How To Monetize your Anti-Fraud Solution to Make Money for your Bank
‘Money Rolls’The next episode in the financial fraud thriller series based on Clari5 product use-case scenarios, co-produced and directed along with Banking Technology magazine. Read the previous episodes – Read More
Ep 3: Inside Job
Ep 2: Blacklisted
Ep 1: Malafide Intentions
Infographic: Credit Card Frauds 101
Clari5 Case Study: Real-time AML for Prominent Bank
EuroPay, MasterCard and Visa (EMV) is a technical standard developed to ensure more secure Point-Of-Sale (POS) transactions. EMV allows non-static information to be transferred between the card, the terminal, and the financial institution that processes credit card transactions. This takes care of skimming fraud where fake devices would copy data from magnetic stripes and use it on another card. While EMV is not new technology and has been in use for over a decade, it has made its way to the US in the last 2 years.
EMV uses microprocessor chips that encrypt bank information making it far more secure than the old magnetic stripe cards. Magnetic Stripe uses static data that is stored in the stripe on the card (this makes it unsafe considering it can be stolen and used). The static information means that the number transmitted by the card for all transactions is the same.
When it comes to EMV standard, although the card data will be the same for every transaction, there will also be other pieces of data that gets re-organised for every transaction. This renders the data stolen at the POS useless for further use.
The verification method for EMV cards can be chip-and-pin or chip-and-signature, with the former being the preferred choice in Europe and the latter often used in the US. This is contactless transaction which is becoming popular as NFC (Near Field Communication) technology used by mobile payments is making inroads. While technological advancements are racing ahead to reduce frauds, fraudsters are not far behind, as they continue to seek innovative methods.
While POS frauds and card counterfeiting have reduced in countries that are early EMV adopters, the cybercrime scene has now shifted to the canvas of e-commerce and online transactions. Fraudsters are also keenly watching late EMV adopters as potential targets. With data breaches and online theft increasing, security agencies have reported a doubling in crime rates of online frauds. ATM frauds are not far behind – swindling with counterfeiting cards and duping to snatch PIN numbers are on the rise.
Research analysts report that these types of frauds are more damaging to the customer by the day. The frauds go unnoticed as the unauthorised purchases and withdrawals lie hidden in the transactional details list. Not many customers go through their transaction histories regularly and closely.
The microchip comes into play when trying to prevent counterfeit fraud because it makes it harder to produce a copy of the card. And a PIN comes into play for protecting against lost-or-stolen fraud because it makes it impossible to use the card unless they also know the PIN.
Using EMV technology for cards has seen a reduction in skimming-type attacks, but the crime rate has increased in other ways of stealing money. Research firm Aite Group reports that losses from counterfeit, lost, and stolen cards in Canada dropped from $245 million in 2008 to $112 million in 2013.
A research by the European ATM Security Team (EAST) found that fraud-type attacks increased 28% during the first half of 2016 with cyber criminals stealing €174 million and Aite reported that there was a 79% increase in online fraud during the EMV adoption phase in Europe.
The banking sector is now making a move to bring in EMV-chip-enabled credit and debit cards, which generate a unique transaction code with each purchase, making them harder to spoof. With these systems and cards rolling out, mining credit card numbers will not be as valuable for criminals, says Privacy Rights Clearinghouse.
While fraud severely erodes customer confidence and the bank’s bottom line, fraudsters continue to keep pace with the very technologies that are being developed to keep them at bay.
While banks conduct frequent security audits, invest in advanced security measures and work proactively in mitigating risks, there’s no silver bullet that can eliminate fraud completely.
However, it does help to have an intelligent, pro-active, well-synchronised cross-channel system in place that –
To effectively combat fraud, Banks must go beyond conventional anti-fraud solutions. Intelligent platforms are now available that harness data in real-time from across channels to not only deliver a unified anti-fraud mechanism but also helps create a secure ecosystem.
Financial Fraud: Greatest Hits of 2016While credit cards have transformed purchase transactions, it has not been without growing vulnerabilities. Read how globalization is driving card fraud and how innovative real-time, cross-channel approach can combat the trend.Read More
Digital Finance: What’s Next?
