Ethical hacker

This is our third entry in a series of posts focused on people who are on the front lines to protect businesses and consumers from fraud. To help increase visibility for International Fraud Awareness Week 2020, we interviewed five fraud fighters around the globe and captured some valuable fraud tips to help you protect against bad actors and financial crime. See our previous posts featuring fraud fighters Cathy Liu from Bolt and Carmen Honacker from Sony Interactive.

In the early days of the internet, hackers were people who played around with computers and mostly tried to break into systems for fun. But increased monetary incentives and significant dark web resources have turned cybercrime and online fraud into a global crisis.

Hackers are now much more sophisticated, use advanced tools and have always defied rules and regulations. They often work in groups, or are part of global crime rings. Protection against attacks is now a core requirement for any organization that has some type of digital presence.

One way that organizations are fighting fraud is through ethical hacking, which aims to legally and purposefully “hack” systems, networks and system infrastructure to identify and evaluate security vulnerabilities. We spoke with Ralph Echemendia, “The Ethical Hacker,” about global trends in online fraud and how organizations can protect themselves.

Ralph Echemendia (the Ethical Hacker)

Ralph Echemendia is a world-renowned cybersecurity expert. For more than 20 years, Ralph has delivered training on hacking and other security information to corporations including the US Marine Corps, NASA, Google, Microsoft, Oracle, AMEX, Intel, Boeing, Symantec and IBM.

What keeps you up at night?

The thought of travel restrictions. This I feel has a huge impact on the global economy.

Identity verification: overrated or underrated?

Underrated. Identify verification is key to non-repudiation and a crucial part of online safety and security.

What is the one piece of advice you would offer someone who is entering the fraud industry?

Think like a criminal! Know what type of fraud activities are taking place and above all else understand the risks.

How can organizations best protect their business, customers and employees from fraud?

Building awareness across the spectrum, from employees to their customers.

What are some interesting fraud trends that you have noticed from country to country?

If you look at many organizations—especially in Europe—they’re focused on fraud prevention, and even broadly, people who don’t work within traditional fraud areas are very well trained in fraud prevention practices.

When it comes to the technology aspect, more and more machine learning is being used for fraud prevention. So, it certainly has gotten better, and I think it’s something that is really drastically and dramatically bringing down the potential for fraud.

What fraud statistic or/fact scares/interests you the most?

There are the typical stats around banking or transactional type of processing, which are alarming. But the interesting part about it is many of these industry people — who you would think really know what they’re doing — are dropping money into things like cryptocurrencies without fully understanding everything they need to know. Hundreds of thousands of dollars are being stolen from their wallets because they don’t understand that they’re not supposed to give up their private key.

So, it’s kind of alarming what’s happening there, especially since they don’t have the type of fraud prevention systems that we have in banking.

How can organizations best protect their business, customers and employees from fraud?

Technology is changing on both the payments side and the criminal side. It’s very cultural, across the board. It’s cultural down to the consumer, and all the way into governments and organizations that are driving that. You have the bleeding edge of technology. Then you have the leading edge of technology, where most of the fraud solutions are sold. But the hackers and the criminals are using bleeding-edge techniques and tools and legislation and compliance efforts are always behind.

The law is always years behind the criminals. The technologies are always behind the criminals[...] Then you come into regulatory, compliance, and governments, and all their involvement. By the time it gets there, the truth is, we’re addressing issues that are maybe five to ten years old, as far as regulations and compliance is concerned.

A lot of these rules are not really that specific. “All data should be private,” or, “All data should be protected.” What does that actually mean? What is the definition of “protected”? Define a system. Is a system one computer, or a hundred thousand computers? So there’s a lot to consider.

Fraud prevention professionals working together

Visit Identity Insights ­— the Trulioo Blog — during Fraud Awareness Week to learn what other experts are recommending. Meanwhile, there are many steps that you can take now:

  • Get involved by using the hashtag #fraudweek
  • Learn more with numerous videos, guides and reports
  • Share this Fraud Prevention Tip Sheet

Ten quick tips to fight fraud and protect your business

To help with education and promotion of best practices during Fraud Awareness Week, we’ve created this tip sheet with facts and tips from fraud industry experts like Ralph.

Trulioo-fraud-week-tip-sheet