Trident Digital Fraud Resilience Framework

As fraud and scams become more sophisticated through the use of AI, Fraud prevention becomes less effective. Companies who are fraud resilient are prepared for the onslaught. The Trident Framework is an aid to achieve Fraud Resilience.

Prevention

The Prevention Process Area is the most effective of the 3 main pillars.

• The purpose behind Digital Trust is to provide an inherently secure application to clients that is secure by design as well as easy to use in a secure manner.
• Awareness is a crucial part as the user is often the best scam detector. It is important to make the clients aware of both the security features in the application as well as how to behave securely when dealing with sensitive data like passwords.
• Although awareness is crucial, the advances in AI driven scams can produce the most convincing messages that even professionals have difficulties identifying. To support the clients, the company should provide a Verification service to allow clients to validate whether the message is legitimate.
• Due to the sheer number of malicious actors, it is not possible for a single entity to fend off the whole world. Collaboration can help by sharing information about encountered scams as well as potential preventative or remediate actions..
  

Governance

The Governance Process Area plays an important role in keeping everything up to date and at the maximum preparedness level.

• Core to an effective fraud management is to have to correct taxonomy of all the different fraud use cases that can apply to the company. They may also be very specific cases based on industry and sales model (B2B, B2C). Additionally, this needs to be monitored proactively as criminals have a high innovation rate.
• To be effective, the fraud use cases need to be regularly reviewed and risk assessed, as the probability and impact will change over time. This is important to ensure that the right risks are prioriitised and tracked.
• Being fit for purpose require an active improvement loop to reflect not only the constantly changing fraud landscape, but also to combat detection control degradation and fight complacency. Even if nothing happens, it is still advised to conduct an annual review.

Detection

 The Detection process area is the traditional focus of the major solution providers.

• All fraud detection solutions traditionally use Machine Learning very early on to detect anomalies and outliers, practically all have evolved to AI. Additionally, they have also detection rules and detect back-listed entries, which is also a typical use case for Anti Money Laundering.
• Besides regularly updating the blacklist, it is recommended to also have an observation list that flags activities on those accounts that need further investigations so that they can be added to the blacklist later if so verified.
• Although the solution vendors provide regular updates for their products, having additional fraud intelligence will help provide a broader view of the ongoing scams that may not be detected by existing tools.

Response

The Response process area is plays an important role to prevent funds transfer once a fraud is detected.

• Usually, the fraud detection system is integrated within the main payment system. However, if fraud is reported too late, there should be a procedure in place to disrupt the transaction or, if the transaction is already complete, to clawback or repatriate the funds.
• Once the fraudster's modus operandi has been identified, their infrastructure needs to be taken down to prevent further damage to other clients.
• Very often, the detected fraud is not a single occurrence. it is important to have a monitoring in place to detect and prevent similar behaviour. Another possibility is to analyse past transaction data for indicators of fradulent activites once additional intelligence is avaiulable (fraud hunting)