In the third in his series of guest blogs David Birch, author and advisor on digital financial services, tackles the need for new technology.
Identity fraud is absolutely out of control in the UK and there is, so far as I can see, no prospect of any form of infrastructure coming into place to deal with the problem. Whether we look at scammers going through Facebook to perpetrate dating fraud or going through LinkedIn to perpetrate invoice fraud or going through the Land Registry to perpetrate property fraud or going through Companies House to perpetrate corporate fraud, we can draw only one conclusion: identity is broken.
Until we fix identity, we can’t attack fraud. And since it’s going to take a while to fix identity, even if we start now, that means that fraud is going to carry on getting worse. Don’t believe me? Then listen to a bank:
Barclays is predicting that online festive fraud will be at its highest ever levels in December 2017 and could cost shoppers more than £1.3bn – Barclays warns of unprecedented online fraud this Christmas
Merry Christmas one and all.
The truth is that we are under attack. It isn’t script kiddies and casual card counterfeiters any more, it’s organised crime. The TransUnion (formerly Callcredit) Annual Fraud & Risk Report surveyed over a hundred fraud professionals and found that more than three-quarters of them rated organised cybercrime as the biggest fraud threat to their organisations in the coming year.
Given that current projections are that the damage from cybercrime will double from $3 trillion last year to $6 trillion in 2021, their fears are well-founded. I don’t need to labour the point: in the long term someone will fix the identity problem but in the short term we will continue to lose vast amounts to identity fraud.
Yet when those same fraud professionals were asked what their priorities were for the coming year, nearly nine in ten put regulatory compliance at the top of their list. At a time when organisations need to invest in defending themselves by using new types of dynamic data in combination with “traditional” identity verification and strong authentication techniques, the spend is going on compliance (which clearly isn’t working – if it was identity fraud wouldn’t be out of control).
Surely the ROI on bringing in new and actionable data is such that it deserves a separate line in the budget? After all, the investment should be measured against the fraud in a couple of years’ time not the fraud of a couple of years ago.
Is there any cause for optimism? Well, I think the answer to that is yes. Remember TransUnion’s (formerly Callcredit) white paper on “Credit, Fraud and Risk in the Age of Machines” in which their data scientists explored the use of machine learning? I think they were right to be optimistic about these new technologies. The indications seems to be that they are going to be used, and that there may be light at the end of the tunnel.
If we look at what kinds of AI are being deployed in the banking sector and what they are being used for, we see this optimism reinforced. Companies will be able to use new forms of varied and dynamic data for fraud prevention precisely because it will be AI consuming that data and making effective use of the wider range of inputs.
It’s time for a change: if we are going to defend ourselves against the next generation of criminals, we need the next generation of technology to do it. The place to start is, as with most other things these days, getting hold of the data that is needed to make better decisions.