Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth, I'm the director of the Practice Identity and Access Management here at KuppingerCole. My guest today is John Tolbert. He is the Research Director for Cybersecurity at KuppingerCole Analysts. And we want to continue a discussion that we started very early. But first of all, hi, John. Good to see you.
Well, Matthias, good to see you again.
Great to have you. And we do an update on a topic, I've looked it up actually because it sounded familiar to me. We did this in one of our very first episodes. Way back then, we were not even black and white. We were even without video. So that was episode seven and we talked about FRIP, about Fraud Reduction Intelligence Platforms, and we want to update that. What has happened in the meantime, John?
Well, it's a great question. We've done a couple of iterations of this report. It's a comparative report on the different Fraud Reduction Intelligence Platforms that are out there in the market. And this one just published at the end of April. So fresh information for any company or organization that's interested in how to add fraud reduction, fraud detection capabilities to their websites or their services.
Right. When you talk about fraud. Has fraud changed since 2020? Do we see new types of fraud? And what...? I think cyber criminals have evolved, didn't they?
Yeah, unfortunately, cybercriminals are very innovative. And, we're still facing a lot of the same kinds of fraud, but a lot of the techniques that they use have changed. They're constantly morphing what they do to try to, be able to have successful fraud campaigns as businesses try to keep up. So that's kind of a constant back and forth with innovation there between the fraudsters and the fraud detection services that are out there. But yeah, we're always trying to prevent things like account takeovers. Those are just what they sound like, trying to get access to a legitimate person’s account, probably to take money or anything else that can be turned into currency. And just about every kind of business out there or government agency or nonprofit agency can be a target of account takeover fraud. Then we also have account opening fraud, that's been going on for a long time, too. That's where a fraudster will take information about a real person and then use that to try to create an account that looks like another person, often for even greater financial gain, opening an account, using it as a mule account, money laundering, taking out lines of credit, large scale financial fraud. So on the whole, I'd say these are the two biggest types, and there are lots of permutations of that, that we see in the marketplace as well.
Right. When we say Fraud Reduction Intelligence Platforms, there's the word platform included. And that hints at a collection of technologies. What are the typical ways to prevent or at least to detect fraud when it comes to such systems? Where can we really support here?
Well, we've identified what I'd call six major areas, six methods, technologies that are used by these Fraud Reduction Intel Platforms. The first one is identity proofing. and this is about raising the overall identity assurance level. This is great for, complying with know your customer initiatives, anti-money laundering laws, sanction screening. It helps reduce account opening fraud. Then there's credential intelligence. This is simply knowing, within one FRIP service provider where another credential may have recently been used to try to perpetrate fraud. So they share this information amongst their customers. And there are some consortia out there where they can share information between different Fraud Reduction Intel Platforms, too. And then this, again, helps prevent account takeover fraud. Then there's device intelligence, knowing a bit about the device the request is emanating from, the IP address, maybe the operating system level, whether or not it looks like it's being influenced by malware, location, bits of information about the device itself. Then there's user behavioral analysis, that's, again, something really good at helping to prevent ATO fraud, account takeover fraud that's looking at, things like human transaction history. If you normally go to this site, is the transaction you're trying to make something that you know fits your normal baseline. If not, that should raise a red flag and ask for some sort of verification there. And then there's behavioral biometrics. We see that more and more often. That's really good for a number of things, not only account takeover detection, even account opening detection, knowing how a user normally works with their device, whether it be a phone or a keyboard, the keystrokes and mouse analysis, those things can be used to sort of develop an individual profile and then it can be determined whether or not, given transaction type or an attempt to open an account may or may not be actually coming from the person that it purports to be. And it's also good for bot detection, which is the next thing. Bot detection and management, an awful lot of fraud is perpetrated by bots because the cyber... yeah, they want to automate it, make it faster. So it's good to be able to not only detect what it's about the be able to decide what to do with it because there are legitimate bots out there that get business done every day. You don't want to just say, Oh, that's a bot and shut it down because some bots are actually good.
Absolutely. And if we look at this list of key technologies, techniques that you just mentioned, we're talking about fraud prevention, fraud detection, but I think there are other use cases where these techniques also make perfect sense. Me as an advisor, I'm often right now asked also for these technologies in other areas when it comes to enterprise employees, when it comes to partner management. So these technologies are more widely used as well. So Fraud Reduction Intelligence Platforms are one driver for a technology that evolves also into other areas, right?
