Why Data Sharing Is the Key to Stopping Scams
Global fraud prevention needs trusted, timely, and reciprocal data sharing—and Ken Palla’s Outseer whitepaper shows how to build best-in-class networks.
Ken Palla has written an extensive whitepaper for Outseer looking at the state of data sharing worldwide for fraud prevention and how increasing amounts of it are happening alongside legislative changes.
In the whitepaper, he looks at what constitutes global best practices for data sharing and the mechanisms behind it—with, unsurprisingly, the UK being highlighted as one of the leaders. But why is data sharing so important for fraud—particularly in dealing with scams?
Lessons From Early Bank-Bank Sharing
I want to draw on my own experiences around this; being a Brit I know firsthand the benefits of data sharing from my time working in a bank (much like Ken did). I helped create a cyber intelligence function within a bank many years ago and coordinated data sharing calls and mailing lists with my peers.
When I first began sharing intelligence with other banks, they were hesitant. From their perspective, why should I reveal the scale of attacks I was facing or the techniques being used? It seemed like I was giving them an advantage. Proactively showing them how to prevent fraud before it reached them.
At first, it did feel one-sided. But once trust developed, the dynamic changed. As soon as one bank shared intel back, the exchange became balanced. When multiple banks began contributing, the value multiplied. Each piece of intelligence built on the last, making the collective defense far stronger than anything we could achieve alone.
Six Principles for Successful Data Sharing
This is the thing about data sharing—it is the power of the network; by providing and receiving back information you all get benefit. But in my experience, there are some things that are needed for it to work:
- Trust – Sharing only to people or organizations you trust
- Mutualism – All participants need to contribute, not just consume
- Actionable – Intelligence must be specific and usable, not just informational
- Relevance – Must be appropriate to the group – or it cannot be used
- Timely – Share as soon as possible, or else the value is minimized
- Start small – Identity the initial usable data which can be shared
Sharing Across the Attack Chain
The main thing to think about when we look at data sharing is that fraud, and especially now Scams, cannot be stopped by just a single entity. The attack chain extends across many industries, including tech companies, telcos, banks and crypto. Data sharing highlights the true cost of the problem as well as helps reduce fraud losses.
Industry Groups Leading the Way
There is the need for data sharing organizations at both a local and international level. There are established groups already, such as CIFAS in the UK who focus on fraud, FS-ISAC who have experience from the infosec space, and GASA who have acted strategically with their Global Signal Exchange (GSE).
Other important sharing organsiations can be vendor led like Outseer’s Global Data Network. Proof of concept data sharing between industries such as banks and telcos, or tech companies, work across the Attack Chain.
Internal Data Sharing
Even within a single organization, data from one area of the bank can be successfully shared with other parts; the best example of this is the move over the past two years to take digital data from the fraud area of the bank and use it in the financial crime areas. Money mule detection has been the first recipient of this successful sharing, with a wider perspective of money launderers coming next.
Overcoming Legal and Regulatory Barriers
The positive news from Ken’s summary of global data sharing is it is becoming easier; there are less legal impediments to data sharing now. At the end of 2024, the UK Information Commissioners Office stated that a reluctance to share personal information to tackle scams and fraud can amount to a failure to protect their users from harm!
Asia is probably the most dynamic area for data sharing legislation, especially around looking for money mules. In Europe, GDPR is rightly, or wrongly, viewed as an impediment to fraud detection (although changes are happening).
What’s Next — Building a Blueprint for the Future
Ken has done a great job of not only showing how and where data sharing is happening but created a blueprint for what best-in-class looks like. This paper acts as a reference which can be used to influence senior stakeholders to undertake more sharing—helping protect consumers.
To explore best practices and see a global blueprint for fraud data sharing, download the full whitepaper from Outseer.
Recent Articles
