Clari5

Menu

Author: Clari5

Episode 1: Malafide Intentions​

Posted on by Clari5

Our new series of thrillers – produced and directed by CustomerXPs and Banking Technology – narrate the tales of the fight between the forces of good (the Clari5 analytics and anti-fraud software) and the forces of evil. Based on real events and guaranteed to keep you on the edge of your seat!

The alert flashes on the dark screen. His cat nap is disturbed by the “on/off” flashing on the monitor which causes his eyelids to flutter open. He looks at the array of numbers and text that appear to be just a vast, random set of data, for the lay person. But Oliver’s trained eye and keen mind are attuned to pick out anomalies from this data load. Oliver wasn’t called Hawk by his colleagues, the keenest, sharpest AFO (anti-fraud officer) at the Bank of Sentee (BoS) for nothing.

Oliver’s eyes rapidly scan through Michael Hook’s transaction history.

POS 12.30 pm SF, 22.07.16, Starbks
POS 16.30 pm SF, 22.07.16, Movtkts
POS 19.30 pm SF, 22.07.16, Metreon
POS 20.20 pm ABJ, 22.07.16, Fouani Electronics – there it was, popping out at him like a girl in a magenta halter in a room full of black tuxedos! Oliver quickly runs a check for country codes and finds ABJ is Abuja, Nigeria.

Oliver’s fingers flew over the keyboard and his eyes scanned through Michael Hook’s transaction history for the past seven days. Come on Clari5, he urged. Clari5, Oliver’s best friend, obliged. Michael Hook’s transactions seemed fine, no anomaly, no suspicious activity. So then what explained Nigeria?

Could Michael, a regular graphic designer, travel from San Francisco to Nigeria, a distance of over 7700 miles in 50 minutes? He ain’t no Superman!

12.30 pm, 22.07.2016, Starbucks, 3595 California Street, San Francisco

“Good afternoon sir, can I take your order?”

“Hi. Mmm… I’ll have a chicken BLT sandwich and a decaf Pike Place coffee, please.”

“Sure. What name shall I add to the order?”

“Michael Hook.”

“Have a seat and we’ll call out your name. Have a good day.”

Michael looked at his Fitbit. 12.33 pm. God! “Is it stuck or is it me?” he wondered. He looked thoughtful as he sat down, his mind unspooling the conversation he had with Jessica in the morning. Sigh! He swiped through his messages. “4.30 show, don’t forget, J.” Her curt response: “Yup.”

He’s got to make it up to her, he loves her too much to lose her. Thoughts swirled in his head like the steam from the coffee mug. Should he buy her something before the movie? A ring? Would she accept?

“Can I afford to get married?”

Technology is a savior. Michael checked his bank account on his smartphone. $10,578. He had the dosh. He felt a sliver of excitement welling up inside of him. Yes, maybe he would surprise Jessica after all. 

16.30 pm, 22.07.2016

Back in office Michael bought two movie tickets at movietickets.com. “Booked for To Steal From A Thief. See you at 6.00 – AMC Metreon,” he texted. “See you” popped up on his phone. Michael continued to look at his text message knowing Jessica was still miffed at him, but his modus operandi was all sorted.

POS 19.30 pm SF, 22.07.16

“Large tub of cheese popcorn and two Diet Cokes, please!”

“That’ll be $5.50. Thank you.”

The counter assistant at the popcorn counter at the Metreon swiped Michael’s card. It’s intermission and Michael wanted to hurry back to Jessica. She seemed to be enjoying the movie. He knew it was all going to be okay.

POS 20.20 pm ABJ, 22.07.16, Fouani Electronics

“Come on Michael,” Oliver muttered under his breath. “Tell me you’re in San Francisco buddy and we’ll be fine, just confirm it man.” But Michael’s phone was on “silent”. He missed the SMS alert completely, and the second one as well.

“Breathe Oliver, it’s okay Oliver, have sent the two alerts to Michael Hook.” Oliver tried to soothe his frayed nerves. All POS transactions checked out. The last one at 20.20 ABJ seemed different. Was Michael in Nigeria? But Michael hadn’t travelled anywhere in the last 12 months! Clari5 confirmed that. Oliver commanded Clari5 to give up Michael’s transaction history for the last six months to double-check. No, nothing. Michael wasn’t a big spender. And neither was he a defaulter. His last big electronics purchase was for a Kindle. Wow!

