This week, iovation will host its fourth annual Fraud Force Summit user event, our largest summit event to date. This year’s event brings together more than 150 fraud, risk, and security professionals who will spend two days in London discussing the latest strategies and best practices they are employing to keep fraudsters at bay while improving the user experience for their trusted customers.
To kick off our inaugural European Fraud Force event, we have invited one of the foremost experts on the history and evolution of cyber crime to give the event’s keynote address: Misha Glenny. Misha was gracious enough to sit down with us to answer some questions about how crime rings have been transformed in the digital age, how the ‘flat world’ of globalization has changed the economics of hacking, and how a new generation of fraud and infosecurity professionals need to do to respond to this rapidly shifting threat landscape.
You’ve spent a good deal of your career investigating crime networks. How have they evolved in the Internet age and what advice do you offer companies looking to protect themselves from a new wave of sophisticated crime syndicates?
There is a fundamental difference between traditional organised crime syndicates and cyber crime groups. The former must have the ability to use violence if necessary - it is their defining characteristic, the latter do not. This means that perpetrators of cyber crime evince very different social and intellectual characteristics from those engaged in traditional organised crime. As a new generation of organised criminals are maturing so is their understanding of cyber - they are digitally literate. Europol and other law enforcement associations now recognise that the fusion between cyber and traditional organised crime represents probably the greatest challenge facing them in the next few years.
The EU remains quite far ahead of the US in terms of the adoption of Eurocard Mastercard and Visa (EMV) and other secure card technologies, pushing more crime rings to pursue Card Not Present (CNP) fraud strategies. How might new technologies like dynamic multifactor authentication impede the acceleration of CNP fraud in both regions?
The refusal or inability of US card issuers and banks to adopt EMV - 'chip and pin' as we call it in Europe - is little short of a national scandal. It has made credit and debit card fraud so easy that one cannot help but wonder whether the parties involved were more interested in their profits than the fight against crime. It was always a counterproductive strategy as it reduced consumer confidence and encouraged the consolidation of sophisticated organised crime groups. Dual or multifactor authentication almost always reduces fraud by significant amounts. Companies are reluctant to introduce multifactor authentication because consumers find it tedious. This is an area where education, training and communication are absolutely essential to engage consumers.
The reality of globalization has transformed areas like Eastern Europe a particular hotspot for a new generation of savvy hackers who can reap significant profits relative to the average cost of living. How do you foresee global economic trends such as these impacting the fraud landscape in general?
Fraud has been increasing in most parts of the world since the financial crisis in 2008. The fastest growth rate has actually been in Western Europe and the United States. However, Eastern Europe, West Africa and India remain the primary generators of scaled-up fraud which exploit the remarkable cyber capability of these societies as a whole. Interestingly, we now have an interesting case study as Romania begins to emerge as one of the most successful economies in south-central Europe. Beyond Russia and Ukraine, Romania has been probably the single most important country in generating advanced hacking and fraud capability. Within the next five years, we should begin to see a pattern that can identify whether (as happens often with traditional organised crime) rising living standards correlates to a reduction in criminal activity. My own feeling is that given the nature of cyber crime (financial gain is an important but not the sole part of the attraction to engage in it) suggests that this may not be quite as linear.
Fraud departments and info security are often not aligned as they typically sit in different organizational structures and have different agendas. What advice do you have for uniting these two functions so that their objectives are better aligned and what new skills and technologies should fraud managers seek to better equip themselves to protect their customers and their brand?
This question goes to the heart of what concerns me most - the issue of communications, education and training in companies. I still find it astonishing that risk management, fraud and infosec departments continue to exist in their silos. For me the heart of the matter lies in the boardroom. The statistics of board level engagement with these issues remain hair-raising even after such dramatic events as the Sony and Target hacks among others. If I were on a board I would insist on a strategy that involved regular consultations between Comms, Fraud, Risk Management, and Infosec whose work would then communicated throughout the company in a way that is meaningful and engaging.
What general trends have you observed in Europe in how organized crime syndicates operate versus the rest of the world?
Organised crime groups in advanced Western societies have a different function from organised crime groups in the developing world or emerging markets. Their main aim is to shift product. Unlike in countries like Mexico or the former Yugoslavia, they do not generally attempt to flex their muscles publicly or subvert the organs of state. Institutions in established democracies are more robust. So generally organised crime in Europe likes to fly below the radar. There are important to exceptions to this of which Italy is the best example. But this is to do with specific historical circumstances. At the end of the Second World War, the United States enlisted the Sicilian Mafia to resuscitate the southern Italy economy as the Allies drove out the Nazis. The US subsequently co-operated with the Mafia to resist Italy's popular communist movement and support instead the Christian Democrats. This led over the next three decades to an unholy alliance between successive Italian governments and the various mafias of southern Italy. The Balkans two have spawned powerful mafia organisations as have the former Soviet states. All these groups - Italian, Balkan and Russian - have established their beach heads in Germany, France, Britain and Scandinavia.
Misha Glenny is the international bestselling author of McMafia, a finalist for the FT/Goldman Sachs Business Book Award and DarkMarket, a finalist for the Orwell Prize. He is also a regular contributor to newspapers and magazines such as the Guardian, the London Review of Books, the Globe and Mail, the New Statesman, the Washington Post, and the Financial Times.