Security Experts:

Connect with us

Hi, what are you looking for?



The Intersecting Worlds of Fraud Prevention and Counter Terrorism

Solution providers and policy makers from both worlds need to meet up and share ideas, thoughts and experience for the benefit of both.

Solution providers and policy makers from both worlds need to meet up and share ideas, thoughts and experience for the benefit of both.

The world of fraud prevention (and information security in general), is characterized by an arms race between the good guys and the bad guys. Security companies and financial institutions develop solutions, procedures and policies to thwart fraud attempts, while fraudsters develop the tools and techniques to circumvent these systems. If a certain fraudulent activity is observed, companies react by customizing the systems, or inventing new ones, to identify and prevent the reoccurrence of this activity.

Threat Information Sharing for Counter Terrorism and FraudThis characteristic, though, isn’t limited to fraud prevention alone. Other worlds are similar, in which the bad guys try to come up with innovative ways to circumvent the systems that try to identify and stop them, so they could cause damage. Take the world of counter terrorism, in which bad guys try to come up with innovative ways to sneak bombs onto airplanes (and sometimes succeed), while those who try to prevent them from doing so create innovative (and sometimes intrusive) ways to identify them. The similarities between counter terrorism and fraud prevention don’t end there. The systems built to detect and stop the bad guys are also similar, sometimes even identical.

Take the customs office, for example. In various ports around the world, a staggering amount of containers arrive and depart all the time. Customs officers can only inspect a miniscule percentage of these containers for anything illegal and malicious. Therefore, whenever they do get around to checking a container, they need to make it count. This is done by building a profile on each importer and exporter – who does s/he normally trade with, what kind of goods are usually in the container, etc. Only when a computer system detects that a certain container does not meet a certain profile will the customs officers spring into action and inspect the container.

If this sounds familiar to you, it’s because the same exact method is used for detecting fraud in online banking. All you need to do is replace “container” with “money transfer” and “customs officer” with “fraud analyst.” In the political island of Israel, the police busted one of the biggest drug shipments in the country’s history using such a system. However, the system can (and probably is) used to identify potential smuggling attempts of firearms bought for malicious intent. Such a system could have identified the famous “toner bombs” and other concealed shipments of armaments would also face a challenge going through customs that use such a system.

Another example is WeCU Technologies, an Israeli start-up that is building a technology to identify terrorists by asking them simple questions such as “Are you a terrorist?” The automated system reads biometric signs to detect how the person being tested is reacting, identifying possible intent for malicious activities. The technology automates and improves a similar procedure already in place at Israeli airports, in which security officers question all passengers about their intent, searching for certain reactions that may indicate nefarious intents.

How can this help fighting fraud? In my first article for SecurityWeek, I suggested that banks follow the same procedures in order to identify money mules interested in opening bank accounts. The limitation of such a system is fairly obvious – bank tellers are not trained Israeli security officers and cannot be expected to pick up any suspicious reactions. Automated systems developed by WeCU, however, can. While cost-benefit and ROI considerations may prevent these systems to appear in the nearest branch any time soon, they still serve as an example of how technological innovation can be used to better mitigate fraud.

As there’s a clear arms race between the good guys and bad guys in both worlds, intelligence operations are an important asset in the good guys’ arsenal. Security companies often blog and tweet about new tools or services identified in the hacker and fraudster underground – an intricate web of underground online communities. The same goes with counter terrorism. Various companies, such as (you guessed it) Israeli-based Terrogence, gather intelligence on Jihadist forums, tracking discussions and the actors operating within these communities.

The worlds of counter terrorism and fraud prevention should increase their ties. Systems that are already implemented in one world may be applied to the other. Concepts that have been successfully used in one world may serve as route markers for those who develop solutions for the other. Solution providers and policy makers from both worlds need to meet up and share ideas, thoughts and experience for the benefit of both.

Will and when such an event will take place? I can’t tell. But it will probably happen in a small state on the eastern banks of the Mediterranean, known as Israel.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.