Visual
Blog
Expert Opinion
Dr. Andreas Meyer
Dr. Andreas Meyer

Director Risk & Fraud Division

Catch the modern day criminal in a multi-channel environment

By Stanley Harmsen van der Vliet Catch the modern day criminal in a multi-channel environment 16 February 2015

- From malicious malware to sophisticated phishing schemes, banking institutions and card service providers are under constant, multi-channel attack. How should they respond? One technology company making the news in the fight against financial fraud is INFORM, so we asked Dr. Andreas Meyer, Director Risk & Fraud Division, for his views on the matter, and examine some industry facts about the growing threat of financial crime.

 

Q: As a person who often works with Chief Technology Officers and Risk Managers in their attempts to prevent fraud, and with your responsibility for ensuring your product strategy covers all modern day needs of the banks in these efforts, we appreciate you joining us today. Let’s start with the basics – where do you start with fraud detection?

 

AM: From the moment a customer applies to open an account at a bank the best protection must be offered. So during and after the account opening process you are already analyzing your customer, not so much for fraudulent activity but to determine what is the normal buying and spending pattern of each of your account holders. From this, you can then more easily spot discrepancies when they occur. While fraudsters may get hold of your credit-card number and personal details through your online account, they cannot so easily get hold of your normal spending behaviour.  Which accounts do you normally send money to? Which ATMs do you normally use, and from which locations?

 

Q: So using passwords and authentication checks to protect an account is not enough; you have to also protect the customer even if a fraudster has broken into your account. I can also imagine that with the growing number of different channels and devices being made available to withdraw your money, more sophisticated measures of defence are needed?

 

AM: All first levels of defences are good to have in place. So what some might call “single channels” of detection is valuable, but it is often not enough. You could say it is like trying to protect your home from burglary by just putting a strong lock on your front door. Whether we like it or not, fraudsters can often be resilient and smart people, so they will look for a new way in, whether that’s through your back door or upstairs window.

 

Fraudsters will constantly probe for the most vulnerable and least defended areas and focus their efforts there. This is what is commonly known as “the balloon effect” as coined by the Mercator Advisory Group. It is important for financial institutions to deploy multiple defences to deter the criminal away and be perceived as a hard target.

Of course, in the digital world we now live in, things have moved on, and so have the criminals. Today, there is no need for the criminal to break into your house at night and risk getting caught. Modern day criminals will simply go straight to your bank and take your money from behind their own computer.  With so many channels to choose from to steal your money, whether that’s credit or debit cards, mobiles, smartphones, ATMs or a personal computer, you have to protect over multiple channels simultaneously.

 

Q: Yes, there are some industry surveys and reports clearly showing this threat. And that’s why most financial experts advocate an omni-channel approach to fraud prevention?

 

AM: You have to first monitor each channel, and you have to know what is expected behavior for each of your account holders across each of these channels. Let’s have a look at the case of a foreign ATM transaction in combination with an online balance check using an Internet banking account with an IP address located in a different country.

 

If you just looked at the ATM transaction itself, it could be seen as a legitimate transaction. But if you combine the information from another channel, such as online account logins within a short time period with an IP address from a different country, then this could well raise an alert.  Thankfully, our customers use technology, such as our own from INFORM, which is capable of monitoring both a mobile device and any web anomalies in combination with a customer’s normal transactional behaviour.  In effect, we can detect any number of scenarios with data from any available system or application such as account ledger or CRM and build-up dynamic profiles to alert and block suspicious transitions in real-time.

 

There are also cases where fraudsters use both an online and off-line channel. For example, such as when they collect information online about you and resets the challenge questions to identify the owner of the account. They then phone the call centre or use on-line chat sessions from the website to request a wire transfer.

 

Q: So then there is also the issue of speed, the need to react quickly to new methods being used by the criminal?

 

AM: It’s not just about monitoring the behaviour of your customers, but also that of the criminal. Take the example of Rabobank, one of the largest retail banks in Europe. Our product RiskShield enables fraud investigators to recognize patterns like man-in-the-middle attacks, account take-overs or any other fraudulent activity.

 

One of the reasons why advanced technology such as our own enables banks to react so quickly is because it can operate fully independently as an invisible (frictionless) security layer without impacting core banking systems. Flexibility, performance, and the ability to respond quickly are the cornerstones of our offering. The software monitors and identifies known cyber attack patterns automatically and is able to undertake machine self-learning to prevent future fraud from occurring. As soon as a new pattern emerges, the bank is able to react immediately by initiating counter-measures to block the new fraudulent patterns. As a result, banks like Rabobank have announced that they have been able to stop more than 99.8% of all fraudulent transactions during large cybercrime attacks.