In Chinese philosophy, yin and yang (also yin-yang or yin yang, ‘dark-bright’) explains how seemingly opposite or contrary forces may actually be complementary, interconnected, and interdependent in the natural world.
This intriguing idea actually applies perfectly in the context of banking, if we were to see the yin as saving money (from losses) and the yang as making money (from sales).
The fundamental principle is that the very same investment in data analytics and real-time decisioning for detecting/preventing fraud can be monetized for earning more revenues.
Imagine an intelligent system that understands customers’ behavioral patterns to detect and prevent fraud is also creating precise personas for marketing teams to target.
This is because the same extreme real-time, context-aware logic/approach used to combat cross-channel fraud can also help enable intelligent, hyper-precise targeted and contextual customer engagements.
At the heart of the hypothesis lies the fact that banks have the ‘soul’ of the customer.
Banking is the only industry where the entire life of the customer flows through it. A bank knows how much its customers earn, where they live, where they travel to, how much they spend, who’s part of the family, whether they own their home, even how much fuel they put in the car.
No other industry (not even telco or retail) has this very special privilege of having a 360 degree view of a customer’s life. Only banks have the advantage and ability to actually convert this ‘resident intel’ to their benefit.
A real-time, enterprise-wide, cross-channel fraud management solution requires that every banking transaction is available in memory in real-time.
But since only a relatively small percentage of transactions are fraudulent and since the data is available in the system memory, the bank can run positive scenarios in real-time after having assigned fraud risk to certain transactions during the negative-scenario test-run.
The solution can use the same data captured per transaction and analyze the spending and behavior patterns to throw up potential cross-sell and up-sell scenarios in absolute real-time.
Precise data analytics on behavior patterns helps create intelligent and efficiently targeted customer interactions and campaigns to grow the topline.
So while the solution helps the bank’s larger enterprise fraud management initiatives with …
… it can also be used for –
So altogether the bank benefits from a –
While there may not be many solutions that have the ability to see topline and bottom-line as 2 sides of the same coin, CustomerXPs’ Clari5 seems to one. Its unified fraud management platform leverages the same context-aware, real-time decisioning to enable real-time customer cross/upsell.
Clari5 handles exceptionally large data volumes across multiple channels and source systems in real-time, and processes transactional as well as non-transactional events in real-time and applies over 150 rules to generate alerts in real-time that can be leveraged for both fraud management as well as revenue enhancement.
Banks get to use the same real-time insights that helps combat fraud to also generate profits because the approach that uses the same fundamental logic to protect/save money (curb fraud losses) is also being used to make money (upsell / cross sell).
If banks can view their topline and bottom-line as the yin and yang of their operations, then a single solution that helps achieve both can very well be the proverbial one stone designed to kill two birds.
Our new series of thrillers – produced and directed by CustomerXPs and Banking Technology – narrate the tales of the fight between the forces of good (the Clari5 analytics and anti-fraud software) and the forces of evil. Based on real events and guaranteed to keep you on the edge of your seat!
May of the current year.
Her addiction was getting the better of her. “Absolutely Irresistible”, the new fragrance from Givenchy, was calling out to her. And those gorgeous Prada shoes had been winking at her from the shop front for the last three weeks.“Man, I could kill for those.” “It’s been a while; I really need to find the dosh.”
Georgina bit her lower lip with these thoughts swirling in her head like the steam from her coffee. She looked at the accounts’ list. Could she get a hold of one “dormant” account?
“Can Lady Luck please be kind? Am desperate, please!”
“Hey Georgina, how’s it going? Getting used to retail banking?”
“Hi Mark. Yeah, it’s different from corporate banking for sure. I miss the thrill of big numbers. That rush of working with millions instead of thousands. Ha ha ha.”
“Hmm. So no new Gucci bag or a Marc Jacobs watch? The shops must be crying out for Your Shopaholic Majesty to give them time of day.”
“Mmm….yes, it’s been a while. Thanks for reminding me, must rectify that soon. He he.”
Mark shrugs, gives a wry smile, a quizzical look and walks away.
She paused mid-way while taking a huge bite from her BLT sandwich. Her eyes widened. The $25,000 winked at her seductively. Money was her one and only love, her manna. She quickly hit her keyboard. Joshua Hamilton, checking account, “dormant”.
