Spotlight Series: Katie Lam
A recent cost of fraud study showed that for every dollar of fraud in the US, financial services companies astonishingly incur as much as $2.67 in costs, coming from a combination of chargebacks, fees, interest and labour costs. And in 2017, according to the Association of Finance Professionals, there were more payment fraud attempts than ever before. What’s going on?
Global payment infrastructures are moving toward faster payments and real-time settlement, enabled by various new technologies and digital platforms. Such speed makes it much more convenient for clients of financial institutions to move money domestically and internationally. People and businesses want faster settlement systems, multiple channel options and easier access to payment initiation. But as settlement risk is reduced, fraud risk increases. The threat of increased fraud looms because with real-time settlement, there’s less chance to reject a payment. Once the money has gone into the market infrastructure and potentially moved among multiple parties quickly, recovery becomes really difficult.
Disruptive technologies introduced by fintechs may also introduce risk to banking systems, in turn, leading to reduced trust in processes, not to mention reputation. And for larger financial services organisations, identity fraud, including synthetic identity fraud combining real and fake information, is one of the most significant issues, generating almost two thirds of fraud losses for banks in 2017. All too often, banks lack the technology and capabilities to implement the necessary safeguards, responding to a primarily digital problem in an analogue way – for example, by making phone calls in an attempt to piece together the path of a rapid series of money transfers.
Finally, last but not least, whilst fraud in high tech finance systems has accelerated, this shouldn’t take the eye of the other, more traditional type of fraud, from the ‘1st Party’, or internally based attacks. The human element, in the form of employees, is still a common and massive part of fraud. India’s Central Bureau of Investigation, for example, recently arrested a senior Punjab National Bank internal auditor as they widened their probe into an alleged $2bn fraud. Remarkably the fraud commenced in 2011 and is only now being uncovered.
A number of avenues are being used to take the fight back to fraudsters.
AI in particular, is being deployed in a wide variety of roles, from customer authentication to examining suspicious transactions. Advanced analytics and machine learning technologies can give a fraud score to transactions within milliseconds, highlighting fraudulent purchases or approving real ones without any human intervention or indeed without any impact on the customer’s experience. Whilst advanced analytics isn’t exactly the new kid on the block, AI and machine learning is taking banks’ defences to an entirely new level. Machine learning, able to consider hundreds and even thousands of parameters when looking for suspicious patterns of activity, is proving faster, sharper and more accurate at uncovering fraud – critical at a time of accelerating real-time, friction-free payments and critically, not just after the event, but as a fraud is taking place.
And yet despite all the more sophisticated, emergent threats, social engineering and phishing still continue to be some of the simplest and most profitable attacks – exploiting the human element as the weakest link. Customer and employee education has to improve awareness of the latest attacks and scams.
Booming numbers of mobile-first, financial service consumers will increasingly be prime targets for fraud. Likewise will be attacks on other growth areas, such as cryptocurrencies. Cybercriminals will use new malware families to steal user banking credentials or exploit these new currencies in very creative ways. Over the year ahead, other families of malware will undoubtedly re-surface to target banking credentials with new features, so identification and the removal of mobile and cryptocurrency malware is essential to financial services institutions to stop these attacks early.
Effective approaches to combating fraud are more likely to view an enterprise holistically and any solution as multifaceted, taking a three pronged approach:
With wider acceptance and use of cross-enterprise approaches to fraud prevention, the outlook should be more promising. Indeed, Treasury Management Systems predict that in 2018 there will be an increase in the number of payment fraud attempts on financial organisations but less success by cybercriminals, meaning actual fraud starts to decrease.
The trick at any financial institution in minimising fraud risk is – and easier said than done – for any resultant fraud protection and security to enhance, rather than hinder, the customer experience. People and businesses want mobility, convenience and speed without the interference caused by out-of-date fraud protection systems and processes raising red flags when none are necessary. And fraud detection tools that set only simple, arbitrary barriers, such as transactions above a certain amount, can often lead to false positives and a loss of customer trust and confidence.
Get the latest news and stay up to date