Reese's® Peanut Butter Cups are a "so-good-it-has-to-be-bad-for-you" treat adored by candy lovers everywhere. The combination of peanut butter and chocolate is such a classic it's hard to remember there was a time no one thought about putting these two together. In fact, Reese's built an entire advertising campaign around the odd couple concept. The original commercials from the 1970s are available on YouTube and worth watching for their comedic value - they were filmed before people realized that it's probably not a good idea to eat food from a stranger you literally run into on the street.
The online fraud detection market is on the verge of the same "aha" moment as the goofballs in the Reese's commercial. Stacking single-function anti-fraud solutions for a strong, layered defense is a strategy embraced by most enterprises today. The strategy is a sound one. After all there are some great point products in the market today for authentication, transaction monitoring, behavioral analytics and threat intelligence.
As effective as these point products are on their own, however, we as an industry are missing an opportunity if we don't start enabling them to work together - not only within but even across vendors - to drive new and actionable insights into the fraud landscape. These insights will, in turn, allow enterprises to manage their individual fraud landscapes in a manner that aligns with their risk tolerance and strategic priorities. When we maintain silos we miss context.
Let's take authentication as an example. Authentication solutions see the variables available at individual points in time, namely login and transaction, and make a decision based on those variables. Adaptive Authentication, RSA's risk-based solution, does this very well, consistently achieving global fraud detection rates of approximately 93% with low false positive and intervention rates.
However an actual web session starts before the user logs in, continues through login and ends at some point after the transaction. What if a legitimate customer clicks a phishing link that directs him to change his password on your site? What if a fraudster successfully takes over an account and then changes the contact information and adds a new payee right before transferring a large sum of money to that payee? What if threat intelligence suggests that the payee is a mule account or the IP has been recently confirmed as fraudulent? Is this the type of information that you would want to take into consideration?
In other words, what happens at other points in the web session could impact how you want to manage decisioning at login and transaction, when the exchange of information and funds are taking place. RSA Web Threat Detection and RSA FraudAction are used in this manner, to provide additional context to inform RSA Adaptive Authentication's decisioning. This in turn enables our customers to make more informed, contextualized decisions - granular decisions that are right for their organization.
And we aren't just keeping it in the family. We are also opening our platform to feeds from other vendors as well. In addition to the ability to leverage external information in Web Threat Detection, our customers can also use third-party feeds to impact the risk score in Adaptive Authentication.
Perhaps counterintuitively in today's competitive anti-fraud market, RSA's Fraud and Risk Intelligence Suite is taking the "play nice with others" approach because our primary responsibility is helping our customers protect their consumers. Enabling them to bring in information they know is impactful to their site, even if it is from a competitor, will help our customers make the informed and strategic decisions that keep consumers safe.
Just as in the old Reese's commercials the "aha" moment is upon us. Hopefully as the value of an integrated approach becomes more apparent and, hence, more widely adopted, looking at fraud detection as a stack of siloed capabilities and information sources will become anachronistic. I just hope that our outfits and music players aren't as embarrassing as the couple in the Reese's commercial when that day comes!
Download the 451 Research Pathfinder Report on web behavioral analytics or Cybercrime: An Inside Look at the Changing Fraud Landscape
Follow us on Twitter @RSAFraud