Was this her lucky day or what?
Georgina pushed her sandwich aside and quickly hit a few keys. “Active” flashed on her monitor. Joshua Hamilton was now “active”.
“Gucci, Prada, Jimmy Choo, here I come… yoo hoo!” Georgina thought to herself. A wicked smile, a faraway look and Georgina was revelling in the idea of big numbers. Her heart was thumping with excitement.
“It’s going to happen. Finally. I can sleep at night and don’t need any Xanax.”
Clari5 was rifling through the list of accounts doing its customary check. Sorting accounts by status, keeping a watchful eye on transactions by account holders and being its usual Poirot self – generally keeping an eagle eye on the safety and security of data, accounts, transactions and more.
Next, next, next, next, pause! Joshua Hamilton – active. Wait, hang on. Clari5 does an about take. Pause.
Quick flashback to April last year.
Joshua Hamilton was thrilled with life. It seemed to be going as per plan. New job, new city, new role, new life. Whoa!
He had to wind up his life in New York. Give up his apartment, sell his car, get rid of the furniture, among other things. But he decided to retain his bank account. Maybe it was for sentimental reasons, maybe it was just the idea of having monies in an account which he could use during emergencies, he didn’t close the account. He had $25,000 in that account. It felt good to have that kind of money.
His new firm thought it’d be ideal if Joshua opened a salary account with the bank they banked with. Apparently this bank had fantastic services – great paybacks on savings and good customer service as a local bank. Joshua thought why not, and opened a salary account with this new bank.
The $25,000 in his NY bank grew a little more, with interest etc. Zero transactions, zero withdrawals, zero anything. It was “dormant” but doing good.
Cut to present day.
Eyes follow her slow, shamefaced, hand-touching-chin movement out of the office as colleagues stare. Cops behind, cops in front. Her mascara is runny and covers her cheeks like ski tracks on Aspen.
Georgina bites her lips in regret. If only Clari5 hadn’t sounded the alarm, if only it wasn’t so darned smart, if only it didn’t keep track of every financial and non-financial transaction, she’d be wearing her Guccis today and looking like a million bucks. Even Xanax or Prozac wouldn’t be able to help her now, not in a prison cell for sure.
Damn Clari5!
When Joshua Hamilton’s “dormant” account status became “active”, it was instantly marked as suspect, when for over a year there were no transactions on his account.
When Georgina initiated a $10,000 encashment on this account using a withdrawal receipt forged with Joshua’s signature, Clari5’s real-time decisioning engine noted this.
The potential fraud transaction was blocked and generated an alert in the case management system.
And a case of deceit and willful defraudment is slapped on Georgina.
Article: Blacklisted
Instant Charge Recovery with the Real-Time Tool That Top Banks TrustTransform the tedious and error-prone manual charge recovery process in to a seamless, real time one with the combined power of Artificial Intelligence, Machine Learning, Analytics and Real Time Decisioning. Read More
Paper: Will EMV Standards Impact Fraud Control?
Case Study: Real-time Cross-Channel Transaction Monitoring & Fraud Management for Top 5 Bank
Financial institutions used to be the last candidates for change when it came to technology adoption. But over the recent past the banking sector has seen a dramatic ‘digital’ transformation given a discerning and demanding ‘digital’ generation, ferocious competition and a briskly evolving regulatory landscape.
From a customer’s perspective, a bank that has gone digital should be able to, at a minimum, instantly provide accurate information across devices, platforms and geographies. Customers are intolerant to service downtimes and want their needs addressed promptly and efficiently almost 24/7.
From credit cards to ATM to net banking to phone banking, the bank of today provides customers with an experience that is both seamless and of superior quality.
But banks can do a lot more to stay ahead of the ‘digital’ curve.
Many ‘progressive’ banks have gradually unified their entire IT ecosystem to harness the capabilities of big data analytics.
But there’s one more vital aspect banks must know – that they virtually have the customer’s ‘aatma’ or soul with them, given the behavioral intelligence and insights already resident across their multiple systems.
A bank is the only body that has the complete and in-depth lifestyle information of customers – earnings, spending, travel locations, home ownership status, marital status, right down to monthly fuel consumption.
With the variety and depth of insights available, banks can create instant, hyper-individualized interventions using a ‘segment of one’ approach to target customers precisely for intelligent cross-sell and up-sell.
So a unified, cross-channel digital strategy that utilizes this ‘soul’ to deliver an exceptionally superior customer experience becomes essential. Combine this with real-time technology, and banks have a compelling value proposition.
The soul analogy also applies perfectly in combating sophisticated financial fraud, where deviations and discrepancies can be detected and resolved ‘intelligently’ in the blink of an eye.
Given the customer insights available, the same real-time decisioning can be leveraged to instantly detect anomalies and prevent them from occurring.
A meaningful digital transformation must include the customers’ soul. The digital bank of tomorrow must articulate a strategic platform that goes beyond servicing customers flawlessly and have intelligent revenue maximization and fraud detection capabilities.
While credit cards have transformed purchase transactions, it has not been without simultaneously growing vulnerabilities.
Financial fraud losses across payment cards, remote banking and cheques totalled £755 million in 2015 – a 26% jump when compared to 2014 says Financial Fraud Action UK.
It says that the rise across all fraud loss types during 2015 owes much to the growth of impersonation and deception scams, as well as sophisticated online attacks such as malware and data breaches.
Of the prevalent card-frauds, card-not-present (CNP) and payment fraud, CNP (where the card holder needn’t be present online or phone for the transaction) is the dominant form of card fraud in Europe in addition to the UK.
Payment fraud not only involves falsely creating or diverting payments; it goes to the extent of creating false accounts and scamming on a large scale. A merchant account created for a seemingly genuine organization performs transactions through the stolen credit cards.
The UK tops the highest jump in credit card fraud in Europe with an 18 percent rise resulting in £ 88 million of losses.
Increased rate of personal data compromise through data breaches was one likely cause for the jump.
The ability to contain scams is challenging given globalization. With financial organizations spreading their wings across geographies, the ‘law-of-the-land’ comes in to focus.
Each country has specific policies and laws that banks have to abide by leading to a lack of a common security cover. This leads to vulnerabilities let alone the effort involved in understanding laws, creating policies and maintaining them.
Hi-tech card fraudsters rely on technology as they look for ways to compromise customers’ personal and financial details and use that to commit frauds.
They hack into systems, run random generated bank account numbers and sometimes approach as legitimate organizations and lure information under the pretext of seeking data via email, text messages and phone calls made to seem as if they are from tax departments with threats of deportation or imprisonment.
Enter EMV and NFCEurope was one of the early adopters of EMV (Europay, MasterCard, Visa) – a global security standard for chip-cards and the technology used to authenticate chip-card transactions.
EMV helps when the physical card is required for a transaction, protects from counterfeiting, CNP fraud continues to thrive. View the stats.
A CNN Money report features a claim by a security company having discovered a way of rewriting magnetic chip code to make it look like a chip-less card. This takes it back to the basic fraud technique of counterfeiting.
NFC allows smartphones and other devices to communicate with each other when they’re physically very close. NFC can also be present in wearable devices.
NFC has gained some movement in the US and is now being launched in Europe. According to Markets & Markets, the NFC market is expected to touch $22 billion by 2020.
While the technological advancements are definitely encouraging, they point to a fundamental question on fraud-free credit card transactions – can a channel centric (in this case, credit card only) approach be a fool-proof solution?
While card security technology has evolved from signature cards to chip-and-pin cards and now to NFC, they will deter sophisticated, hi-tech fraudsters from inventing newer techniques in staying a step ahead.
Anti-fraud solutions cannot merely rely on a channel-centric approach. They will have to rely on advanced technologies that harness the collective wisdom about customers (factual and behavioural) already resident across a bank’s systems, pull the collective cross-channel insights at lightning speed from all channels to detect and thwart fraud intelligently in absolute real-time even as the fraud is being committed.
This gives banks an edge over fraudsters because channel-specific fraud relies only on breaching that particularly channel’s (credit cards) data.
If banks are in the know of suspect transactions while it is in progress, they can prevent the fraud from being committed in the first place instead of taking action post-incident when the deed is done.
Absolute real time anti-fraud technology coupled with continuous monitoring, stringent regulatory compliance and improved auditing are some of the primary measures banks must adopt to stay ahead of evolving fraud technology.
