We are not paying enough attention to how to defend against fraud. That is: against existing fraud. When it comes to likely future fraud, we are pathetic. It is hardly an exaggeration to say that nothing is done at all.

What? How can we protect ourselves against things we do not even know about? Does that make sense? Yes, it does.

It is possible to predict the likely trends in fraud. Some trends depend, quite simply, on very evident developments. Do you see more cellphones out there? Then you should worry about mobile malware. Do you think email spam will be eradicated soon? Then you should suspect a rise in unwanted messages, distributed using SMS and voice, and by malware.

Other likely trends are simply a matter of human ingenuity among fraudsters. What new tricks and variants of old tricks will they develop? Those that are successful will become common. If you can think of new types of fraud and assess their likely success rates, you will be able to predict which ones will flourish.

It is important to predict the likely trends in fraud. If you can predict what will hurt in a few years, you have time to prepare yourself. If you represent a financial service provider, that might mean limiting your liability. If you develop technology, you may be able to build the product that everybody soon will need. To protect themselves. And if you represent government, you may have time to develop laws and policies to limit the financial incentives for criminals. No matter who you are, knowing the likely future is helpful.

Now, predicting the likely future does not have to be difficult. Let me give you an example of a type of fraud that does not yet exist, but which I hope to convince you is not so unlikely.

Fraud typically depends on a combination of psychological vulnerabilities and technical or systemic weaknesses. Unrealistic optimism is an example of a psychological vulnerability. Poor spam filters is a technical vulnerability. An example of a systemic vulnerablity is the fact that fraudulent checks may appear to have cleared before they eventually bounce. (This is due to what computer scientists call a "time-out", which means that if the check does not clear within a certain time, then the bank will tell you that it cleared and let you access the money … but of course ask for it back when the check eventually bounces.)

Criminals rely on combinations of psychological and technical/systemic vulnerabilities. Anti-fraud experts worry about exactly these combinations … but very few worry about potential fraud techniques that consist of new ways of putting together these building blocks! Here is one:

First part. Assume that the fraudster contacts his victim, and convinces him to invest $100 in some plausible-sounding venture. That should not be difficult … the typical losses to investment fraud are orders of magnitudes greater than that. Very soon after the victim makes the investment, the fraudster sends him a forged check -- for $2500, say. (How would you like that type of return on investment?) If the victim were the least worried that he had fallen for a scam, he would be at peace now -- or at least when the check clears! And you bet his friends would hear about this windfall!

Intermission.

Second part. The criminal contacts the victim again. "See, I was right? And this time I have a much bigger opportunity. Like the last one, I can guarantee a ten-fold profit, or more. How much do you want to invest this time?" Even a careful investor would be likely to invest those $2500 he just "made", but probably much more.

Analysis. Why would this be so powerful? Because the risks will seem very low to potential victims, due to the positive reinforcement. After all, he thinks that he just made $2500! An because the fraudster won't have to work hard to find people willing to part with $100, and later on, much more. And the fraudster won't have any real costs.

And even people without $2500 in the bank will think they have $2500 – as will their bank! It is only afterwards — when large sums are transferred to the fraudster, no money comes back, and the first check bounces -- it is only then that the victim will know what happened. This hypothetical fraud has all the hallmarks of something that will be successful, and therefore common.

So it is possible to predict the future? Yes, take the example above. A simple recombination of tricks, and -- voila! -- a new type of fraud. Until people know about it, their guards will be down. And if you think the new type of fraud is likely to besuccessful, then you will have to also think that it will be common. You have just predicted the future.

And then what? Well, after you have predicted the likely future, you have to fix the problem. There are easy fixes to some problems, like this one. If banks were liable for checks that they say cleared … you bet they will not tell their customers that checks clear until they really, really do.

*Republished with permission from PARC. (View original version).