Banks worldwide increasingly see online fraud as an urgent threat. According to Financial Fraud Action UK, in the UK alone losses from online banking fraud rose by 48% in 2014 compared with the previous year.
In addition, Kaspersky Lab reported that Brazil has the largest number of users attacked by banking malware (a key modus operandi for online fraud), followed by Russia. With fraudsters capable of circumventing banks’ existing authentication systems, there is a growing need for sophisticated analytics technology that enables investigators to tackle online fraud at source.
The move online is positive for both the banks and their customers, as online payments can be used to help build that all important holistic view of a customer. With customers’ growing preference for mobile devices,opportunities for enhancing customer service delivery, by offering new services such as faster payments, are clear.
However, digital channels are more vulnerable to fraud and, whilst the speed and openness of the approach makes banking more convenient, it can also make it easier for fraudsters to access money, and transfer it quickly, without being detected.
Today we are seeing 'perfect storm' conditions, with the move online combining with an increasingly ‘tech-savvy’ generation, continuing economic uncertainty and a lack of controls, creating fertile conditions for fraud.
And the increasing capability of the fraudsters is reflected in the variety of typologies in use. Among the most prevalent are phishing, where fraudsters send emails impersonating legitimate companies, and vishing, a form of voice phishing requiring the intended victim to respond by telephone to an email or phone message.
Malware is also ubiquitous – with schemes becoming so well executed that it can be almost impossible for a user to recognise that their devices have been infected. Money mules, people recruited by the fraudsters to transfer money acquired illegally, also contribute to the success of many online banking frauds.
The lack of a consistent pattern to this activity makes it even more challenging for the authorities to analyse. Banks can be attacked repeatedly for a period and react by putting new controls in place, causing activity to then typically drop away, only to return months later once the fraudsters have developed new modus operandi to bypass the controls.
Whilst offering a diverse portfolio of financial products, in an environment where the fraud is fast paced and forever changing most banks have little in the way of viable technology to provide the much-needed protection.
Indeed, they can be overly-reliant on authentication systems that provide unambiguous identification of users through a combination of components known only to that user – such as user names or PINs.
With new frauds emerging constantly, clearly banks must take a more sophisticated approach to online fraud detection and be in a state of constant readiness. Careful data monitoring and management is critical from the outset and banks must enhance their data quality and collate and link different data types ingested into an organisation.
Because fraud methods are evolving, systems must allow users to quickly configure new scenarios, and modify existing behavioural patterns. However, the impact on fraud levels, and the false positives they will generate, must always be understood.
To gain this knowledge, systems must allow users to effectively ‘simulate’ their changes across large volumes of historical data and deploy results into production environments in real-time.
Further detection techniques can be added at this stage. These might include anomaly detection to determine new potential areas of fraud and predictive analytics, where historical information is used to identify suspicious behaviour.
Social network analytics can also be deployed in this context, helping to establish links between money mules and fraudster groups.
By using this hybrid of analytics methods, fraud cases can be detected early and accurately. In fact, time is of the essence throughout this whole process and the system must be able to identify high risk transactions in real time, to potentially block these and route for review by the relevant investigators.
But the process cannot rely on technology alone and users must be empowered to spot new trends and emerging operating methods. This means putting data in the hands of the users, enabling them to quickly drill down to explore areas of risk not previously considered.
This gives them the power to ask questions on the fly, without the need to rely on IT, and with the results presented in a user-friendly and visual way. Knowledge gained can then be fed back into on-going detection models, enabling systems to stay ahead of the curve.
One step ahead
The fraudsters are currently setting the pace in the long-term battle with the banks and the rate of online fraud is increasing, with inventive criminal gangs continuing to develop new fraud typologies in order to endlessly probe the banks’ defences.
In this complex environment, financial institutions will increasingly benefit from a hybrid analytics approach, which enables them to understand today’s challenges and implement technology to address them, while constantly evolving to counteract the ever-changing threat.
Sourced from Laura Hutton – director of Banking Solutions, Fraud & Financial Crime, EMEA/AP, SAS