The world of cybercrime is immense. Knowing your enemy is half battle won. Banks have been baffled and ravaged by perpetrators of Cybercrime. This infographic provides a quick peek into the world of cybercrime and helps bankers understand what needs to be done to protect themselves from these ravagers.
Gone are the days when ski-masked felons would barge into banks with guns cocked and order everyone to get down. With the internet becoming ubiquitous and as banks and technology have evolved, so has financial crime.
The modern scarfaces operate from the comfort of an undetectable pad half way across the world. They are high IQ, tech-savvy and their only weapons are their brains and their gadgets. Global technological advancements and online anonymity have in fact come as a blessing for the intelligent ‘digital’ felon.
Though banks have grown in leaps and bounds from a business standpoint, there is still the question of how shielded they really are from hacking, money-laundering, asset siphoning, etc., all of which have become alarmingly regular.
So, what have banks been doing to combat the situation? To start with, they implemented measures to mitigate these risks and are regularly evaluating their security systems. One such measure was the implementation of the SWIFT codes. But, the question is, is it enough?
What is a SWIFT Code?Society for Worldwide Interbank Financial Telecommunication codes or SWIFT Codes, also known as Bank Identifier Codes (BIC) are unique identification codes allocated to each bank. These codes are used when transferring money between banks, especially for international wire transfers and for communication between banks.
Currently, there are about 40,000 ‘live’ SWIFT Codes (those which are actively connected to the SWIFT network) and about 50,000 ‘passive’ SWIFT Codes (used for manual transactions).
Is the SWIFT Code mechanism helping? It was, until the recent (February 2016), high-profile scandal where USD 81 million was stolen from a bank in Bangladesh, came to light. The incident highlighted the insufficiency of SWIFT Codes in securing online banking transactions and how instances of cybercrimes against SWIFT member banks have been increasing.
Few other examples of such heists which occurred through SWIFT manipulation:
Banks or SWIFT – where does the onus lie?While SWIFT defended itself by stating that the network itself wasn’t attacked during any of the above mentioned heists, these attacks, however, are disconcerting and reflect upon the vulnerabilities of the system run by SWIFT.
Leonard Schrank, Chief Executive at SWIFT for 15 years, suggested that SWIFT develop an anomaly detector to catch dubious message traffic as it arrives. He believes that the network had long since known that end-users are a key vulnerability and that SWIFT needs to work harder to alleviate these attacks.
That being said, the onus lies on every single bank to ensure their own security first so that systems are not susceptible to attacks and threats. This cannot be achieved by depending on SWIFT alone. Banks will need to take the extra step to secure their systems and increase security controls.
Since the Bangladesh bank drama, SWIFT has been urging its member banks to beef up their security measures and has promised new rules to improve security for bank transfers. In line with this, SWIFT sent a communication to all its users in May 2016 updating them on the steps they were taking to provide better security, including:
What else can banks do?To begin with – putting the house in order. Banks need to start identifying the challenges they face. Some of them would be:
There’s a variety of anti-fraud technology solutions available, but banks must realize that strategies that delivers real-time, actionable intelligence is increasingly becoming the de-facto standard, given the innovation in sophisticated fraud. Financial institutions need solutions that can help automate, streamline and comply with existing and emerging regulatory AML/CFT compliance programs and solve these problems in real time.
Innovative solutions are now available that monitor and detect suspicious transactions across channels and in real- time as it happens, helping the bank’s risk and compliance teams take accurate decisions at the precise right time. These solutions feature Suspicious Activity Monitoring, Customer Risk Categorization, Entity Identity Resolution / Watch List Filtering, Regulatory Reporting (CTR/STR/SAR), Case Management and Entity Link Analysis.
While financial institutions, networks such as SWIFT, regulators and policy makers are aware of the systemic gaps, radically more stringent lines of defence will be the shape of things to come. Heists, laundering and other frauds will continue to occur as hackers get more brazen, but the least banks can do is have foresight on the magnitude of the problem and take sure steps to secure themselves.
As Malcolm Marshall, KPMG’s Global Head of Information Protection & Business Resilience states, “Security is not something that should get in the way of doing business but is something that enables you to do it more safely. Hopefully that means something to you and your customers.”
