Sibos has kicked off in London this week and the theme for this year is “Thriving in a hyper-connected world.” The market has long demanded quicker and more convenient payment methods, and the industry is now answering with ubiquitous payments. Yet at what cost? PSD2 and open banking are now established in the legislative framework, and many third-party providers are springing up with new offerings that democratise access to payments and offer complementary value-added services.
Banks and other financial organisations are already seeing a surge in the volume and value of electronic transactions through digitalisation. And new channels, like PSD2, are set to exacerbate the pressure on existing fraud defences. Faster payments, through SWIFT gpi and other means, virtually eliminate the window of investigation. And, therefore, necessitate automated real-time detection.
Fraud detection has become a very different ballgame. It now requires the use of advanced analytics and AI to compete with the ruthless agility of fraudsters and organised crime. The 2016 Bank of Bangladesh heist that used SWIFT channels to steal $81 million is a sore reminder of this fact.
Catch me if you can
The 1980s book, and subsequent Hollywood movie, based on the early exploits of ex-fraudster Frank Abagnale Jr. is a good reminder of the speed of monetary transactions in the modern world. Payments through fast channels such as Faster Payments (UK), SEPA Instant Credit or the recent SWIFTNET Instant are made in a matter of minutes, if not faster.
It’s a race to the finish line. Can systems thwart fraud attempts in time, or will they risk unrecoverable losses and customer attrition? Fraudsters are also now better than ever at impersonating legitimate entities through phishing and identity theft.
A multidimensional view of a customer profile is, therefore, critical. It should encompass personal identity, device profiles and other attributes, such as biometric footprints. More importantly, organizations must cross-reference and update this “golden record” in real time to be truly effective.
Trust is the new currency
Identity validation is a real conundrum for the industry. Fraudsters now invest more time in grooming synthetic identities or harvesting valuable information from compromised accounts to appear legitimate. They aim to use similar points of exit – such as local ATMs and preferred online merchants – to funnel money away from their victims’ accounts. Organised fraud rings can also spoof IP addresses and other data attributes to circumvent common fraud controls.
With so many threat vectors, how do we discover the owner of an identity? There’s no holy grail in identity verification. Most techniques, including passwords, biometrics, knowledge-based authentication or device tokens, are flawed in isolation but offer effective defence when used together. True identity validation surfaces through a covert, multidimensional score to create a unique score for each individual, with overlapping data assets and strong entity resolution.
The vast majority of what third-party fraud organisations witness downstream in their transactional systems indicates identity manipulation. To help resolve downstream issues – like card-not-present or authorised push payments – it’s important to conduct identity checks upstream at the onboarding stage and throughout the customer life cycle.
AI to the rescue?
AI is overhyped in the fraud domain. Sadly, it isn’t effective against new fraud types, customer behaviours or channels without existing data sets to train models with. However, it can be a powerful addition to a fraud management ecosystem, helping uncover more complex frauds and reducing false alarms.
Transparency and interpretability are key to the process. That’s why many organisations are investing in “data labs” to empower fraud experts and distill their knowledge into models. The key question now is how to operationalise AI. How do you transform a score into a meaningful and actionable outcome?
Humans can no longer compete with machines when it comes to sifting through huge volumes of highly complex data. The optimal solution is to use AI to do the heavy lifting. AI can provide ample intelligence that humans can use to make more effective nonbinary decisions.
Achieving balance
In a hyperconnected world, the recipe for success in curbing fraud goes beyond the traditional data, people and technology mix. It’s about defining a fraud strategy road map with pragmatic milestones and supporting it with advanced analytics and AI. With most organisations hosting a diverse landscape of homegrown models, vendor solutions and third-party data, it’s critical to interlace these assets into a decision fabric that drives consistency, robustness and operational effectiveness in end-to-end fraud management.
Yet there must also be a fine balance between robust fraud security and a frictionless customer experience. This way you can achieve new business targets while keeping fraud actors at bay, as well as meet regulatory expectations without undue constraints. In short, it’s less about what you do and more about how you do it.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.