Integrating Fraud Data Into Your Workflow

Fraud Detection Solutions Must be Easily Integrated Into Security and Fraud Operations

When an enterprise seeks to reduce the losses it suffers due to fraud, there are many points to consider. Among those points is the careful consideration of how any fraud detection and prevention solution will integrate into the enterprise’s day-to-day operational workflow.  In other words, for any fraud solution to be practical, it must be easily integrated into security and fraud operations.

While there are a number of different fraud detection and prevention solutions on the market, they each differ from one another in their own way.  Integration into existing operational workflows is a point that is often given far too little weight during the evaluation and procurement process. I’d like to focus on that point in this article.

Any fraud detection and prevention solution that purports to blend seamlessly into existing operations should, at a minimum, provide the three “R’s”:

● Recommendation: No matter what type of data modeling, AI, machine learning, or analysis are happening behind the scenes, a good fraud detection and prevention solution needs to provide a clear and concise recommendation. After all, the greatest technology and the greatest capabilities in the world are of no use if an enterprise can’t easily consume a recommendation.

● Reason: I don’t know too many people who like technologies that operate as a black box. If you want me to consume your recommendation, you should be able to articulate to me why you made that recommendation in a straightforward manner. I don’t need to understand the intricacies of your intellectual property, but you should be able to give me an easy to understand, logical description of why you made a certain recommendation.

● Review: As recommendations are made and reasons supporting those recommendations are provided, the enterprise will likely want to review the data and circumstances around those recommendations. A good fraud detection and prevention solution will provide easy-to-use access to that data, along with logical summaries and analyses of the benefits the enterprise is getting from the solution.

Assuming that a fraud detection and prevention solution provides the three “R’s” above, there can still be quite a bit of difference between different offerings on the market. It’s important to remember a few different requirements that make for a good fraud solution worth integrating into the enterprise’s operational workflow:

● Easy to deploy: Unfortunately, there are quite a few fraud detection and prevention solutions out there that are quite difficult to deploy. A solution that requires a lengthy and complex deployment isn’t going to meet the needs of an enterprise looking to seamlessly integrate that solution into its operational workflow.

● Easy to consume: The greatest data and the greatest recommendations in the world don’t do an enterprise much good if they aren’t easy to consume. A good fraud detection and prevention solution needs to provide its data and recommendations in a way that an enterprise can easily access. Further, it shouldn’t take several months of intense professional services assistance to integrate that output into the operational workflow.

● Easy to operate: When looking at the cost of a fraud solution, operations and maintenance cost is something that is often overlooked.  In addition to the cost, there is also the practical aspect – a solution that requires multiple FTEs to operate and maintain quickly becomes a drain on productivity. Valuable resources that should be spending time identifying, analyzing, and responding to security and fraud incidents end up spending most of their time babysitting poorly designed and poorly architected solutions. To say that this doesn’t bode well for integrating those solutions into the daily workflow is an understatement.

● High fidelity: A decent fraud solution shouldn’t just make recommendations – it should make good recommendations. Enterprises should have confidence in the quality and fidelity of the data they are getting out of their fraud solution. Further, the false negative rate should be low – a fraud solution isn’t particularly good if it is missing a significant percentage of the fraud that is occurring.

● Low noise: I don’t know too many security and fraud teams that have a lot of extra time or resources. A worthwhile fraud solution should have an extremely low false positive rate. It doesn’t help an enterprise if their fraud solution pollutes their workflow with a tremendous amount of inactionable noise. In fact, quite the opposite.  A high false positive rate actually works against the security and fraud teams by distracting them from real incidents and forcing them to invest that time and resources into false positives.

● Actionable: Any alerts from a fraud solution need to be actionable. If I don’t need to take any action on something, why are you telling me about it?  If it’s just to show me that your fraud solution exists, spare me the trouble. I only need to hear about something when it’s something I need to be made aware of.

● ROI: The most straightforward calculation for showing the efficacy of a fraud solution is by calculating the return on investment (ROI). If the solution cost $X and prevented $Y in fraud losses, Y should be a significant multiple of X. Otherwise, the fraud detection and prevention solution has not lived up to expectations.

view counter

Joshua Goldfarb (Twitter: @ananalytical) is currently Director of Product Management at F5. Previously, Josh served as VP, CTO – Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Previous Columns by Joshua Goldfarb:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *