“Over 500 fraud fighting professionals turned out last Tuesday for FraudCon 2.0, a daylong mini-conference dedicated to fraud prevention held as part of the larger Cyberweek conference at Tel Aviv University. Participating companies included local fraud prevention startups, major multinationals such as Uber, IBM, RSA, and LexisNexis and major foreign banks including TD Bank, BMO and Llyods Banking Group among others.
“FraudCon exists because fraud-fighters love telling war stories, boasting about criminals we caught and whining about the ones that got away,” said Gilit Saporta, head of fraud intelligence at Simplex and one of the conference’s organizers. “I was pleasantly surprised to see how many people registered for FraudCon this year – including a lot C-level executives, decision-makers and visitors from abroad.”
Other organizers found the turnout from brand name companies at a fraud conference in Israel less surprising.
“Not many people are aware how fundamental the Israeli fraud fighting industry is to the health of digital transactions and financial systems,” said Uri Rivner, chair of the FraudCon program committee and Chief Cyber Officer at BioCatch. “Most banks in the U.S. and Europe use several lines of defense developed by Israeli start-ups, and 80% of the UK’s eCommerce transactions are protected by Israeli-built technology.”
However, the growth in fraud prevention technology hasn’t been restricted to Israel alone.Today, over 250 startups are in the fraud prevention space across the globe. Meanwhile, the fraud prevention market is expected to grow to $42.6 billion by 2023, according to figures presented at FraudCon by Noam Inbar, head of startup ecosystem at Oracle. With all the growth going on in the space, expect fraud conference attendance numbers to rise in the coming years.
GDPR may help criminals
One of the highlights of the day’s presentations was a review by Mirko Manske, first detective chief inspector from the German Federal Criminal Police Office, of lessons learned from the 2016 Mirai malware attack. That attack took 1.2 million Deutsche Telekom customers offline and was part of a larger effort to expand a DDOS-for-hire botnet. In that case, dogged sleuthing that included cross-national cooperation between businesses and law enforcement, caught the perpetrator of the attack. The perpetrator, a British-Israeli national then living in Cyprus, was sentenced in Germany for the attack before being extradited to the UK for attacks on British banks. After facing the British criminal justice system, the criminal will be extradited to the US to face further charges on unrelated attacks on US government infrastructure.
However, today, European authorities would find it much more difficult to identify the operators behind malware attacks and malicious botnets due to GDPR, a FraudCon speaker warned. The speaker requested to remain anonymous to speak freely on regulatory issues without hurting their business. “[GDPR leads to] more administrative regulations regarding going through certain defined points of contact to get data that used to be open source,” he said. “This massive increase in bureaucracy in the end will only protect criminals and no one else.”
Behavioral analytics becoming mandatory
The case was made several times during the conference by speakers from both fraud startups and multinational corporations that behavioral biometrics, i.e. identifying individuals based on their behavioral patterns, has become a necessary tool for fraud prevention. The increasingly widespread availability of personally identifiable information (PII) due to massive data breaches has devalued traditional identity-based fraud solutions, said Rivner during his presentation. He pointed to Gemalto’s April announcement that 2.6 billion records had been exposed in 2017 as the latest in a series of indicators highlighting the problem of relying on traditional PII. The message was that companies must go beyond PII-based authentication to protect their customers and secure their data.
Bryan Knauss, senior director of product management at LexisNexis Risk Solutions agreed that the fraud prevention has gotten more complex in recent years. “I see the linking of physical identity with the digital identity and associated behaviors as the next step in the ongoing arms race with fraudsters,” Knauss told about-fraud.com after the conference.
Expect FraudCon feature on ridesharing
FraudCon also featured a very stimulating discussion on the way fraudsters try to defraud ridesharing companies like Gett and Uber. Navot Oren, head of fraud prevention at Gett and Tal Yeshanov, principal of strategic payment risk initiatives at Uber, pointed out that organized crime has gotten into the act with criminal operations in China that include engineering talent, quality assurance and other hallmarks of legitimate tech companies. Oren and Yeshanov also showed participants some of the indicators both companies use to catch fraudsters – information too sensitive to publish here. However, about-fraud.com will be posting a Q&A with Yeshanov in the coming weeks to share with readers some highlights from Uber’s approach to dealing with fraud. Stay tuned!