Robin Pugh is the President and CEO of DarkTower, a leading cybersecurity firm specializing in threat intelligence and digital risk protection. With a deep understanding of the evolving cyber threat landscape, the company provides innovative solutions to help organizations safeguard their digital assets and mitigate risks. Mitek sat down with Robin Pugh to discuss her insights on the current state of fraud.
Q: What can we learn from the behavior of online criminals?
Robin: Online fraudsters exemplify innovation and collaboration at an alarming scale. Platforms like Telegram and dark web forums provide spaces where criminals share strategies, tools, and vulnerabilities, often in real-time. While some monetize their methods, others share them freely, creating a dynamic and adaptive community.
Legitimate organizations can take a page from this playbook by fostering better collaboration across industries and within teams to address fraud risks. Shared intelligence, cooperative threat analysis, and the pooling of resources could significantly strengthen collective defenses against these threats.
Q: How can new features and upgrades create vulnerabilities?
Robin: Enhancing user experience is often a double-edged sword. Features like frictionless payments, single sign-on, or account linking provide convenience but may inadvertently introduce weaknesses into the system. For example, a new integration between banking and payment platforms might simplify transactions for users but also create a pathway for fraudsters to exploit less-secure connections.
Professionals need to adopt a proactive approach, conducting thorough risk assessments and security audits during the design, testing, and deployment stages of new features. Building security into the development lifecycle ensures that innovation does not come at the expense of safety.
Q: How can fraud risks be addressed within an organization?
Robin: Organizations can address fraud risks by fostering awareness, improving detection capabilities, collaborating across boundaries, and empowering users—all of which contribute to a more resilient defense against ever-evolving threats.
Fostering a culture of awareness is essential. This includes initiating and supporting open discussions about potential risks within their organizations, ensuring that fraud prevention is seen as a shared responsibility rather than the sole domain of security teams. For instance, customer-facing teams may notice unusual behavior patterns or hear direct concerns from users, while product teams can identify features that may inadvertently introduce vulnerabilities.
Additionally, engaging with external partners, such as industry consortiums or shared threat intelligence platforms, allows organizations to pool insights and respond to fraud on a larger scale. This collaborative approach mirrors the way fraudsters share knowledge, enabling professionals to keep pace with increasingly sophisticated threats.
Q: How do regulatory constraints impact fraud prevention in the financial sector?
Robin: Regulatory frameworks, designed to protect customer privacy, often unintentionally hinder efforts to share information critical for fraud prevention. For example, banks may be restricted from sharing details about fraudulent patterns or incidents, limiting the ability to identify and respond to emerging threats across the industry.
However, there is increasing interest in re-evaluating these regulations to strike a balance between privacy and security. By enabling more data-sharing within controlled, anonymized frameworks, institutions could create a unified front against sophisticated fraud schemes while maintaining customer trust.
Check out more insights from Robin and other fraud & identity industry leaders