The cyberthreat landscape is becoming increasingly dangerous and complex, and in the Asia-Pacific (APAC) market, experts are seeing a number of trends progressing.
Like the rest of the world, APAC has also seen the emergence of generative AI, with individual and enterprise users increasingly using tools like ChatGPT and Bard. However, these platforms’ ease of use and sophistication make them a perfect playground for fraudsters, according to Liron Damri, President and Co-Founder of fraud prevention SaaS firm Forter.
Frontier Enterprise recently interviewed Damri to discuss various cybersecurity issues threatening organisations in APAC and beyond, and unlock ways to solve them.
ChatGPT and similar AI bots are friendly, conversational, and persuasive, which can be a perfect recipe for disaster to untrained individuals, remarked the Forter President.
“They are ideal for building initial relationships before a fraud attack, especially since these typically follow intelligently written scripts. We anticipate fraudsters will begin to use these tools to their advantage very soon,” Damri said.
APAC in focus
In Southeast Asia, Forter has observed a significant rise in social engineering attacks, such as scams and account takeovers.
“We have noticed that certain ASEAN countries are particularly vulnerable to promo abuse. This is unique to the region’s diverse online payment ecosystem, which has over 200 alternative payment systems, making it more exposed to a broader range of risks in addition to classic credit card fraud,” Damri said.
According to the Merchant Risk Council, new e-commerce fraud rings in Southeast Asia have emerged, resulting in “US and APAC ecommerce sites losing US$700 million in fraudulent sales during the fourth quarter of 2022.”
Meanwhile, in China, the consumer market is still not immune to fraud attempts, despite advancements in mobile technology, online access, and a variety of payment options available.
“To address these emerging trends, you need an approach that fuses artificial intelligence, machine learning (ML), and human expertise. The use of machine learning to detect patterns across vast datasets and the knowledge of fraud experts to continuously update models is essential,” Damri noted.
Digital identity versus fraud
Damri observed that with APAC helping to lead the continuous boom of the digital commerce industry, there is mounting pressure from sophisticated fraudsters, bots, and scheming buyers.
“At Forter, we realised that rigid rules-based systems (deployed by the merchant and/or offered by a fraud solution provider) cannot deliver accurate fraud decisions because the rules themselves are the fraudster’s target. Bad actors have mastered ways to look through the entire system to identify weak points and extract cash or value from online accounts and systems,” he explained.
According to the cybersecurity expert, the only way to weaken or curb these attempts is to pinpoint the identity behind an interaction.
To achieve this, Forter has forged numerous partnerships with merchants over the years. As a result, the company’s “Trust Platform” is said to be capable of matching and pinpointing identities using ML and human knowledge. This ability seeks to deter bad actors from masking or manipulating data points.
“In this model, an identity— a bad actor or a good customer— known to one merchant is immediately known to all merchants. To assess trust identity, you can’t rely on humans or AI. You need a hybrid-AI approach, which we call our Decision Engine, which fuses AI, ML, and human expertise,” Damri said.
According to the executive, Forter’s Decision Engine relies on first-party datasets and has “unique” partnerships and integrations across the fraud and payment ecosystem. It has the ability to influence authorisation rates and drive higher conversions due to the company’s deep understanding of identities.
Privacy concerns always remain a significant part of conversations pertaining to any new technology, given the amount of data collected every minute.
Forter’s approach is to use customers’ personal data only to provide services aimed at combating fraud and abuse, said Damri.
“We don’t sell our customers’ personal data to anyone, and we don’t use this data for any other purposes. Furthermore, we’re constantly improving technical and operational safeguards designed to protect the security, confidentiality, and integrity of our systems, networks, and customer data,” he elaborated.
Furthermore, the company holds several certifications, including PCI Level 1, SOC2 Type II, ISO 27001, and ISO 27701, and has an established vendor management program that includes a vendor due diligence process and regular scanning and assessment of its vendors’ security posture.
Earlier this year, Forter launched its Forter Partner Program, aimed at helping “joint customers maximise revenue, combat fraud, and reduce chargebacks while creating new solutions and service opportunities” for member businesses.
The company aims to expand its digital cooperation beyond merchants, and is rallying financial institutions, marketplace operators, independent software vendors, payment service providers, system integrators, consultancies, agencies, and more to its cause.
Damri shared that Forter’s mission is to combat fraud collectively by utilising its network. He emphasised, “Having worked in fraud and risk management operations for decades, we understand the importance of working together to fight fraud. The key is to ensure that a fraudster known to one merchant is known to all merchants, without sharing any merchant data. This is the fundamental idea behind Forter’s network.”
Because of the dynamic nature of the digital commerce industry, Damri advises merchants not only to be two steps ahead of consumer expectations, but also five steps ahead of fraudsters.
“Balancing customer experience with business demands and the realities of fraud is the name of the game. Merchants who can effectively balance all three will be the market leaders,” he concluded.