Machine learning increasingly is being used to discover fraud schemes. With this type of artificial intelligence (AI), the technology learns or improves in accuracy through experience, rather than through additional programming. If you already use AI in your business, you’re probably somewhat familiar with how machine learning works. But here’s a quick overview of its application in fraud detection.

New approaches needed

More and more, businesses rely on digitization to deliver the goods and services their customers want. Unfortunately, digitization also makes it easier both for cybercriminals and stakeholders, such as employees, vendors and customers, to steal. Preventing fraud in the digital age requires new approaches.

Machine learning is one such approach. Traditional rules-based fraud detection software flags transactions — such as purchase orders of a certain type or over a certain amount — that are suspicious according to static rules. On the other hand, fraud detection software that includes machine learning uses large sets of historical data to “learn,” or create algorithms about the patterns associated with new fraud schemes, enabling it to detect fraud in the future.

Step by step

For a machine to learn, its users must follow certain procedures. After the software is enabled to capture historical transaction data — and the more data, the better — the company using it reviews the data to ensure it presents an accurate picture of transactions. The software then applies algorithms to identify potentially suspicious items. This process creates the first fraud detection model. The software analyzes the same set of data repeatedly and produces new models for the company to review. The company provides feedback on each model to help the software develop better algorithms.

Through this process, the model learns what constitutes fraud and the number of false positives should drop significantly. In the end, the company selects the most accurate fraud detection model to put into production. 

Getting started

If you have the technical capabilities, you may be able to develop a customized machine learning program for fraud detection in-house. We can help if you don’t. Contact us.

© 2020 Covenant CPA

Every time your business interacts with customers is an opportunity to build trust. And it’s an opportunity you can’t afford to neglect. Look at customer data. When customers hand over personal and financial data to your company, they expect you to do everything in your power to protect it from hackers — as well as non-criminal third parties. If you don’t? Just look at some of the companies affected by major data breaches.

Provide fraud notices

Unless you run a cash-only business, you collect financial data from you customers every time you process transactions. If you offer credit accounts to business customers, you probably collect even more information. You’re obliged to ensure this data doesn’t fall into the hands of thieves and fraud perpetrators.

Consumers don’t need to understand the inner workings of your fraud prevention efforts. However, they must trust that you have an effective program in place. Provide notices on your website and train customer service representatives to answer questions about your fraud prevention program. If you require customers to use passwords or answer questions to prove their identities online, explain why these steps are necessary.

Explain how you share data

Criminal activity isn’t the only thing customers worry about. Increasingly, they want to know how businesses willingly share — and often profit from — their data. Given the patchwork of data privacy regulations, most consumers know little about the laws and regulations governing businesses. In layman’s terms, briefly summarize which ones cover your company’s activities, as well as your commitment to honoring the spirit and intent of them. Note that if you have customers in the European Union (potentially any company with a website), you need to comply with the EU’s stringent data protection laws.

As a general best practice, don’t collect any more data from customers than you absolutely need.  If you intend to share it with third parties, inform customers at the time you request the data and allow them to opt out, if possible. Keep in mind that some customers will probably go elsewhere if they know you plan to share their data or if your business model is largely based on sharing data. Nevertheless, transparency is critical.

All about communication

Whether you’re trying to prevent fraud or share data with third parties responsibly, keep your customers informed. Good interpersonal relationships are based on trust — and that’s just as true for business relationships.

© 2020 Covenant CPA

You’d be hard pressed to find a business today that doesn’t have laptop computers listed among its assets. Large companies have hundreds of them; midsize ones issue them to managers to facilitate mobility; and many small businesses rely on them as primary computing devices.

Now, in and of itself, a laptop may seem harmless. But they literally hold a clear and present danger to companies: their batteries. Poorly maintained or damaged batteries can catch fire — putting any people and property nearby in serious risk. Faulty batteries can also hamper the device’s functionality, shorten its lifespan and put critical data at risk, inhibiting employees’ productivity and lowering morale.

Best practices

To help guard against the possibility that one of your company’s laptops might incur battery-related damage, follow these best practices:

  • Require the use of only compatible computer batteries or chargers.
  • If you maintain an inventory of loose batteries, keep them away from metal objects, such as small tools, coins, keys or jewelry.
  • Educate employees to, perhaps ironically, not use their computers on their laps or on any other soft surface (such as a bed or sofa) that could restrict airflow.
  • Teach employees to never place any heavy objects on their laptops that could crush, puncture or place a high degree of pressure on the battery.
  • Provide training on the proper transportation of laptops to prevent bumping the computers into objects or dropping them on hard surfaces.
  • Instruct users to never put a laptop in an area that could get very hot, such as the hood or dashboard of a vehicle, or a desk in a warm room directly exposed to sunlight.
  • Explain to employees how to safeguard their laptops from moisture and, if a computer does get wet, to bring it in for maintenance immediately because, even after drying, batteries or circuitry could slowly corrode and pose a safety hazard.

Ultimately, workers need to follow battery usage, storage and charging guidelines found in the user’s guide of their respective laptops.

Manufacturer info

Laptop battery manufacturers are a key resource in staying safe. Remind staff that they shouldn’t use batteries subject to recall while awaiting a replacement battery pack from the manufacturer. Employees should use the AC adapter power cord to power their laptops in the meantime.

If you’re unsure about the compatibility of any of your company’s laptops and batteries, or you suspect one of your units may have been damaged, contact the manufacturer to determine whether you’re at greater risk for a battery-related mishap. In fact, you might want to contact the manufacturer anyway just to get the latest on safety concerns about laptop batteries.

Critical assets

Laptops, and computing devices in general, represent a substantial cost outlay for virtually every size and type of business. We can help you set a reasonable purchasing budget and better track and manage the maintenance costs of these critical assets.

© 2019 Covenant CPA

Fraud experts have long known that “dark web” sites provide information, support and illicit goods to hackers and other criminals. But security company Terbium Labs recently published a report analyzing a treasure trove of fraud guides for sale on shady sites. These “educational” publications provide crooks with detailed instructions on exploiting security weaknesses to hack networks, obtain financial information and steal identities.

Effective tips

Although Terbium found that most of the guides it downloaded were relatively useless, there were still plenty that provided effective tips on compromising networks and disrupting antifraud procedures. The guides cover everything from account takeovers to phishing to counterfeit documents to stolen credit cards. Often, they discuss specific companies. For example, a “Bank Drop Creation Guide” provides detailed instructions on how to create a fraudulent bank account at nine specific financial institutions.

Some of the most dangerous information contained in these fraud guides tells would-be hackers how to use social engineering to breach companies’ security. Using the above example, a guide might contain a script crooks can follow to persuade a bank employee that a fraudulent account is legitimate.

Prized data

Terbium’s analysis of the guides found that certain types of personal information were particularly prized by thieves. Email addresses, which enable phishers to personalize their come-ons and track down a target’s full name and social media accounts, led this list. Passwords, not surprisingly, were a close second. User names, Social Security numbers and dates of birth were also highly sought after.

Among financial data, hackers prefer payment card information — though they show a clear preference for credit cards over debit cards. Card numbers are considered easy to obtain (millions of card numbers are available on the dark web), so the guides provide tips on maximizing profits before fraudulent purchases trigger alarms with the victim or card company.

What can you do?

Given the number of fraud perpetrators and wealth of information available to help them commit crimes, you may wonder how you can protect your personal financial or business’s customer data.

Individuals can reduce their risk by ignoring suspicious emails and disclosing financial information only on sites that provide SSL certificate authentication and encryption. Also, they should share even innocuous-seeming information, such as email addresses, only when necessary. Businesses need to work with experts to build a data security system that addresses their specific risks — and to update it religiously. Also, be sure to implement policies and procedures that prevent employees from inadvertently assisting fraud perpetrators. Contact us for help creating internal controls that will reduce your company’s fraud vulnerabilities at 205-345-9898 and info@covenantcpa.com.

© 2019 CovenantCPA