Head of Risk Management for bank fraud at HSBC bank
Internet fraud is a serious problem
By Miran Varga, Monitor PRO, March 2017
More and more consumers are handling their financial affairs via the internet. Online banking has simplified business for banks as well as for their customers, but internet scams and fraud are rapidly on the increase, affecting all concerned. Banks can fight against these cyber criminals mainly using cutting-edge technology.
Banks have not let go of the opportunity how to guarantee customers a faster and more simplified manner of making payments and other financial services. However, digital channels are exposed to abuse and speed and openness is not only practical for customers, but for attackers as well - these can quickly gain access to financial sources and operate criminal activities without the victim realising in time. Online channels often help the attacker to stay hidden and anonymous. When users apply for a loan online or make a payment using a smart phone, banks find it difficult to establish who is really on the other side. If communication between the user and the bank is interfered with by a fraudster, or even triggered by the latter, then this can cause enormous harm to the victim. It can be very detrimental to the bank as well, as usually several customers are targeted, and a banks so-called ‘vulnerable’ reputation can be devastating for business.
»We are extremely, I repeat, extremely satisfied with the results. SAS Fraud Management detects fraudulent transactions significantly more efficiently than any other solution we have introduced or tested« admitted Derek Wylde, Head of Risk Management for bank fraud at HSBC bank.
Cybercrime, aimed at online banking systems and applications, is on the increase. In Great Britain alone financial fraud rose last year by 48 per cent, and the most malware alerts in banking preyed on the inhabitants of Brazil, Russia and Germany. Attackers also use very different methods for their attack mainly dominated by online scams, where victims are sent an email notification posing as their bank or financial institution and requesting access to data. The more arrogant attackers even telephone their victims after sending an email. This method is usually directed at the most »technologically vulnerable« individuals in our society, particularly the aged. By placing fake websites and links, attackers spread malicious codes which infect the victim’s equipment (computer, tablet, phone, etc.) These are so well hidden that sometimes even commercial security applications cannot detect them, let alone the user.
Scammers have a whole series of »collaborators«, who knowingly, or otherwise assist. From the compromised account, money is sent to the account of the collaborator involved and within a couple of minutes the cash is withdrawn at an ATM that permits a larger withdrawal amount. The lack of consistency by these tricksters is a challenge for law enforcement as well. Banks are often attacked over a short period of time and just when they begin to think that they have the problem patched, attackers uncover a new way of undermining vulnerability and bypass the renewed security mechanisms.
Banks, therefore, need to address security challenges more proactively. The majority of banks are introducing systems to detect fraud that are on permanent standby. With detailed monitoring of transactions and the collection of data on bank clients they can identify the typical patterns of behaviour of regular users, and their devices and connections used for carrying out online or mobile banking. Advanced analytics takes the scene, whereby ensuring safer transactions without spoiling the user experience. If the bank »knows« that the user has purchased a plane ticket and flown across the ocean, then they will not block his transactions in the USA (which otherwise they might, or at least label them as risky).
The power of predictive analytics, data history and collection of samples in detecting abnormalities in financial transactions is really the only effective solution for the bank to combat internet fraud. The SAS Fraud Management solution is intended for banks, insurance companies and any businesses with an enormous amount of transactions (including simultaneous), whereby a real time review of potential payment fraud monitors the behavioural patterns of each customer, drawing attention to discrepancies and blocking any major changes. SAS Fraud Management also uses advanced modelling of the environment and potential threats using neural networks, and incorporates a range of predefined models able to detect a variety of scams. Via an API connector, the above mentioned solution can connect to any support banking system or transaction authorisation system with a response time of less than a second, so that the user-experience, at the expense of additional and above all very thorough vetting, does not suffer. The SAS Fraud Management solution is used, inter alia, by one of the largest globally present banks, HSBC, which caters to ensure safe card transactions as well as online and mobile banking for more than 52 million business and domestic users.