US banks processed over $448 billion in peer-to-peer (P2P) transactions in 2022, making these platforms a prime target for fraudsters. Online scams using Zelle or Venmo are becoming increasingly sophisticated, fueled by artificial intelligence (AI). Fraud prevention technologies must evolve accordingly.
The rapid pace of digital transformation has benefited society and the economy immeasurably. However, cybercriminals also leverage cloud infrastructure to scale their operations. With cloud-powered AI and machine learning (ML), fraud prevention is now a “battle of the machines.”
Fraudsters can build ML models using cloud services, capable of circumventing the defenses built by companies to spot obvious fraud. A typical fraud-mitigation system in a retail setting has a rule that transaction values exceeding $900 need secondary verification. An ML tool could calculate through trial and error the point at which high-value transactions are inspected. Fraudsters can ensure their fraudulent transactions stay under $900 and are based in the right geolocation to avoid detection.
Sophisticated ML models can be probed and attacked for weaknesses by malicious AI. The more opaque they become, the riskier they are to deploy in production settings. Humans will have a limited understanding of their behavior, the outputs they might generate and need to train them on data from previous attacks. This combination would make them vulnerable to exploitation when presented with a slightly different scenario. It only takes some targeted trial and improvement for malicious AI to learn those oversights and blind spots.
AI could also generate fake image data of a user’s face that’s compelling enough to allow a transaction to proceed. Or it could be trained with public video or audio data to impersonate legitimate customers in authentication checks. Similarly, AI could be trained to mimic human behavior such as mouse movements to outwit machines designed to spot signs of non-human activity in transactions. It could even generate different combinations of stolen data to bypass validation checks. These scenarios are solved using the public cloud, a compute-intensive task.
However, fraud and risk teams can counter malicious AI by tweaking their own approaches. AI can be trained by the bad guys to mimic human behavior more realistically. Still, if it’s used in automated attacks, it will still need to be deployed like a bot, which can be detected by tweaking and innovating fraud-detection algorithms.
Defenders can bolster their defense by deploying new and improved ML algorithms and changing the battlefield to one that provides them with a strategic advantage. Fraud detection can move to the network edge, closer to the devices used to make online transactions. This creates a dynamic where unusual or high-risk behavior is easier to spot with a higher degree of accuracy. Using existing infrastructure such as content delivery networks (CDNs), fraud detection can move to the edge in a relatively seamless manner. This also provides a clearer and more detailed view of a user’s online experience, creating a richer and nuanced baseline to spot and thwart malicious AI.
By capturing intelligence across the user’s entire session, there’s more opportunity to spot machine-generated anomalies. Flexible signal generation can be a powerful tool in a security engineer’s arsenal. It can be used to trigger image analysis as soon as an image is uploaded and compare mouse movements across non-financial transaction pages with those where a financial transaction is initiated. Greater visibility into the customer experience can provide valuable insights that support other business functions.
AI is becoming very sophisticated very quickly. Moving fraud detection to the edge is a preemptive move that can make it harder for fraudsters to succeed, increasing the likelihood that they’ll move on to more vulnerable targets. Cloud-based ML models for both committing and defending against online fraud heralds the beginning of a new, cloud-native, AI-driven arms race. The battle of the machines has begun.