Page 26 - GS230601

P. 26

Co v er St o r y
CoverStory

Sharing information, closing gaps
As infosec leaders have noted, As infosec leaders have noted, lack of communication has
lack of communication has been a been a major impediment to security within organizations
major impediment to security within and across public and private sectors. Dakshina, for
example, recalled a recent conversation with a card issuer
organizations and across public when pointing out that financial institutions frequently
and private sectors. have gaps between fraud and customer service teams.

"He confirmed they store device ID and other transac-
tional data, so I asked if customer service reps pass that
This way you retain the customer, Dakshina noted, and information to the fraud team so they know if the cus-
while not every customer will go for it, the email will at
least let them know you're trying to keep them happy. tomer purchased the product using the same device ID,"
Dakshina said. "He said, 'No, we don't give the data to the
I call this "friction, not rejection" because you can't stop
buyer remorse from happening, especially when multiple dispute side.' And because of that disconnect, customer
service has no visibility into the transaction, leaving them
stores are selling the same item, he said. A customer who
buys a $1,000 item, then sees it sold somewhere for $800, no choice but to take the cardholder's dispute at face value.
They can't even say, 'We see you used your phone to check
will be thinking about how to recover the $200, he added.
out; are you sure you didn't initiate the transaction?'"
Because fraud comes in many varieties, Dakshina
recommended combining human and machine intelligence Jason Kratovil, head of public policy and external affairs
at SentiLink, mentioned that gaps in Social Security were
to detect anomalies and avoid false positives by separating
legitimate orders from fraudulent transactions. making it easy for criminals to create synthetic identities.
"If you want to create a synthetic identity, find a Social
High stakes, deep fakes Security number for a minor or immigrant with a thin
credit profile and combine it with a burner phone and
Nir Stern, vice president, product management at AU10TIX, some made-up PII (personally identifiable information),"
acknowledged that deep fakes are a growing concern for he said.
companies of all sizes that have difficulty discerning
between forged and authentic images and documents. From there, he added, a criminal could purchase authorized
Identity proofing, which his company provides to Twitter, user tradelines or accumulate declined applications by
LinkedIn and other global enterprises, can solve for this repeatedly applying for credit; over time, with minimal
issue, he stated. skill and a bit of patience, these activities could create a
legitimate-looking consumer.
"Unfortunately, whenever there's a new technology, the
first adopters are usually the bad guys," he said. "We run SentiLink CEO Naftali Harris and COO Maxwell
over 100 types of forgery tests and compare data elements Blumenfeld, who were early employees at Affirm, co-
to determine if a document or image is real or forged. And founded SentiLink in 2017 after seeing patterns in credit
because we have such huge traffic from both our customers reports that didn't tie to real people. Kratovil noted they
and bad actors, we're able to train our AI models on an were among the first to see synthetic ID as a big problem.
ongoing basis against the latest threats."
The following year, the company was an early adopter of
Stern advised enterprises in need of identity proofing to the Social Security Administration's real-time, API-based
look for fully automated solutions. He pointed out that system for verifying an individual's name, date of birth
numerous vendors claiming to be fully automated actually and Social Security number. The Electronic Consent Based
have agents behind the scenes doing manual work. Global SSN Verification (eCBSV) service is now used by SentiLink
entities require robust solutions that can respond in as partners to onboard customers efficiently while reducing
little as 4 seconds to requests from multiple regions, fraud and risk.
languages and regulatory landscapes, he stated.
Sources of truth
"I think the key for organizations is to work with solutions
that are fully automated and scalable," he said, noting large In a July 2022 white paper, The Electronic Consent Based
enterprises that monitor traffic across global databases can SSN Verification Service, How eCBSV can help your financial
identify new threats quickly and avert disasters. This type institution fight fraud and approve more applications faster,
of provider, he stated, continuously builds new models, SentiLink positioned eCBSV as more efficient than paper-
which protects their communities in the endless fight based consent forms for identifying synthetic fraudsters
against the bad guys. and enabling inadvertently flagged individuals to prove
they're real. "Technology continues to re-shape how
consumers seek out and utilize financial services. As this
innovation takes hold, it has presented one undeniable

21 22 23 24 25 26 27 28 29 30 31