Why we should avoid fraud shaming breach victims

Throughout the COVID-19 pandemic, we have seen the rapid rise of phishing scams, ID theft and account takeover techniques, as fraud has increased alongside digital activity while consumers shop from the safety of their homes. However, the real fallout of the current fraud ‘boomtown’ will not be felt fully for months to come and the increased levels of fraud we’re experiencing will likely continue into the future now that more and more customers are reliant on shopping online.

Peak sales around the upcoming holiday season will be great for online merchants and for us all. Shopping online will help curb the pandemic with less people rushing into physical stores and the increased spending will promote economic recovery. But this growth of online commerce will also see increases in its pitfalls and we must help not shame those businesses that are tackling them. There are two areas in particular I'd like to highlight.

Firstly, the use of the personal and financial data harvested from the vulnerable throughout the pandemic will be used as we head into the next few months, while we’re all trying to recover from the pandemic. While this is happening, rather than accusing and ‘fraud shaming’ businesses that fall victim to this, we should plan to avert longer-term disasters as the stolen data makes its way back to market.

Secondly, we must look past the holiday season too. We’ll be keeping a close eye on the early months of next year, once it has all ended. The typical February chargeback spike will likely be higher than usual, so businesses must be prepared now to deal with that inevitability as it can cause crippling cash flow issues.  

Here are a few realities we face in today’s fight against fraud, which show just how focussed we need to be in tackling the problem together:

• Companies in the business of preventing fraud are now the front line against serious criminal organisations. But stopping these organisations is a cat and mouse game and right now they are staying out in front. Recent history shows us that the fraud industry has lost its focus and is quite publicly losing the chase. This needs to change. With businesses from a range of sectors jumping into the digital space as a ‘lifeline’ during COVID-19 – many for the first time – we’ve seen fraud increase in response. These businesses must have effective and efficient tools to combat this spike in fraud.

• The anonymity movement is creating a safe haven for the criminal organisations that fraud companies are coming up against, and those operating within them, enabling them to collaborate and expand. Not to mention the recent ‘right to be forgotten’ law, which could help them cover their tracks once they have used stolen data to commit the crime.

• Many think artificial intelligence (AI) and machine learning (ML) are the wonder drugs we need to ‘cure’ fraud and can be left to their own devices to solve problems. In reality, supervision is necessary to stay on top of the latest fraud trends and analyse the data needed to understand how to react to fraud. Those committing fraud understand these trends and are making real-time decisions in response to them. So, the way we use AI and ML is outdated. Fraud managers and employees should use a ‘supervised learning’ model instead – this is a tactic the whole industry needs to catch up with.

• Across many sectors, there is a level of something we call ‘data breach fatigue’ taking place, which can cause fraud prevention to become a tick box exercise and decreasing budget line. Often this level of ‘mass acceptance’ is used as a weapon against businesses as it leaves them unprepared and wide open for attacks. If the urgency to prevent fraud is not addressed on an emotional level in a business, as well as on a technology level, we will soon be standing at the edge of an unbridgeable chasm.

We must remember that fraud prevention businesses, in-house risk professionals, technology providers and industry consultants are all in the job for one reason – to prevent crime. Fraud concerning financial and identity theft often provides funding for more serious criminal activity – such as the drug trade and terrorism. And that’s not to mention the significant personal impact on members of the public, and reputational and financial damage caused to businesses.

As we address fraud in the coming months, and as businesses recover from lockdowns and a period of reduced cash flow, it is important that we support them – not blame them. With the right tools and help, they’ll be able to emerge from COVID-19 and the subsequent recession, with as little damage done as possible.