www.f5.com
Open in
urlscan Pro
2600:9000:20eb:4c00:14:232e:8a00:93a1
Public Scan
Submitted URL: https://buzz.f5.com/NjUzLVNNQy03ODMAAAGEw-3_niZI3D7-NQI4Lz8aYl9ttzYVQP5VE0VJLYoZZ0jJHl-zfFY6B80syHrzHc40K69zEqA=
Effective URL: https://www.f5.com/company/blog/aligning-security-and-fraud?v=EIhrB7sEXK8?utm_medium=email&utm_source=f5db&utm_camp...
Submission: On June 02 via api from US — Scanned from DE
Effective URL: https://www.f5.com/company/blog/aligning-security-and-fraud?v=EIhrB7sEXK8?utm_medium=email&utm_source=f5db&utm_camp...
Submission: On June 02 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Skip to main content Skip to footer Skip to search
* EN
* EN
* DE
* ES
* FR
* 中文
* 日本語
* F5 Sites
* Support Portal
Self-service help on F5 products & services
* DevCentral
Connect & learn in our hosted community
* MyF5
Manage subscriptions & registration keys
* Partner Central
Resource & support portal for F5 partners
* LearnF5
Learn to use F5 products
* Contact F5
* Contact F5 Sales
Talk to an F5 sales representative
* Contact F5 Support
Talk to a support professional in your region
* Contact Professional Services
Get help to optimize your F5 solution
F5
* Solutions & Products
* Partners
* Resources
* Support
* Company
* Get F5
* open search close search Search all F5 sites
SUGGESTED SEARCHES
reset focus
* open navigation
* Solutions & Products
Solutions & Products
* Solutions
View all
* View All Solutions
* By Solution Type
* Performance
* Application Performance
* Infrastructure & Application Availability
* Security
* Application Security
* Online Fraud Prevention
* Access & Authorization
* Automation
* DevOps Deployment
* Multi-Cloud Management
* Insight
* Application Troubleshooting
* By Industry
* Banking & Financial Services
* Public Sector Solutions
* Healthcare
* Service Providers
* By Deployment
* Solutions by Deployment
* Cloud
* Software
* Hardware
* as a Service
* Solutions by Cloud Partners
* F5 on Amazon Web Services
* F5 on Google Cloud Platform
* F5 on Microsoft Azure
* Products
*
* BIG-IP
* View All BIG-IP Products
* BIG-IP Access Policy Manager
* BIG-IP Advanced Firewall Manager
* BIG-IP Advanced WAF
* BIG-IP Carrier-Grade NAT (CGNAT)
* BIG-IP DNS
* BIG-IP Local Traffic Manager
* BIG-IP Policy Enforcement Manager
* BIG-IP Service Proxy for Kubernetes
* BIG-IP SSL Orchestrator
* Container Ingress Services
* BIG-IP Deployment
* F5 rSeries
* BIG-IP iSeries Appliances
* BIG-IP VIPRION Chassis and Blades
* BIG-IP Virtual Edition
* Cloud-Native Network Functions
* BIG-IQ Centralized Management
* BIG-IQ Centralized Management
* DDoS Hybrid Defender
* DDoS Hybrid Defender
* Distributed Cloud Services
* Distributed Cloud Services
* Global Server Load Balancing
* Global Server Load Balancing
* NGINX
* View All NGINX Products
* NGINX Controller
* NGINX Plus
* NGINX Open Source
* NGINX App Protect
* NGINX Ingress Controller
* NGINX Service Mesh
* NGINX Unit
* NGINX Amplify
* F5 DNS Cloud Services
* Silverline Managed Services
* View All Silverline Managed Services
* Silverline Web Application Firewall
* Silverline DDoS Protection
* Silverline Shape Defense
* Partners
Partners
* Explore F5 Partners
Explore F5 Partners
* F5 Partner Program Overview
* Find a Reseller Partner
* Technology Alliances
* Partner Programs and Resources
View All Partner Programs and Resources
* View All Partner Programs and Resources
* F5 Partner Programs
* Partner Central
* Resources
Resources
* Documentation
* All Documentation Resources
* API Documentation
* Deployment Best Practices
* Deployment Guides
* Glossary
* Infographics
* KB Articles
* Product Certifications
* Product Datasheets
* Product Documentation
* Reference Architecture
* Reports
