Monday, March 1, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Does Increased Compliance Mean More Fraud?

Combatting the Unintended Consequences of Compliance

by Iftah Gideoni
October 24, 2019
in Featured, Fraud
man in silhouette with long nose; concept of lies, deceit

Regulations like GDPR and PSD2 are creating an attack shift for fraudsters and alternative methods for them to create havoc. Forter’s CTO Iftah Gideoni discusses how to fight back against fraud with similarly evolving fraud prevention measures.

Today, data is the most valuable asset for consumers, businesses and fraudsters alike. Thanks to the rise in technological innovations, including the cloud, remote work and e-commerce breakthroughs, we now have the ability to do anything, from anywhere, at any time. But there’s also a dark side to this constant connectivity: criminals seeking to exploit personal, sensitive information, ranging from bank account numbers, credit card credentials and even customer loyalty accounts. In fact, according to recent research, fraud attacks on loyalty accounts increased by 89 percent in the past year alone.

In parallel with this data evolution, we are witnessing a growing focus by consumers, enterprises and regulators on the privacy and security of data collected, stored and shared online. Legislatures and regulatory bodies are passing more wide-reaching and comprehensive privacy laws, including Europe’s GDPR, which became binding in May 2018, and the California Consumer Privacy Act (CCPA), which takes effect in 2020. We should expect this trend to only increase; any enterprise dealing with personal data must be able to stand behind its privacy compliance program.

In the European Union, the Second Payment Services Directive (PSD2) came into effect last month. This regulation is intended to democratize access to data and simultaneously protect it through strong customer authentication. Given the complexity of compliance and attendant business implications, the U.K. and several other nations have announced enforcement delays, which vary from country to country. And while this regulation is intended to better safeguard data and payments, it may create headwinds for customer conversion — in fact, as many as half of consumers (49 percent) are likely to abandon online/mobile purchases if faced with a multi-step authentication process as outlined by PSD2.

As regulatory and legislative bodies continue their efforts to protect consumers and personal data, businesses need to build compliance programs that still optimize user experience and customer satisfaction and that take into account the adaptability and ingenuity of fraudsters and cybercriminals.

The Unintended Consequences of Increased Compliance

While both GDPR and PSD2 are intended to protect data, in reality, today’s payments ecosystem is too complex for legislation to predict and guard against fraudsters’ next moves. Making matters worse, online fraudsters are only growing in sophistication. These criminals are shifting their focus from brute-force attacks, where a high quantity of attacks increased the likelihood of a payoff, to investing in higher-quality, targeted attacks, where one attack translates to a larger and more meaningful payoff.

In the case of PSD2, a potential unintended consequence of this regulation is the shift in fraudulent activities outside the EU. PSD2 may make fraud more difficult at the point of transaction in the EU, leading fraudsters to shift to other geographies and attack points outside of the region. Criminals who stop using European data won’t stop stealing; they’ll just start stealing elsewhere.

Privacy regulations like GDPR and CCPA are giving consumers more rights to access and request deletion of their data. This introduces the risk of fraudsters disguising themselves as legitimate actors and demanding all data on their personas be removed. The ability to identify fraudsters as returning bad actors is vital to all fraud-fighting efforts, and the loss of historical data would be a serious handicap to proper prevention.

Fighting Back Against Fraud: Understanding Your Ecosystem

One of the most effective ways to combat the unintended risks that regulations like PSD2 and GDPR bring is to develop a deep understanding of your organization’s ecosystem, as well as the users who are a part of it. This includes:

  • A full understanding of good and bad actors, as well as the connections between them, which can provide the necessary framework for protecting an online business.
  • Knowing how your fraud prevention system recognizes fraudulent behavior – for example, can your system detect fraudsters when they return in different guises?
  • Going beyond matching obvious data points such as addresses, names or even IP addresses to instead, match behavioral data and patterns, while using cyber intelligence to piece together unclear elements.
  • Lastly, in order to guard against the risk of geographical fraud patterns, it’s important that your fraud prevention system be sensitive to genuine behaviors within different geographical areas and be able to flag when a user does not match the expected norms for their location.

Fraudsters are becoming ever more sophisticated, so your organization needs to evolve in turn when it comes to fraud prevention. Add to this equation the ongoing challenges and changes that compliance regulations like PSD2 and GDPR bring, and it may create a recipe for disaster.

Make sure your customers and accounts are protected by a system that knows your customer base just as well as you do. It requires flexibility, continuous innovation and an ongoing effort to stay ahead of criminals and to keep up with the evolution in customer behaviors and expectations. However, with constant, accurate and informed protection, you can maintain compliance, security and customer trust.


Tags: CCPA/California Consumer Privacy ActGDPRinformation security
Previous Post

CCPA Update: Changes, Clarifications, But no Major Overhaul Heading to Governor’s Desk

Next Post

Employers Must Carefully Navigate Using AI in HR Functions

Iftah Gideoni

Iftah Gideoni is CTO of Forter, a fraud prevention solution provider. He is an experienced executive with a diverse technology background. Prior to Forter, Iftah served as Chief Data Officer and VP of R&D at myThings. Before that, he led a portfolio of research projects for the Australian national research agency, CSIRO. In the past, he was the VP of R&D, CTO of B.V.R. Systems and CTO of Proxy Aviation Inc.

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post
illustration of robotic arm selecting man from row of candidates

Employers Must Carefully Navigate Using AI in HR Functions

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights