Fraud and Security should work together to prevent fraud

with Tony Maher, Director of Operations and Membership Services, TUFF

By Grant White

In times of great disruption, companies must streamline their operations to thrive in uncertainty – especially when it comes to preventing fraud. To effectively protect their customers, organisations need proactive processes and ensure they have the knowledge to recognise fraud from the very start.

But when the teams responsible for instilling those protections are unable to work together, how can an organisation effectively tackle fraud?

We spoke with Tony Maher at The Telecommunications UK Fraud Forum Ltd (TUFF) – a membership forum enabling organisations to share their expertise and experience to counter the challenges of telecommunications fraud and crime.

As Director of Operations and Membership Services at TUFF and currently working with the likes of PSA, Ofcom, Cifas and the Global Cyber Alliance, Tony shares his exceptional experience about the challenges organisations face when it comes to fraud and what they can do about it.

Grant White, Smartnumbers: Hi Tony, great to have you here. From your experience, could you tell us more about the new types of attacks and tactics fraudsters are deploying? And what are the worrying trends people need to watch out for?

Tony Maher, TUFF: This may surprise you, but we haven’t seen many new types of fraud. If anything, we’re seeing ‘rebadged’ old scams pop up that are still proving to be effective.

There are two reasons why: The pandemic has caused a time of uncertainty and fear, making social engineering approaches to call centre agents easier. The second reason is that many organisations have never experienced these types and levels of fraud before and fraudsters are taking advantage of the lack of knowledge to attack and take over customer accounts.

What I’ve found is that many organisations are unable to fight against it. This is because their fraud and security teams are not able to work together and share what to watch out for. This is either because of limited resources, no information sharing mechanisms, or a lack of managerial support.

GW: It sounds like organisations have a wealth of information that can help them fight against fraud, but because it’s siloed, they’re missing out on a great opportunity to gain an edge against fraudsters. So what can they do to turn it around?

TM: Fraud departments must be empowered to make change and be championed internally by Senior Management. You never truly know when or where the next fraudulent attack will come from and so you need a holistic approach to the challenge that brings together what I believe are two halves of the same whole: your fraud and security teams. Working together you stand a better chance of winning against fraudsters, who don’t play by the rules.

Fraud is taking away your bottom line so you need to empower your fraud teams. My personal opinion is that fraud prevention is intrinsically linked to security and I follow a very simple philosophy in that for fraud to have occurred, some aspect of security must have failed. So, why aren’t fraud and security departments working hand in hand?

GW: I think we can agree that for any organisations looking to drive a new fraud prevention strategy, getting both security and fraud teams working collaboratively is crucial to success – otherwise fraudsters will always have the upper hand.

TM: Exactly. Fraudsters are already agile and ruthless largely because they don’t have to conform to the same rules we do. So why give them even more leverage?

Fraud prevention should be a non-competitive issue across departments and industry sectors. There are numerous organisations that bring experts together sharing information to identify trends, new practices and known fraudsters to fight against fraud. Organised Crime shares information – why don’t we?

And it has to go even further; collaboration and cooperation needs to go beyond the board room and extend throughout your organisation. Bring together core departments to enact a more all-inclusive approach to fraud prevention and tie it in with your security policy.

GW: So we’ve covered what organisations need to do, but why is it important to do it?

TM: Creating a united front, with both fraud and security working together, elevates fraud to a core business priority and ensures that your customers’ safety isn’t taken for granted. By evaluating every entry into your networks – communications or otherwise – you close any potentially exploitable gaps and protect the entire organisation from fraud.

This approach ties into TUFF’s mantra and entire raison d’être as ‘The Forum of Trust’ in that we need to work together to tackle fraud. So, with security and fraud teams working together, tackling fraud becomes simpler. Working in silos plays into the hands of the fraudster.

GW: Thank you for joining us today, Tony.

Getting your fraud and security teams to work together and effectively combat fraud doesn’t have to be difficult. For more information on how to create a successful fraud prevention strategy, download our eBook.

Download Now

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_182830_12	1 minute	Set by Google to distinguish users.
_gat_UA-182830-12	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjSession_1990635	30 minutes	No description
_hjSessionUser_1990635	1 year	No description
_hjShownFeedbackMessage	1 day	Hotjar sets this cookie when a user minimizes or completes Incoming Feedback so that the Incoming Feedback loads as soon as it is minimized if the user navigates to another page where it is set to show.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_OG_GDPR_COOKIE_	session	No description available.
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description

Fraud and Security should work together to prevent fraud

By Grant White

Consumer Duty is driving contact centre fraud prevention approach

Fraudsters are using the phone more than you realise

In fraud prevention the customer is the weakest link

Smartnumbers doubles down on Amazon partnership through AWS ISV Accelerate Program and Connect Ready designation