Light Dark
September 28, 2018 By Security Intelligence Staff 4 min read
Fraud Protection
Banking & Finance

The journalist’s nose can be relied upon to sniff out a good story — but can it also sniff out identity fraud?

Shir Levin thinks so. As a fraud analyst with IBM Trusteer, Shir spends her days detecting anomalies in financial accounts and tracking down the bad guys preying on society’s most vulnerable. Shir cut her teeth in news as a journalist for the Israel Defense Force’s radio station, Galei Tzahal (Army Radio), at the age of 18 — and the two roles are more similar than you might think.

“As a news presenter, you need to separate the wheat from the chaff and see the big picture,” Shir said. “And an analyst should also understand the data at a very high level while seeing the story behind the numbers.”

But news wasn’t always Shir’s calling. She applied to Galei Tzahal at 18 because “it sounded intriguing,” though she admits she knew little about journalism.

“Those years were amazing, and kind of crazy,” she said. “I was lucky to have the opportunity to learn from the best journalists in Israel, meet the country’s policymakers, and get my microphone in front of them to ask questions.

“I learned a lot, gained a lot of meaningful, character-building experiences and also made many great friends, including my husband. But it also led me to realize this was not the career for me.”

Understanding the Human Behind the Numbers

While government and law are fascinating fields, they just weren’t data-driven enough for Shir. After her Israeli national service, she went on to study statistics and psychology and fell in love with both fields. She said she was lucky to find a job that combines data with a great product while doing global good with fraud protection.

At Trusteer, Shir works on Pinpoint, a risk engine that detects digital identity theft and fraudulent activities on bank accounts. She writes new logic designed to detect those anomalies and monitor rules performance. She also investigates fraud cases and legitimate user activities to ensure the team has the best possible understanding of the current threat and fraud protection landscapes.

With a background as a legal correspondent, a passion for data and an education in psychology, it seems Shir was tailor-made for her role. Every day, she enters the mind of a fraudster, looking to predict criminal activities, understand how malware works, and identify behavioral anomalies and spoofing attempts while also performing analysis and operational research.

In other words, Shir’s job is to “understand the man behind the numbers.”

How Does a Fraudster Behave?

“Maybe it does have something to do with my news background,” she reflected, “because I always find it easier to get at the bigger picture when you’re telling the story, using the trails you find. When I investigate a fraudulent case or wish to create a new logic to our system, the most effective way would be to try and tell what I believe had happened or what should be caught.”

Shir uses her knowledge of psychology to understand not just the fraudster, but also the end user. She must ask herself, for example, whether it’s suspicious for a particular user to log in to his or her bank account using a hosting service, or to change internet service providers (ISPs) often. The user could be a fraudster, but he or she could also just have strong knowledge of security.

“This is a fast-growing and evolving field that involves both technical and human aspects,” she said. “As time passes and technology progresses, IT security becomes a bigger and more significant part of the everyday life of every person.

“I also find it very creative. Fraudsters change their methods fast, and we should be even faster to catch them. We live in an ever-changing world, and we need to take the opportunities we receive.”

The Psychology of Identity Fraud

Ultimately, Shir describes her role as a unique combination of psychology and statistics. She gathers a lot of data, builds profiles for end users and then tries to draw the line between legitimate and suspicious activity to enable fraud protection.

Knowledge of psychology especially helps in social engineering cases, which, according to Shir, total around 30 percent of fraud cases for some of Trusteer’s clients. Social engineering mainly targets elderly victims and other vulnerable groups and involves the fraudster manipulating the victim. Fraudsters participating in phone scams may even pose as bank employees and attempt to trick users into installing malware disguised as fraud protection software. These fraudsters prey on bank customers’ lack of knowledge and fear of losing savings.

“The challenge here is obvious,” Shir explained. “We can’t rely on device identification methods because the fraud is conducted using the known trusted user’s device, so we have to analyze the user’s behavior. How is he acting throughout the fraud? In which parts does he feel afraid? Nervous? Bored? And how can we use that to our advantage?”

As much as she loves the thrill of chasing down bad guys, Shir said the real satisfaction comes from making the world a safer place.

“Knowing that what I do not only maximizes profits, but also helps people, is just great,” she said.

This sentiment is typical of the Trusteer team. Not unlike journalists working a steady beat, these devoted security professionals are committed to exposing flaws in the banking system, tracking down the bad guys and seeking justice for all.

And for Shir Levin, preventing negative fraud headlines from making it to print is even more satisfying than reporting them to the world.

Meet worldwide technical sales leader Shaked Vax

 |  |  |  |  |  |  |  |  |  |  | 
Security Intelligence Staff
Security Intelligence Staff

More from Fraud Protection
October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

August 23, 2023

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

August 17, 2023

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature