Security News > 2020 > December > Is Chasing Malware Really Helping You Reduce Fraud?
With different types of solutions approaching the fraud problem space from different angles, it's worth asking the question: What problem or problems are we actually trying to solve with this class of solutions? To my knowledge, enterprises are most often interested in reducing fraud losses.
While these may seem like legitimate techniques, they don't actually reduce fraud losses.
If an enterprise understands that separating fraudulent transactions from legitimate ones is the best way to detect and prevent fraud, then why would that enterprise not shift its fraud strategy from signature-based to behavior-based? In other words, rather than focusing on infected and phished users, the enterprise needs to focus on strange, anomalous behaviors, unusual environmental factors, and transactions that do not appear to be legitimate and expected.
Playing whack-a-mole with malicious code infections, phishing sites, and compromised credentials won't help an enterprise reduce losses due to fraud.
If what we're after is reduced fraud losses, it only makes sense that we look at the fraud problem space from a more sensible angle.