As cybercriminals get better at compromising financial accounts and stealing funds, vendors are beefing up their defensive tools to prevent fraud and abuse. I had an opportunity while I was in Israel to visit RSA\u2019s Anti-Fraud Command Center (AFCC), the nerve center of a division that is devoted to protecting consumers' financial records and funds. The AFCC is an example of what a state-of-the-art web threat and fraud intelligence operation looks like.The center began its life in 1999, when it was created by a company called Cyota. RSA bought Cyota in 2005, and RSA in turn was gobbled up by EMC and then Dell two years ago. The center is part of RSA\u2019s consumer division, which has a series of products not intended for consumer use but for defending consumers' endpoints that are targeted for fraud. If you think about phishing attacks or account compromises for banking customers, that will put you in the right frame of mind. The center is located outside of Tel Aviv and has a second facility operating on the Purdue University campus in Indiana that is mostly staffed by students.How the AFCC worksThe idea behind the center is to proactively monitor a bank\u2019s transactions and notify RSA\u2019s banking clients when something is amiss. The best situation is to anticipate fraudulent activity before it has any monetary impact, so that both bank and customer are protected from any eventual harm. The AFCC processes about 100 million transactions a day, and it finds about 0.1 percent of them have potential fraud elements.About 100 analysts staff three full shifts that work out of the center for monitoring and notification functions. Another several hundred staffers tend to the algorithms and software that is used to screen the various transactions. David StromDaniel Cohen, RSA Anti-Fraud Command Center director\u201cWe now get a lot more social engineering than in the past, and the criminals are getting craftier, too,\u201d says the center's director Daniel Cohen. He has been with RSA for eight years and has seen all types of criminal behavior. \u201cThe least amount of fraud always happens right on Christmas Day,\u201d he says. \u201cBy then everyone has purchased all their gifts and there isn\u2019t anything happening online.\u201d Pretty much any other day will see all sorts of attacks that are keyed to the calendar: Valentine\u2019s Day, the Olympics, Easter, whatever.To combat these attacks, RSA and many other vendors (such as CA, ThreatMetrix\/Lexis, NICE\/Actimize, and IBM\/Trusteer) have created adaptive authentication products that continually screen an account for anomalies such as geolocation, odd transaction patterns, and other things that depart from the usual pattern of activity from an account holder. Adaptive authentication,\u00a0the intelligent use of multi-factor authentication based on a user\u2019s profile or actions, is finding increased use as static passwords are ineffective at stopping a determined hacker, and RSA\u2019s tool is called FraudAction.As CSO wrote about recently, \u201cCompanies need to strike a balance between users reaffirming who they are without inhibiting their work\u201d with painful authentication hurdles, and that is where the command center comes into play. Using machine learning, RSA\u2019s software scores the relative risk of each activity and uses that score to determine whether a transaction is authentic or suspect. The analysts in the command center view the troubled transactions and investigate further.Fraudsters and criminals are getting smarterMost of us by now are familiar with the times our credit card charges are blocked because we forgot to notify our bank that we are traveling overseas or are making an unusual purchase. To counter this, criminals are getting better at using what is called omni-channel attacks. This refers to how an attack touches many different banking systems.For example, a fraudster will often start out trying to gain access via a phone call to the bank\u2019s customer center while trying to compromise the bank\u2019s website and at the same time running a smartphone app. In years past, this required three disparate systems to track the fraudulent use, but now RSA and most of its competitors are getting better at keeping track of these different events across whatever channel is used. Moreover, their software can correlate the various events to paint a full picture of what the fraudster is trying to do.\u00a0\u00a0While I was at the center, I saw firsthand how easy it was to purchase stolen credit cards and use criminal bank accounts to launder my ill-gotten gains. It took a few seconds to enter search queries into Google and click on the results.Engaging with the enemyTo dive deeper, RSA\u2019s analysts spend a good part of their day texting criminals on various IM systems, trying to get them to give up pertinent information that in turn is transmitted to the relevant bank or law enforcement entity. The analyst can string one of these criminals along for months or years before they realize that they aren\u2019t dealing with another criminal, mainly because they are so motivated by greed and because the RSA analysts are good at reeling them in.It used to be cybercriminals hid in the dark corners of the internet, but in the past several years, they have become quite open about advertising their services. \u2014\u00a0Daniel CohenHow do they find these criminals? That is also easy: The criminals belong to numerous Facebook and other social media groups and openly market their services. \u201cIt used to be cybercriminals hid in the dark corners of the internet, but in the past several years, they have become quite open about advertising their services, and they now are everywhere. The criminals want to build their online reputation as much as a legitimate business person does,\u201d says Cohen.At the center, RSA analysts see criminals attacking from all over the world. I met one of their analysts who communicates in eight different languages. \u201cSome countries are just hotbeds of criminality, such as Russia, China, and Eastern Europe,\u201d says Cohen. Some regions are notorious or have specialized skills. \u201cA lot of evil comes out of Russia, and you can see online markets for drugs, for credit cards, even murder-for-hire services. The Chinese are more noted for selling illegal hardware,\u201d he says.What about examining state-sponsored attacks? \u201cBeing primarily focused on protecting consumers, we do not analyze those types of threats,\u201d says Cohen. \u201cWhen we uncover new attack vectors, we obviously inform our customers, but the critical path is enhancing the risk engine to better detect the new attacks. We are trying to beat the attackers with better data.\u201d\u201cAt some point our analytics will be so good that criminals will find it doesn\u2019t pay to try to phish financial services,\u201d says Cohen. \u201cIt will be too much trouble and won\u2019t be worth the effort.\u201d While that time isn\u2019t yet here, RSA sees it coming soon. Let\u2019s all hope they and other vendors who offer these tools will continue to get better.