The escalating prowess of criminal syndicates underscores the imperative for cybersecurity and anti-fraud personnel to converge efforts. Yet, there are other variables contributing to this necessity as well.

The Covid-19 pandemic witnessed a surge in pet adoptions, with 3.2 million UK households acquiring pets to mitigate lockdown-induced solitude. Predictably, this influx of capital attracted criminal elements.

Pets4Homes, UK’s premier pet-classifieds platform, soon found itself beleaguered by fraudsters and cybercriminals preying on prospective pet buyers. The unprecedented consumer demand catalysed a surge in activities by sophisticated criminal networks, acknowledged Axel Lagercrantz, CEO of Pets4Homes.

These nefarious activities spanned from puppy smuggling and advertising non-existent puppies, to attempts at data theft. Despite the company’s remedial measures, fraudsters continually re-emerged with altered identities.

To combat this, Lagercrantz established a round-the-clock reactive team tasked with identifying fraud and cybersecurity threats, and more importantly, disseminating this intelligence throughout the organisation, fostering unhindered communication among the firm’s risk-detection nodes.

The team diligently validated the authenticity of vendors by cross-referencing IP addresses and implementing the banking sector’s Know Your Customer (KYC) protocols. Every new puppy image was scrutinised to ascertain its originality.

The result was a substantial blockade of deceptive advertisements, with over 40% being blocked, marking a 300% increase compared to 2019. Presently, a mere 0.1% of Pets4Homes advertisers are flagged as problematic, a testament to the enhanced verification and security measures, Lagercrantz noted. “With every added layer of verification and security, we have seen a constant drop, not only in confirmed cases but also in attempts,” says Lagercrantz.

The Merits of Merging Cyber and Fraud Teams

This situation accentuates a broader principle— the traditional segregation of fraud and cybersecurity teams might be outdated. For example, the financial services sector expends £22,000 hourly combating fraud and financial malfeasance. However, with cybercrime and fraud becoming intertwined due to highly skilled criminal factions, this investment could be squandered without a comprehensive understanding of digital threats.

Transparent communication channels among anti-fraud and cybersecurity teams are indispensable, sharing insights, workflows, and resources across the three cardinal threat functions—identification, monitoring, and response, states Marit Rodevand, CEO and co-founder of Strise, a software purveyor specialising in anti-money laundering solutions utilised by European banks.

“The sensible application of AI can help to overcome any gaps in legacy technology, but businesses should also constantly examine how and where risk information is shared among their teams. When a high-risk customer has been denied certain services by one department, it must be impossible for them to become a customer in another,” explains Rodevand.

“In larger organisations, a chief risk officer oversees these combined efforts and implements greater internal collaboration,” Rodevand continues. “Especially when a transition from siloed legacy systems is required, as this is often a complex barrier to integrating fraud and cyber departments.”

Harmonising The Functions

Optimal defence isn’t about blindly amalgamating cyber and anti-fraud teams. Rather, fostering a ‘cyber-fraud’ function through regular inter-team dialogues could be more productive, suggests Eliza-May Austin, CEO and co-founder of cybersecurity consultancy th4ts3cur1ty.company.

“Equip them with a whiteboard and allocate two hours to see what unfolds,” she recommends. “Observe how these sessions benefit your business and how the people involved perceive the potential synergies. If this approach proves effective, consider making it a regular practice or explore the idea of a broader restructuring.”

Simple measures like harmonising terminologies across teams can remove linguistic barriers, promoting closer cooperation. “You’d be surprised how effective a shared vocabulary can be in achieving a common end goal,” says Rodevand.

Further alignment can be achieved by standardising risk-assessment protocols across teams, ensuring congruent understanding and eliminating redundant risk evaluations, Rodevand suggests. “This ensures that people are on the same page, so that risks are not duplicated. This can be easily achieved by assigning people with responsibility for overseeing these efforts,” she adds.

While not every potentially fraudulent email necessitates a cybersecurity expert’s review, it’s vital that fraud specialists apprise their cybersecurity counterparts of emerging trends and scams, Austin notes.

Maintaining a Distinction

Dismantling barriers between fraud detection and cybersecurity isn’t about mandating dual roles, Austin clarifies. “Fraud analysis is an individualised process. It demands a dedicated and competent team capable of responding to anomalies in say, card usage, or detecting attempts by individuals to impersonate vulnerable relatives over the phone. Fraud focus remains on individual cases,” she elucidates.

“On the other hand, cybersecurity is a broad domain encompassing network security, endpoint security, infrastructure as code-based forensics, incident response, testing, detection and response, and engineering, among other aspects. Each of these areas requires a distinct skill set,” Austin further explains.

Compliance checklists also underscore the importance of maintaining a separation, as Know Your Business (KYB) checklists differ from cybersecurity checklists, Rodevand points out. “So implementing a centralised checklist would require employees to undertake checks that may not be necessary, draining time, money and resources,” she asserts.

While viewing cybercrime and fraud as shared challenges fosters operational expertise sharing and aligned objectives, prudent deployment of skilled professionals is essential, Austin concludes. “There’s little value in deploying highly skilled cybersecurity analysts to investigate whether someone on a call was impersonating a relative to secure a loan. To the untrained ear, anti-fraud and cyber detection may seem similar, but they are fundamentally different in terms of their focus and required skill sets,” she states.