Customer Authentication - Why Are They Sending Money to Scammers?
Basically, customers can be tricked into sending money even after logging in securely.
Fraud expert Lenny Gusel reveals how separating identity management from fraud detection increases risks. Customers can still be scammed even after authentication. Integrating these systems is crucial for security.
What Happened
In a recent video by Help Net Security, Lenny Gusel, Head of Fraud Solutions at Feedzai, highlights a pressing issue in digital security. He explains how customer identity and access management (CIAM) has become intertwined with digital fraud detection. The crux of the matter is that treating these systems separately can create significant risks for organizations and their customers.
The concept of continuous, contextual trust is central to this discussion. Unlike traditional CIAM, which grants access at a single point in time, modern fraud detection systems monitor user behavior throughout an entire session. This includes analyzing device signals, network context, and user interactions, such as how they tap or swipe on their devices.
Who's Being Targeted
The convergence of CIAM and fraud detection is crucial for all organizations that handle sensitive customer information. Businesses that have not integrated these two systems may find themselves vulnerable to scams. Customers, despite passing authentication checks, can still fall victim to fraudsters. This is particularly concerning in scenarios like account openings, in-session behavioral monitoring, and third-party payment flows.
Organizations that fail to adapt to this integrated approach risk losing not only money but also customer trust. Fraudsters are increasingly sophisticated, often exploiting gaps in security that arise when systems are not aligned.
Signs of Infection
Gusel outlines several signs that indicate when a customer might be at risk of falling for scams, even after authentication. These include unusual account activity, such as unexpected payment requests or changes in user behavior that deviate from the norm.
By continuously monitoring these behaviors, organizations can apply necessary friction to transactions that appear suspicious, allowing genuine customers to navigate their accounts without interruption. This proactive approach can significantly reduce the likelihood of fraud.
How to Protect Yourself
To combat these risks, organizations must integrate their CIAM and fraud detection systems. This means adopting technologies that allow for real-time monitoring and analysis of user behavior. By doing so, they can identify potential threats before they escalate into significant financial losses.
Here are some recommended actions:
- Implement continuous monitoring of user sessions to detect unusual activities.
- Educate customers about recognizing signs of fraud and how to report suspicious activities.
- Adopt advanced fraud detection tools that leverage machine learning to adapt to new threats.
By taking these steps, organizations can not only protect their customers but also enhance their overall security posture against evolving fraud tactics.