A Reality Check on Ethics and Technology to Thwart Data Breaches and Fraud
By Simon Marchand, Chief Fraud Prevention Officer for Nuance Communications
In the U.S., the Corporate Executive Accountability Act proposed in early April by Sen. Elizabeth Warren (D-Mass.) would impose jail time on corporate executives who “negligently permit or fail to prevent a violation of the law that affects the health, safety, finances or personal data” of one percent of the population of any state. While in spirit this proposal is a nice attempt to address this massive growing issue, it only applies to companies that generate more than $1 billion in annual revenue and to companies that are either convicted of violating the law or settle claims with state or federal regulators, which ultimately does not address most data breaches given their size and scope. A slightly more aggressive data privacy law proposed by Sen. Ron Wyden (D-Ore.) would give executives up to 20 years in prison for violations of their customers’ privacy.
But should companies wait for laws to be put in place, or should they be ahead of the issue?
How Can Businesses Grab Hold of this Issue?
For starters, it is a shared responsibility among CISOs and IT teams as well as fraud and operation teams to understand the fraudulent entry points into their businesses. As the channels for businesses grow, so too do the points of entry for fraudsters. Fraudsters do not approach account access in a siloed manner. Instead, they take advantage of the growing channels and devices—mobile apps, contact centers, smart speakers, etc.—using them all as entries points into an organization. In addition, new and repeat career criminals attempt to steal from institutions every day. If they find a weakness in a channel, they will continue to go back to that channel and then turn to another one when that initial channel no longer works. And, even if some industries find the number of frauds committed on the voice channels might seem to go down, call center agents are still heavily targeted by fraudsters and socially engineered to obtain valuable information that is then reused on other channels against the same organization. Relying on passive biometrics authentication is the best way to make the call center more secure against experienced fraudsters.
Second, to truly combat fraud, businesses need to have a cross-channel security approach that stops fraudsters wherever and however they attack. In other words, businesses need to invest in the right tools to protect them and make sure that these technologies are capable of fraud detection and fraud prevention, as well as authentication. Taking a multi-authentication approach is critical, with proven technologies like voice biometrics, behavioral biometrics, device prints, face prints working in tandem to cover all channels. The goal is to stop focusing our efforts on the attack vectors but rather on the attacker themselves, who can be identified by multiple biometrics. Once we change our perspective on how to combat fraud, we can be one step ahead.
Third, companies need to bring ethics to the forefront. This means acting in a socially responsible manner. They need to stop categorizing fraud as a normal cost of doing business. It is not. They also need to understand that turning a blind eye to this crime is fostering other crimes. As such, organizations must try to stop fraud and should implement technologies facilitating the reporting of criminal activity to law enforcement agencies. It’s not just better for business, it’s the right thing to do.
Biometrics technologies including voice have already prevented hundreds of millions of dollars from getting into the wrong hands. For instance, HSBC recently reported that voice biometrics has helped it weed out fraudsters and prevent over £300 million ($336 million+) from falling into the hands of criminals since the software was deployed in the UK. Royal Bank of Scotland’s Head of Fraud Strategy and Relationship Management also credited voice biometrics for helping the financial institution discover that among the 17 million inbound calls it received in less than a year, one in every 3,500 calls was a fraud attempt.
The use of biometrics enables anti-fraud teams to now link seemingly unrelated cases to a small number of individuals, and it allows them to build solid cases with strong evidence that can then lead to prosecution.
Ethical decisions coupled with the latest in biometrics technologies are the only way that corporations can start having a real, concrete impact in the fight against fraud and targeting the fraud problem to its root.
About the Author
Simon Marchand, CFE, C.Adm., is Chief Fraud Prevention Officer for Nuance Communications’ Security and Biometrics division. Based in Montreal, Marchand plays a strategic role in evangelizing fraud prevention solutions, delivering product roadmap guidance and fostering ties with the fraud prevention community. Marchand brings over a decade of experience in telecom and banking to his role as Chief Fraud Prevention Officer. Prior to Nuance, he held key fraud prevention positions at Montreal-based Laurentian Bank, Bell, and most recently Québec’s Order of Chartered Administrators, where he managed its professional inspection program.