a common challenge for organizations.
In fact, according to leading fraud experts who contributed to our State of Fraud and AML Report: Volume 2, moving from fraud detection to fraud prevention was the third most important challenge for risk teams when it comes to fraud, with 61.6% of respondents saying it was a priority for them to figure out in the next twelve months.
Risk team’s inability to think like a fraudster is often what’s holding them back from making this shift. The fact is, to actually prevent fraudulent behavior, you need to be able to anticipate fraudsters’ next move.
As we covered in the Fraud Fighters Manual, fraud detection is reactive, teams are stuck retroactively responding to fraudulent behavior. Fraud prevention, on the other hand, is proactive. Teams are leveraging as much data as they can to identify potential signals of fraud—and then act before the fraud actually occurs.
It’s awfully challenging to predict fraudulent behavior if risk professionals can’t actually consider what a fraudster would do (or how they would do it). For this reason, user behavior monitoring and data enrichment are invaluable tools, especially when combined. With these tools at their disposal, teams can set up alerts that will allow them to step in and prevent fraud based on detected anomalies.
That being said, risk management teams need to start somewhere. As Zack Pierce states in our Fraud Fighters Manual, “fraud detection is reactive, and it’s typically where you start off because you're learning about your product and how it can be abused. I think fraud prevention is when you shift to being more proactive, so you know what you’re looking for, and you can look for the early indicators of it.”
And then, you can use these early indicators to root out the fraudulent behavior and (when appropriate) the fraudsters themselves. In many cases, teams can’t actually focus on prevention constructively until they’ve worked on detection. Over time, teams identify their organization's greatest threats regarding volume and impact and can then leverage that information into prevention strategies.
Fraud prevention isn’t only about actually stopping fraudsters in action—it’s also about deterring criminals from attempting fraud in the first place. And this can be done in some rather innovative ways.
Remember, think like a fraudster. As Pierce says, “fraudsters are running a business. One thing I like to do is figure out the most expensive part of their business model and then make it more expensive. It makes you much more unattractive to them.”
Even if fraud is getting through, the more you can do to make it challenging (and costly) for criminals, the less appealing you’ll be to them, drastically reducing attempts.
Use A Fraud Prevention Solution That Lets You Truly Think Like A Fraudster
Detecting and preventing fraud starts with having the right frame of mind.
When trying to detect and prevent fraud, risk professionals need to start by thinking like a fraudster. Without being able to get in the mindset of a fraudster, it’s extremely difficult to truly understand their behavior—let alone predict it before it happens. If risk professionals can master this, it will allow teams to move from simply detecting fraud to actually preventing it.
Risk teams need a risk management infrastructure that offers high-quality transaction monitoring, a tool that’s essential for not only detecting fraud but also developing prevention strategies. Monitoring user behavior for anomalies allows organizations to step in and stop transactions when they seem suspicious and even perform predictive modeling to anticipate potential attacks using proactive detection techniques.
Sharing information with other companies via data consortiums is also an ideal option for shifting towards prevention. By sharing details about individuals and entities that have already shown suspicious behavior, companies can make decisions about onboarding users before ever having to expose their platform or service to them.
Consortium participants share their data in return for the other participants’ data, allowing them to jump directly to prevention for higher-risk customers. Risk management teams can use this information to identify their biggest risks before doing business with them, significantly reducing risk exposure.
Our Fraud DAO does just that. The Fraud DAO is a decentralized network of financial institutions that pool data to identify fraud before it proliferates. Today, we have processed over 12% of the adult population in the US.
That’s not (quite) it, we’ve got one more chapter to go! Check out Chapter 6—How to Build and Manage an Effective Risk Operation. In it, we discuss the challenges of getting leadership buy-in for risk operations and meaningful cross-departmental collaboration. We’ll explore these challenges, and identify ways teams can build risk operations that get high-level executives, product development teams, and the entire organization on board with risk operations.