Yeah, that's a great point. Fraud reduction technologies do sort of exist independently in the market, but over the last couple of years we've seen them become widely requested integrations for CIAM, Consumer or Customer Identity and Access Management. And you're absolutely right, there is a lot of use for these kinds of technologies on the employee workforce side of things, too. Not necessarily to try to prevent the same kinds of fraud. But maybe to prevent insider threats. So some of the same techniques or technologies can be used to detect malfeasance from not only employees, but let's say you have a big contractor workforce or you have high turnover for whatever reason, and you need to maybe be able to do some identity proofing of large numbers of users that come and go. There are many more uses I think that we're going to see for workforce IAM as well.
Right, exactly. And now that you've looked at the market since 2020 or even longer, what are new developments that you can see? What has changed in the market, at the vendors and the functionality? And what are some insights that you can share from the latest edition of your Leadership Compass?
Well, we're covering more vendors in the space and whereas some may have had two or three or four of these different functional areas that you see here, most of them are growing toward including all of these different vendors of capabilities, either within their own platforms or with pretty deep integrations or OEM arrangements with other specialists in the field. We've also seen a big increase in the need for identity proofing outside of just like for finance, for AML, anti-money laundering. Other industries are now much more interested in trying to raise that identity assurance level to the appropriate level for their business. One example that I've heard about that I think is pretty interesting is short term rentals, getting a little bit more information. You may have maybe even noticed this, if you tried to stay in a short term rental place where you may have to provide a driver's license or some other official document to be able to register with the site. So, I mean, I think that's another example of how different kinds of businesses want to raise that identity assurance level just a little bit. We see more use of credential intelligence, mostly within an individual FRIP vendor's platform. But again, there's a little bit of movement toward, sharing signals between different organizations, too. And I guess lastly, behavioral biometrics is not brand new technology, but we are starting to see more and more vendors use that or partner with specialists in that field to make sure that their FRIP solution can include behavioral biometrics, because it does drive so much by detection, too.
Right. And as you said that the vendors are covering more and more of these areas in one platform. Is there also still room for startups, for new technologies, for niche providers that actually provide solutions that have never seen before?
Yeah, yeah, I definitely think so. I mean, we see a few of those come into existence every year, especially, on the consumer facing side because of exactly that. If somebody has a good idea, a new technology that can actually help reduce fraud, then yeah, there's definitely room in the market for an innovation like that. And then I think the key to their growth success is then partnering with some of these larger vendors to make sure that their customers are able to integrate the new start up technology as well.
Right. So understanding that market segment, therefore the Leadership Compass is a perfect tool because you give insight into the platforms and how they work, but also show those vendors to watch that actually add additional functionality while also laying open the the interdependency between individual vendors that collaborate and provide services together and interact with each other. So I think for those who are interested in these technologies and maybe even in fraud reduction or other use cases, it's highly recommended that you go to kuppingercole.com and pick up your most recent version of the Leadership Compass FRIP. Some final additional words that you want to mention when you think back on the research that you ended by April?
Um, just yeah, check back often. This is a very popular subject. Not only do companies in the banking and finance world need to prevent fraud, but I think everybody's experienced fraud of one type or another, whether as a consumer or working for an e-commerce company or a government agency. There was so much fraud that affects local and state government agencies as well, and nonprofit organizations, too. So unfortunately, all these kinds of organizations are targeted. And I would say please take a look at the report. If you have questions, let me know. And we will definitely be updating it again in the not too distant future.
Absolutely. I highly recommend that as well. If there are any questions regarding this episode, these technologies to John regarding fraud reduction and Fraud Reduction Intelligence Platforms, leave them in the comments below this video if you're watching that on YouTube or reach out to John and me via our email address or via the website, we are happy to discuss this further and looking forward to your feedback. And if you have recommendations, anything to share with us, just let us know. So for the time being, thank you very much, John, for being my guest today and for sharing insight into this interesting and evolving market. And I think the technologies that are behind there are also really, yeah, top notch. And this is really something that is worthwhile looking at also from a technology perspective. So for the geeks of us. So thank you very much and looking forward to having you soon for a new episode.
Great. Thanks, Matthias.
Thank you and bye bye.
