The 2018 clock is already ticking away. Have you made a start on your fraud-fighting resolutions? We asked some folks here at Sift Science to look into their crystal balls and offer up some fraud predictions – and to weigh in on what trust and safety priorities they think businesses should focus on in 2018.
Priority 1: Account takeover and breaches
“In 2018, I predict that at least five fortune 200 companies will be the victim of a data breach, resulting in the firing of their CTO, CSO, or CISO.”
— Kevin Lee, Trust & Safety Architect
Kevin isn’t a pessimist; he’s a realist. Last year, we predicted there would be at least 12 major data breaches. And sure enough, in 2017 we saw breaches at a variety of institutions including Sonic, Oxford University, NYU, OneLogin, Bell Canada, and – of course – Equifax.
But what does this trend mean for the average online business? You may be investing in patching security bugs and educating employees about how to spot phishing emails. But are you taking precautions against account takeover (ATO)?
As our CEO Jason Tan says, “When another company is breached, you may not think that it could affect your own. But you’d be wrong because the downstream consequences of a breach – ATO – can be extremely damaging to other companies and their users.”
Which leads us to another theme that was echoed by many on the Sift Science team:
“ATO will become a tangible threat this year. Companies that have only had to deal with ATO on a one-off basis or not at all will now have to more accurately measure and track these instances. Dedicated teams and policies will be created.”
— Kevin Lee, Trust & Safety Architect
“New-user fraud detection is becoming increasingly strong, so fraudsters are looking for a new way to cash out: account takeover. They will increasingly try to exploit the trust that companies have in known good users, to evade legacy fraud-prevention systems.”
– Vishal Arya, Product Specialist
There’s a reason why ATO made our predictions list for the second year straight: it’s an imposing threat that just keeps growing. And writing complex rules to keep out bad actors, or asking good users to constantly verify their identities, just isn’t a sustainable solution.
Priority 2: Content abuse
Fake content is one of the most troubling types of abuse, with widespread and disturbing effects on consumers and businesses alike. Last year, content abuse vexed all of the major social networks – and we highlighted how the FCC’s website was flooded with fraudulent comments on net neutrality.
But what about scams? We work with a number of customers – from Zoosk to Airbnb – who are powered by user-generated content like profiles and listings…which can be ripe for abuse. “Fake news” may have been a buzzphrase of last year, but garden-variety scammers who try to take advantage of innocent renters, daters, jobseekers, and buyers are still going strong.
Vishal Arya, a Product Specialist who helps marketplaces and social communities beat their content abuse problems, says: “What I like to call ‘indirectly monetized fraud’ will rise in 2018. Instead of credit card fraud, criminals will increasingly monetize through scams (like dating site listings and identity theft on job sites) that have a low hit rate but pay large dividends when they do succeed.”
Going further, Vishal predicts that “Fraudsters may even try to get you to visit sites or to download malware that uses your personal computer’s processing power to mine obscure crypotcurrencies that they can sell on exchanges.”
Priority 3: New regulations
If you do business in Europe, chances are you’ve already had regulations on the brain for quite some time. We’re referring to PSD2 and GDPR, two initiatives that have one thing in common: they aim to keep pace with new technologies.
Our own risk and compliance lead, Erica Schild, knows first-hand how these regulations will massively change the financial landscape for both merchants and vendors.
“Compliance will be on the forefront for many companies,” Erica explains. “The security safeguards rule in PSD2 provides benefits to companies that can use real-time, adaptive methods to prevent fraud – so financial institutions in Europe will be looking for technologies that can provide that.”
Meanwhile she adds that “regardless of where you do business, contemplating compliance with the EU’s new privacy regulation, the General Data Protection Regulation (GDPR), will be required of all vendors and their vendors’ vendors in 2018. This means that companies should consider the impact of European models of data protection and privacy on their products and operations. Doing this well will help businesses earn the trust of their customers.”
Priority 4: Better fraud-fighting technology
At Sift Science, technology is at the heart of so much of what we do. Our Live Machine Learning powers the entire Sift Science Digital Trust Platform, trusted by thousands of sites and apps worldwide. So it makes sense that our team of engineers are laser-focused on staying ahead of technologically sophisticated fraudsters. That means studying trends in fraud.
“Fraudulent behavior is looking more and more ‘clean.’ For example, techniques for faking images and video are getting more sophisticated, so fraud prevention solutions will have to keep pace.”
– Jacob Burnim, Principal Software Engineer
“There’s going to be more and more auto-generated fake content, generated by deep learning algorithms. A huge amount of the net neutrality comments are fake, for example -– and this is only going to grow. You can’t necessarily pinpoint a fraudulent comment just by reading it. It’s going to look ‘real.’ Instead, you need to analyze large amount of text and go beyond text by looking at behavioral data.”
– Keren Gu, Machine Learning Engineer
Looking to get your anti-ATO strategy ready for the new year? Download our free guide.