AI vs. AI: The Digital Arms Race to Fight Fraud
The digital-first economy we now live in is built on businesses trying to harness the insights from the vast amount of data they have in order to make real-time decisions across their customer touchpoints. Unfortunately, as digital commerce has grown, so has fraud, especially on the backs of the high-profile breaches, such as Equifax and Capital One, that have made personal data available in the dark web. While the digital economy has led to a globally connected ecosystem, the socio-economic gaps persist, making it proﬁtable to invest time and money to attack businesses. This has created a connected cybercrime ecosystem, where criminals have access to sophisticated technology, tools, and data that they can weaponize for fraud.
As we have witnessed in 2019, data breaches are at an all-time high and this year is on track to be the worst for fraud to-date.
This rapidly evolving fraud landscape has contributed to a 21st-century digital arms race where businesses and cybercriminals are actively competing to have the most up-to-date AI technology to carry out and prevent, cyberattacks at-scale. In today’s advanced threat landscape, how are criminals executing attacks at-scale and how can businesses stay ahead of the rapidly-evolving fraud curve?
The Rise of the Single Request Attack
Fraudsters have access to sophisticated technology and can successfully use AI to automate the business of fraud at-scale, this has given rise to the single biggest security threat to organizations today, Single Request Attacks. These tactics are increasingly being used in automated attacks such as account takeovers, fraudulent account creation, spam and abuse and more.
Single Request Attacks use a sophisticated protocol of tactics designed to convince a receiving network that the requests are coming from human users with authentic intent. By taking this automated ‘authentic’ approach, they trick most fraud prevention and bot mitigation platforms and are able to make it through the network. In particular, social media accounts are a top target for automated, intelligent attacks.
Social media platforms see a variety of attacks from bots however, more than 75% of attacks on social media are automated bot attacks. With over half (53%) of social media logins as fraud, we know that fraudsters are using large-scale bots to launch attacks on social media platforms with the goal of disseminating spam, stealing information, spreading social propaganda and executing social engineering campaigns targeting trusting consumers.
How to Stay Ahead of the Fraud Curve and Win
As these attacks progress, companies will continue to be at risk of a data breach. The most effective way to beat fraudsters is to challenge them – AI vs. AI – in a neutral setting. To avoid becoming one of the statistics, companies must deploy an intelligent technology that gets smarter every time it is attacked.
Companies should implement advanced telemetry that goes beyond the basic login portal. Telemetry recognizes the context, behavior, and past reputation of every request to classify it as authentic or inauthentic. Requests that cannot be recognized are intercepted by Enforcement, a challenge-response mechanism that determines the authenticity of the request with evidenced certainty.
Authentic users are let through without being impeded, but inauthentic users will be challenged in interactive gaming before being allowed entry. Built-in Machine Learning receives feedback in real-time from how the inauthentic user responds to the attack, which enables rapid automated intervention to stop fraudulent attacks before they can extract a return on their investment. Machine Learning is vital to helping fight automated fraud and can help companies gain valuable insights into an attacker. It also helps companies track, label and identify suspicious users at-scale across their entire attack surface.
This approach to fraud prevention makes the cyberattack too resource-heavy, and expensive, for a criminal to execute. Attackers are motivated by financial gain and can only sustain their operations when the cost of executing abuse is less than the revenue that can be extracted.
We are in an era where online identity and intent can all be faked. As businesses focus on deploying tools to stop attacks, fraudsters look for ways to bypass those defenses. Each successful attack further provides data and resources to the fraudsters. It is important now, more than ever, to approach this problem by understanding the fraudsters’ business. Combating the growing fraud epidemic requires a solution rooted in prevention and stopping of abusive attacks at the point of entry without disrupting user experience. Making the attacks more difficult and costly disrupts fraudsters’ economic incentive and breaks their business model. This results in a longer-term solution and stops the cat and mouse game that fraudsters play with businesses.