Online fraud is serious business, with U.S. consumers losing $5.8B to fraud in 2021. That’s a 70% increase over 2020.1 One in 20 Americans were victims of fraud in 2021, with account takeover fraud and new account fraud seeing huge increases over previous years.2
Why has online fraud become so severe? Changes in consumer behavior, such as a rise in online shopping along with greater adoption of digital payments, have provided more targets for fraud. Buy Now, Pay Later has also become increasingly popular, growing by 300% per year since 2018.3 Experian predicts this will be a major fraud target, as criminals use stolen or fictional identities to buy items without paying.
Criminals are also using technology to their advantage, employing bots and malware to bypass security measures. They change tactics to evade detection, even resorting to manual effort to get around anti-automation measures. And while organizations try to implement steps to stop fraud, often those measures are an inconvenience for customers.
Businesses are struggling to respond to these attacks. A KPMG survey found that more than half of organizations surveyed said the shift to remote work made it harder to detect and respond to fraud.4 Existing silos between fraud prevention and security teams have been exacerbated by remote work. When these teams don’t collaborate, it’s harder—if not impossible—to identify an attack in time to respond effectively.
Security and fraud teams must work together with integrated tools and processes to successfully prevent online fraud while maintaining a positive customer experience. This convergence requires stakeholder collaboration to share information, data, and intelligence, eventually moving to a fully integrated model where security and fraud are aligned under a single organizational structure.
In addition to coordination between security and fraud teams, fraud prevention requires a multi-pronged approach to thwart attackers.
ATO fraud is common due to breached information like passwords and other Personally Identifiable Information (PII) available on the Dark Web. It can be difficult to know an account has been compromised unless there’s unusual activity or a vigilant customer who notices something is wrong. However, real-time monitoring and machine learning can identify suspicious activity immediately to stop ATO fraud, whether it’s caused by credential stuffing or manual attacks.
Bots and automated attacks are often the first approach for attackers, due to the low cost and effort. They can also be used for reconnaissance to allow criminals to retool their attacks. Security needs to both respond and adapt to evolving bot attacks to prevent losses. With AI, bots can be identified and blocked without adding friction for genuine users.
If automation such as bots are unsuccessful, attackers often move to either emulate human behavior using machines or fully manual attacks. Multi-factor authentication is often used to verify identity, but it can frustrate users. AI can be used to determine whether someone trying to access an account is who they claim to be and verify their intent. This provides a better customer experience and can provide intelligence to business leaders for further optimization.
F5 solutions use custom AI, machine learning, and real-time monitoring to prevent online fraud. F5 Distributed Cloud Bot Defense protects against bot-based attacks such as credential stuffing and fake accounts, using AI to respond to retooling. Distributed Cloud Bot Defense is a managed service that prevents bot attacks, blocks account takeovers, and identifies fake users in real time. Distributed Cloud Account Protection uses AI to predict instances of fraud along the customer journey while slashing friction for legitimate consumers by up to 90%.
Google Cloud is a flexible, secure cloud provider that embraces open source, making it an excellent platform to migrate infrastructure and modernize applications. It’s also multi-cloud friendly, providing capabilities around Kubernetes as well as big data and analytics. Google Cloud has always prioritized security; the platform’s strong security and cutting-edge encryption allow companies to safely store and analyze sensitive personally identifiable information.
F5 running on Google Cloud can help you defend against bots, authenticate with intelligence to reduce user friction, and protect user accounts. Closed-loop AI trained on verified human data combined with a secure cloud provider means you can reduce fraud without sacrificing the user experience.
Sources:
1 FTC, “New Data Shows FTC Received 2.8 Million Fraud Reports from Consumers in 2021,” Feb
2022
2 Javelin, “2022 Identity Fraud Study: The Virtual Battleground,” Mar 2022
3 Experian, “Experian Launches 2022 Future of Fraud Forecast,” Jan 2022
4 KPMG, “A triple threat across the Americas: KPMG 2022 Fraud Outlook,” Jan 2022