* Solution Profiles
* Visio Stencils
* White Papers
* Education
* Free Online Courses
* Training
* Professional Certification
* Webinars
* Customer Case Studies
* Support
Support
* F5 Support
* Support Portal
* Professional Services
* Activate Registration Keys
* Bug Tracker
* Create a Service Request
* Software Downloads
* Support Communities
All Support Communities
* All Support Communities
* Customer Engagement Centers
* F5 Labs
* DevCentral
* Company
Company
* Company Overview
About F5
* About F5
* Our Vision
* Leadership
* Diversity & Inclusion
* F5 Global Good
* Careers
* Contact Information
* Investor Relations
* News & Events
F5 Newsroom
* F5 Newsroom
* Blog
* Press Releases
* Events
* Features
* Awards
* Press Kit
* Get F5
Get F5
* Get F5
Get F5 Overview
* Get F5 Overview
* Free Product Trials
* Professional Services
* Enterprise License Agreement
* Perpetual Licensing (GBB)
* Subscription
* F5 Sites
* Support Portal
* DevCentral
* MyF5
* Partner Central
* LearnF5
* Contact F5
* Contact F5 Sales
* Contact F5 Support
* Contact Professional Services
* EN
* EN
* DE
* ES
* FR
* 中文
* 日本語
close
reset focus
BLOG
STAYING AHEAD OF CYBERCRIMINALS BY ALIGNING SECURITY AND FRAUD
David Mattei, Aite-Novarica Group
Published November 15, 2021
*
*
*
*
At times, fraud can seem like a game of cat and mouse: The criminals are usually
aggressive and are on the offense, while companies struggle to protect
themselves and are on the defense. For companies, the game is becoming harder to
play. Criminal organizations’ tools are becoming more sophisticated and their
attacks more complex. Financial services firms and merchants find it difficult
to constantly adapt their security and fraud defenses to keep up with rapidly
evolving attacks. And if you are not keeping up, then you are falling behind.
The dangers are higher losses, abandoned transactions, and customer
dissatisfaction. Losing money and customers—not a good combination.
It’s time to rethink your approach to fraud prevention. But I can hear it now.
“I am understaffed and underfunded. How do you expect me to keep up with more
nimble and well-funded criminal organizations?” In this challenging environment,
it’s time to work smarter, not harder. Merchants and financial services firms
that have solved this accomplished it by looking both inward and outward.
LOOKING INWARD
Looking inward, successful companies have admitted their security and fraud
mitigation inefficiencies. It is common to have a cybersecurity department
protecting computing networks and externally facing applications from
infiltration, exploits, and denial of service attacks, and a fraud department
focused on online/digital transactions, event correlation, and incident
responses. This creates a segregation of responsibilities and two departments
with different tools, data sets, performance indicators, staff, and budgets.
Let’s look at how this hurts a company.
Data breaches and credential spills have exposed billions of personally
identifiable information records, including username/password pairs. In a
typical attack, an attacker will perform credential stuffing using highly
distributed botnets to test these pairs at scale to identify which
username/password pairs are still valid. With a valid pair, an attacker easily
becomes a cybercriminal by taking over a customer’s online account—extracting
money, laundering loyalty points, or making unauthorized purchases. Depending on
the security countermeasures encountered, the cybercriminal may modify the
attack using tools that range from network scripts and botnets to those that
emulate human behavior or frameworks that can make API calls to human click
farms to solve CAPTCHA.
