Preventing Fraud Requires Intelligence and Counter Intelligence

Financial services companies that want to prevent hackers from breaking into their portfolios need to develop intelligence and counter intelligence, according to speakers at the

2019 Power of Prepaid Conference.

Financial services companies can learn from the ancient Chinese strategist Sun Tzu, who wrote that generals needed to know their enemies and know their own armies in order to be victorious, Bob Gourley, the cofounder of OODA LLC and a former naval intelligence officer, said. He described how espionage has gone from cloak and dagger to breach and hacker, and that this has bled over into the world of financial services.

He had three primary recommendations for companies planning to fight fraud.

1. Companies need to know their adversaries look for their weaknesses. While hackers will likely surprise a company, studying them can yield good information about their weaknesses.
2. Companies need to know themselves: what is their most important data and their abilities to fight fraud. Gourley also said the companies need to test themselves to learn how well their defenses work.
3. Companies need to raise their defenses by designing systems for defense and containment and planning for backups in case they do get hacked.

Doing intelligence work like this is one part of the puzzle for companies. The other part is counter-intelligence. Steve Lenderman, who works in the Global Security organization for ADP, recommended that companies begin doing counter intelligence on what is happening in the realm of fraud.

He said companies can gain a lot by starting with online searches of the most common schemes to see how they are executing. He recommended that people look at common scams such as romance scams and work at home scams where people use social engineering to connive people to send them money.

Financial service providers should also pay attention to purchase patterns to spot nefarious activity such as human trafficking. For example, a pattern of use that shows using Uber to get to the same hotel frequently followed by transfers of money off a card might be indicative of human trafficking.

Another area of counter intelligence would be to search for portfolio BINs on the dark web. He recommended that people either out source this work or make sure they can do it in a way isolated from their primary systems to avoid risking exposure.

Companies have options when it comes to fighting fraud, but it is a constantly changing fight. So they must continually update themselves both through intelligence on themselves and their defenses and counter intelligence on what is happening on the dark side.