In 2022, for the first time in 5 years, the number of crimes committed using the Internet has decreased: in 2021, there were just over 271 t...
In 2022, for the first time in 5 years, the number of crimes committed using the Internet has decreased: in 2021, there were just over 271 thousand cases, and in 2022 - 249 thousand. One of the reasons for the decline can be called the increase in the efficiency of anti-fraud systems. Thanks to machine learning and other technologies, they identify threats and stop attackers faster. How anti-fraud systems are arranged and who is protected, said Vitaly Fomin, information security expert of the Digital Economy League.
What is antifraud
Fraud is any fraudulent operation in the field of information technology, for example, theft of personal data. Fraudsters cause serious damage to companies and people, so both parties are interested in protection. But if users can only remain vigilant and not fall for tricks, then companies have more tools to counter.
Systems that help prevent fraudulent transactions are called antifraud. They work on the basis of machine learning: they investigate transactions, find hidden connections and thus identify new types of fraud.
The analysis is carried out on the basis of previously found fraud schemes, as well as the behavior of the user and the alleged fraudster.
The mechanism of antifraud can be explained by the following example. Let's say a person transfers money through a bank application. Before the payment is sent to the addressee, it goes to the antifraud for analysis. The system evaluates it. Isn't the amount too big? Does the user transfer large amounts in a short period of time to new accounts? Are there any attempts to withdraw money from the account simultaneously in different cities?
A suspicious transaction will be blocked, and the client will be asked to go through a check: enter a code from SMS or even make a video call with a bank representative. If the operation is confirmed, the bank will execute it. If not, the process will be suspended until the circumstances are clarified.
Who is protected by antifraud
First of all, antifraud is necessary for banks, but not only - such systems protect all organizations that accept payments, store, or transfer customer funds. These are telecommunications companies, online stores, gaming services, and payment systems.
Sometimes fraudsters use the equipment of telecommunications companies: they gain control over the subscriber station and transfer traffic without paying the operator for services. Attackers can hack subscribers' personal devices and infect them with a virus. Finally, sometimes they create unregistered communication channels on someone else's equipment.
Fraud is also common in online commerce. For example, scammers order goods and then issue a refund at the bank under the pretext of losing the card. Often, attackers create fake online stores and collect confidential information with their help.
Antifraud helps to identify phone scammers. In 2022, thanks to anti-fraud systems, the number of potentially dangerous calls to phone numbers with codes 495 and 499 decreased by almost 70%.
Anti-fraud systems are useful for both organizations and their clients. They protect user funds and data during online purchases and bank transfers. For companies, they help protect funds and confidential information, and protect their reputation: if an organization prevents fraud, it is more trustworthy.
Types of antifraud
There are two types of antifraud: transactional and sessional.
The former work only with payments, for example, they detect the transfer of money to scammers' accounts or stop a series of large debts. Such systems do not cover all vulnerabilities because they do not own data about the device and user behavior.
Session antifraud analyzes actions, including mouse movements and keystrokes. They know everything that is hidden from the transactional antifraud but do not have access to payments. They can be deceived by new users due to a lack of data about their behavior in the system.
Most effectively, two types of antifraud work in tandem.
Why antifraud is sometimes wrong
Anti-fraud systems take into account security filters, behavioral analysis, machine learning, and risk assessment. They have basic sets of rules inside, but they are not enough. Security filters should be adjusted regularly according to new data.
Errors in the system occur due to incorrect filter settings or atypical user behavior. To reduce the proportion of false positives, operations are divided into categories within the system, and suspicious ones are sent for additional verification.
Sometimes scammers manage to bypass antifraud. For example, with single-factor authentication, some systems will not detect fraud - two-factor authentication is much safer.
The future of anti-fraud systems
Fraudsters regularly invent schemes based on advanced technologies. Security professionals are not far behind: they study the identified methods of deception and find ways to protect against them. So, in recent years, telephone fraud has spread: fraudsters pose as employees of the Russian Ministry of Internal Affairs and other government agencies, and gullible users provide them with personal information. Therefore, an analysis of fraudulent calls appeared in the antifraud.
Behavioral biometrics is also developing when antifraud analyzes the user's interaction with the keyboard, mouse, and touch screen of the device. Now, identifying account interception or atypical behavior is a solvable task for antifraud.
Artificial intelligence has a significant impact on antifraud because it allows you to more quickly find solutions that will be implemented in future releases of antifraud.
Anti-fraud systems evolve with each technological discovery, and new players appear on the market, which makes it possible to create high-quality products. It is a competition that will move the sphere. It is worth mentioning that in addition to foreign manufacturers, there are also domestic ones that show decent results.
COMMENTS