This type of attack spans both security and fraud team responsibilities. If the
security and fraud teams or their tools are not communicating, threat
intelligence and context are lost, and it is difficult (maybe impossible) to see
the entirety of the attack. As a result, fraudsters slip through the cracks, and
companies and their customers experience financial losses.
It’s time to break down organizational silos. Collaboration across teams and
technology can be the vehicle to convergence, increased revenue, and ultimately
the company’s success. In addition, pooling resources and data improves
visibility, making it possible to keep criminal organizations out while letting
good customers through without friction. In a recent Aite-Novarica Group study
of 110 fintech firms, those that have an integrated fraud system are twice as
likely to say it is somewhat or very easy to manage fraud, compared to firms
with separate and distinct fraud systems.
An integrated platform has the benefit of seeing more of the fraud landscape
through the pooling and continuous analysis of data. With a larger data set, and
thus more fraud signals, it is possible to create more predictive and precise
machine learning models. This can not only lead to more proactive and actionable
intelligence but also a better user experience, since the increased precision
can fast-track authentication, providing a seamless way for customers to
transact without increasing fraud.
LOOKING OUTWARD
Looking outward is also important to create an effective fraud ecosystem. It is
common practice for financial services firms and merchants to purchase tools and
manage fraud in-house, with staff configuring the tools to prevent fraud. As
fraud attacks morph over time, the company has to adapt its fraud strategies to
counter them, tune authentication rules, and investigate false positives. In
other words, the company has to experience a new fraud attack (and a financial
loss) before it can prevent future ones. This reactive strategy leaves the
company exposed while internal departments investigate and remediate the
security gap.
Why not be proactive? Vendors offering commercial solutions leverage their
breadth of experience and visibility to protect their clients better than an
individual client can protect itself. How? Well, a vendor with a large client
base across multiple geographies and industries has a very broad view of fraud,
especially when threat intelligence is shared across its collective defense
network. If a new fraud attack vector emerges, the vendor can quickly modify its
fraud defenses to protect all clients.
THE WIN-WIN-WIN SOLUTION
Staying ahead of the growing sophistication of criminal organizations and their
attacks is difficult, especially with staffing and resources in short supply.
It’s time to look inward and outward. Bringing together cybersecurity and fraud
management into an integrated team and leveraging external expertise provides
three main benefits. Cybersecurity/fraud management is simplified, losses are
lowered, and customers have a better online experience. A win-win-win solution.
By David Mattei, Strategic Advisor, Aite-Novarica Group
_____
For additional perspective, read the Aite Report to learn new strategies to
minimize fraud loss.
SECURE AND DELIVER EXTRAORDINARY DIGITAL EXPERIENCES
F5’s portfolio of automation, security, performance, and insight capabilities
empowers our customers to create, secure, and operate adaptive applications that
reduce costs, improve operations, and better protect users. Learn more ›
--------------------------------------------------------------------------------
WHAT WE OFFER
* Free Trials
* Products
* Solutions
RESOURCES
* Product Documentation
* White Papers
* Glossary
* Customer Stories
* Webinars
* Free Online Courses
* F5 Certification
* LearnF5 Training
SUPPORT
* Manage Subscriptions
* Support Portal
* Professional Services
* Create a Service Request
* Software Downloads
PARTNERS
* Find a Reseller Partner
* Technology Alliances
* Become an F5 Partner
* Login to Partner Central
COMPANY
* Contact Information
* Careers
* Diversity & Inclusion
* Investor Relations
* Blog
* Events
* Newsroom
* F5 NGINX
* Threat Stack
* CONNECT WITH US
* Twitter
* LinkedIn
* Facebook
* Instagram
* YouTube
* DevCentral
--------------------------------------------------------------------------------
©2022 F5, Inc. All rights reserved.
* Trademarks
* Policies
* Privacy
* California Privacy
* Do Not Sell My Personal Information
* Cookie-Präferenzen