The world of fraud prevention (and information security in general), is characterized by an arms race between the good guys and the bad guys. Security companies and financial institutions develop solutions, procedures and policies to thwart fraud attempts, while fraudsters develop the tools and techniques to circumvent these systems. If a certain fraudulent activity is observed, companies react by customizing the systems, or inventing new ones, to identify and prevent the recurrence of this activity.
This characteristic, though, isn’t limited to fraud prevention alone. Other worlds are similar, in which the bad guys try to come up with innovative ways to circumvent the systems that try to identify and stop them, so they could cause damage. Take the world of counter terrorism, in which bad guys try to come up with next-level ways to sneak bombs onto airplanes (and sometimes succeed), while those who try to prevent them from doing so create new (and sometimes intrusive) ways to identify them. The similarities between counter terrorism and fraud prevention don’t end there. The systems built to detect and stop the bad guys are also similar, sometimes even identical.
Take the customs office, for example. In various ports around the world, a staggering amount of containers arrive and depart all the time. Customs officers can only inspect a miniscule percentage of these containers for anything illegal and malicious. Therefore, whenever they do get around to checking a container, they need to make it count. This is done by building a profile on each importer and exporter – who does s/he normally trade with, what kind of goods are usually in the container, etc. Only when a computer system detects that a certain container does not meet a certain profile will the customs officers spring into action and inspect the container.
If this sounds familiar to you, it’s because the same exact method is used for detecting fraud in online banking. All you need to do is replace “container” with “money transfer” and “customs officer” with “fraud analyst.” In the political island of Israel, the police busted one of the biggest drug shipments in the country’s history using such a system. However, the system can (and probably is) used to identify potential smuggling attempts of firearms bought for malicious intent. Such a system could have identified the famous “toner bombs” and other concealed shipments of armaments would also face a challenge going through customs that use such a system.
Another example is WeCU Technologies, an Israeli start-up that is building a technology to identify terrorists by asking them simple questions such as “Are you a terrorist?” The automated system reads biometric signs to detect how the person being tested is reacting, identifying possible intent for malicious activities. The technology automates and improves a similar procedure already in place at Israeli airports, in which security officers question all passengers about their intent, searching for certain reactions that may indicate nefarious intents.
How can this help fight fraud? Consider using the same thought process that banks follow in order to identify money mules interested in opening bank accounts. The limitation of such a system is fairly obvious – bank tellers are not trained Israeli security officers and cannot be expected to pick up any suspicious reactions. Automated systems developed by WeCU, however, can. While cost-benefit and ROI considerations may prevent these systems to appear in the nearest branch any time soon, they still serve as an example of how technological innovation can be used to better mitigate fraud.