Page 26 - GS210701
P. 26
CoverStory
Invest in AI payments and wider financial services businesses have all
the right ingredients to stop fraud." Pashley told The Green
Anthony Winslow, vice president of product marketing Sheet that the Bake-Off Challenge was intended as a novel
at Socure, recommended making AI part of a central- way to highlight the power of available technology and
ized identity strategy. "AI can outsmart fraudsters while information that companies may be missing. We're con-
instantly approving legitimate individuals accessing ser- fident our solutions provide complete and accurate KYB
vices at scale," he said. "Socure's predictive analytics plat- insights, which is why we wanted to put existing systems
form applies artificial intelligence and machine learning to the test in a bake-off, he stated. Our advice is to audit
with trusted online/offline data intelligence from email, the people and companies with whom you're doing busi-
phone, address, IP, device, velocity, and the broad internet ness, he added.
to verify identities in real time."
"If you look to the market, there are providers that can
Acknowledging that AI is only as good as the data that complete a full audit of companies within seconds, [using
powers its decisions, Winslow noted that Socure uses AI- AI to connect the dots] in a way that would take human
driven models to curate online and offline data for a mul- professionals weeks," Pashley said. "This allows you to
tidimensional view of identity. He explained that these audit the companies you work with in a faster, more thor-
models seek to understand holistic identity across differ- ough way, giving you the best possible [defense] against
ent data sources and elements while contributing to an fraud."
ever-growing customer feedback loop, and as they learn
to tell good identities from bad, the AIs get smarter with Payback is tough
each decision.
After gaming the system for years, fraudsters may find
"Our self-learning models constantly incorporate custom- themselves on the receiving end of being "pwned," a term
er feedback into our data set and employ new, innovative that originated in video gaming when a player utterly de-
machine learning technologies," Winslow said. "We ex- feats and compromises an opponent. Credential stuffing,
periment with external data sources and model features, account takeovers, social engineering and endlessly cre-
measuring performance against existing models; if we see ative attack vectors have inspired proportionate responses
something works better and is more accurate, we deploy from the infosec community. And there's a palpable thrill
it." and monetary reward in bringing down bad actors, secu-
rity leaders have noted.
Detect unknown unknowns
Gosschalk mentioned he has met energetic, creative peo-
Shaun Taylor-Smith, senior director and global head of so- ple on both sides of the fraud prevention industry. "We
lutions at ThetaRay, agreed AI models are becoming more have a bug bounty program, and fraudsters will report a
agile and responsive. ThetaRay models test multidimen- bug when the bug bounty is higher than the profit they
sional behavioral patterns against normalcy in an ongo- would make by exploiting the vulnerability," he said. "Oc-
ing, automated manner, classifying potentially suspicious casionally, a black hat will tell us where they sell accounts,
events into anomaly clusters to evaluate root causes and how much money they made and what they spend on a
severity and then sharing any unusual patterns with cus- daily basis to attack us. These are interesting metrics."
tomers for further review, he stated.
Gosschalk further noted that fraud prevention is never
"Model Drift is an important measurement of our continu- boring because the adversary is very creative and every
ous system monitoring of analysis chains," Taylor-Smith company has a different way of monetizing stolen data.
said. "As new data batches are analyzed, we signal the Ad- In the gaming industry, it may be game currency, and
min user when model drift is detected." with financial institutions, it may be a more traditional
approach of exfiltrating money; then there are romance
In June 2021, ThetaRay released SONAR, an SaaS solution scams that aim to convince people to transfer money and
designed to enhance the company's anti-money launder- social media spam and phishing that entice people to click
ing solution for correspondent banking. SONAR's AI mod- on links that install malware. These schemes are endlessly
els monitor cross-border transactions to protect payments fascinating, because there are so many ways to do these
from money laundering, human trafficking, and terrorist attacks, he noted.
and narcotics financing, Smith-Taylor noted.
AI is the future
Know your service providers
Security leaders agreed AI is a formidable weapon for cy-
Martin Pashley, chief commercial officer at Kompli-Glob- ber exploiters and defenders, citing the following benefits:
al, was fed up with fraudsters gaming the system and ex-
ploiting vulnerabilities, activities that inspired the Great • Efficiency: Gosschalk noted it would be far too ex-
Kompli-Global KYB Bake-Off Challenge. "Fraudsters are pensive and time-consuming to hire people to man-
becoming smarter and more collaborative in trying to get ually test server usernames and passwords. "Bad
round those systems with the weakest links to commit actors use bots and scripts to carry out attacks, and
their fraudulent crimes," he said. "We wanted to ensure Arkose Labs uses AI to set up challenges, similar to
26
