Fraudsters continually find new ways to attack, but too many organizations rely on old, unsuccessful methods to detect and prevent fraud. This is the premise, says David Mattos, VP Sales, with Easy Solutions.
It's time to break the traditional fraud lifecycle and explore new strategies for fighting these ever-evolving crimes, Mattos says.
In a video interview recorded at RSA 2014, Mattos discusses:
- Why current anti-fraud strategies are ineffective;
- The potential pitfalls of regulatory compliance;
- How to break the fraud lifecycle.
Mattos brings more than 20 years of senior sales technology leadership to Easy Solutions, along with a deep understanding of how to drive incremental revenue through direct sales, the channel, and strategic alliances. As Vice President of Sales for the US and Canada, he is responsible for the effectiveness of the company's direct sales force, finding and securing new channel and partnership opportunities, and defining sales strategies that fuel growth and new opportunities for Easy Solutions' portfolio of advanced fraud prevention solutions.
Break the Fraud Lifecycle
TOM FIELD: Tell me a little bit about the current approaches to fraud prevention and why they are ineffective?
DAVID MATTOS: Most companies will develop a strategy based on things they already have in place, or solutions they've acquired over time. They will have a vendor for farming, phishing, malware, and for transactions anomaly detection. The trouble is, these solutions really weren't designed to work together. It's really trying to put something together that wasn't meant to be together. The best approach is actually disrupting fraud in all the stages that it occurs. It's actually a system of shared intelligence across the lifespan of fraud. It's a view that probably most financial institutions don't have today. Fraudsters realize that, and they actually exploit it and take advantage. The same is true with cross-channels. Banks and financial institutions provide a lot of convenience to users today. They can interact via IBRs, mobile devices [and] the web. The trouble is most institutions don't have that view of fraud across all those channels. If you look at fraud today, typically it jumps from one channel to another. Fraud may begin on the web, it will adjust to a mobile device and get executed in cash-out in the ATM. Fraudsters realize that financial institutions don't have that cross-channel view of fraud, and they actually exploit it and use it to cover their tracks.
Addressing the Fraud Lifecycle
FIELD: How are some of your customers addressing the fraud lifecycle to detect and deter fraud?
MATTOS: Our customers understand that you have to have a view across the channels and from end-to-end. We like to call it "Total Fraud Protection." And it's the only system that really disrupts fraud in the places that it occurs; planning, launch and cash-out. It's unique in that we share data and intelligence kind of across that full spectrum. We actually take it a step further and look at all of that across channels. What we end up giving our customers is a view across the channels and end-to end across the different layers where fraud occurs.
Relying on Regulatory Compliance
FIELD: I've got to ask you what I think is a loaded question. What are some of the advantages and disadvantages of relying on regulatory compliance to fight fraud?
MATTOS: We have to comply. It is a viable alternative because it's something that we have to do. On a stand-alone basis it's really not effective. The fact of the matter is, fraud is constantly evolving, constantly changing. Regulatory compliance is something that is relatively reactive. The upside is you can tell your customers you comply. The downside is that you have gaps in your strategy; you have gaps that need to be addressed. Most institutions that we work with today for that reason take it a step further, and are looking at fraud much more strategically from the standpoint of their organization and how their customers transact. Cyber criminals are smart, they are very clever; they are always going to find a way around the next gate that you set up. Regulation, on the other hand, is somewhat reactionary. Once it is approved, the fraudsters already have the key for how to get around it. So part of our company mission has to be compliance. We have to help our customers comply with the guidance that is out there, but we also have to take it a step further. We have to help our customers stay one step ahead. So, we invest in total fraud protection. We try to stay one step ahead of the game ahead of the fraudster to obviously beat them; that's a challenge.
FIELD: We're aware that fraud is something talked about not just at the security level, not just at senior management level, but at the board level. Where do you find fraud decisions are being made within organizations now?
MATTOS: Today there is obviously, like you said, a lot of press, a lot of publicity, high-profile cases that have come out in the media of late. What we're finding is these conversations are really being taken to the top. Many times CEOs are involved in these conversations. Typically the drivers for security tend to be the CISO or CIO. That group tends to be focused on making recommendations for solutions, but the approvals are coming from the highest levels of the organization. Now while we have to look at it from a security perspective, there's a whole another approach to this as well, which is the enablement. Users are demanding a lot more functionality, a lot more options and features of mobile banking for instance. What we're finding now is that the line of business is getting very involved early on, because they are designing these new systems, new approaches, and the security has to be already thought of prior to releasing these new features and methods to transact. We're working a lot with the line of business as well from CEO, COO level on down.
FIELD: If you could identify one thing that organizations could be doing better to fight fraud, what would that one thing be?
MATTOS: It's looking at fraud systematically and looking at it end-to-end and across the various layers and channels where users transact. It's really the most important thing about risk intelligence. It's being able to share that risk intelligence across the lifecycle and across the channels where your users transact.