Oliver checked with Clari5: “do you think it’s a fraudulent transaction?” Clari5 advised Oliver to refuse authorisation of Michael’s card for $2,150 at Fouani Electronics, ABJ. That’s it, Oliver made his decision. He ran a few commands and an SMS was sent to Michael disabling his credit card.

22.00 pm, 22.07.16

Michael looked at the two texts from BoS. His credit card was disabled. At that exact moment his phone rang. “Oliver Pagliace from BoS. Am I speaking with Michael Hook?” 

Two days later at Fiore d’Italia – 20.00 hrs.

“OMG! Really? Oh darling, when did you, I can’t imagine…”

Michael just finished proposing to Jessica. With his credit card.

22.00 hrs, BoS branch, San Francisco, California – 24.07.16

The light from the monitor was blinking. Oliver was just biting into a sandwich. He turned around. Clari5 was at it again. This time it was Dar-es-Salaam.

“Gotcha.”

Episode 2: Blacklisted 

Episode 3: Inside Job

Episode 4: Money Rolls

Financial Mecca Tightening The Screws On Anti-Money Laundering!

Posted on by Clari5

“Breaking News: Singapore to use data tracking against money-laundering”. What bearing does this headline have on a safer and more secure banking system?

The 1MDB fiasco

Let’s rewind to 2015 and 1Malaysian Development Berhad – a Malaysian fund set up in 2009 by the Prime Minister of Malaysia, with the intention of turning Kuala Lumpur into a financial hub, much like its neighbour, through strategic investments, to help boost the economy.

The Wall Street Journal broke a story in 2015 and reported a paper trail of alleged misappropriation of funds in 1MDB to the tune of US $ 700 million, traced to the PM’s personal accounts.

All hell broke loose and investigations by the US Department of Justice revealed that the quantum of laundered money is actually US $3.5 billion!

Since then, multiple foreign authorities have been involved in the investigations of this scam – something so massive that it has thrown open a Pandora’s box on the prevalent AML security systems in banks.

In May, earlier this year, Singapore, South East Asia’s leading financial centre ordered the Swiss bank BSI to shut down on charges of “suspected corruption of public foreign officials, dishonest management of public interests and money laundering”.

MAS (Monetary Authority of Singapore) and its role in banking regulations

A brief perspective on MAS and its scope of authority – www.mas.gov.sg states, “As Singapore’s central bank, the Monetary Authority of Singapore (MAS) promotes sustained, non-inflationary economic growth through appropriate monetary policy formulation and close macroeconomic surveillance of emerging trends and potential vulnerabilities.”

“It manages Singapore’s exchange rate, foreign reserves and liquidity in the banking sector. MAS is also an integrated supervisor overseeing all financial institutions in Singapore — banks, insurers, capital market intermediaries, financial advisors, and the stock exchange. ”

 

“With its mandate to foster a sound and progressive financial services sector in Singapore, MAS also helps shape Singapore’s financial industry by promoting a strong corporate governance framework and close adherence to international accounting standards.”

“In addition, it spearheads retail investor education.”

“MAS ensures that Singapore’s financial industry remains vibrant, dynamic and competitive by working closely with other government agencies and financial institutions to develop and promote Singapore as a regional and international financial centre.”

“Given the nature of its position and authority, one of its functions is to “conduct integrated supervision of financial services and financial stability surveillance.”

“Moreover with Singapore being a key financial mecca in the South Asian region, it plays an active role in international fora and is a key contributor to shaping financial regulatory norms.”

In this context, given the nature of the 1MDB scandal, Singapore’s MAS has been probing different banks for any breach of security and money laundering activities while handling transactions linked to 1MDB.

To quote a report in Shanghai Daily, “The Monetary Authority of Singapore is looking at several aspects of the UBS and DBS Group Holdings’ operations including whether they were diligent enough in knowing who their customers were and what the source of their funds was, and whether they were particularly careful in screening politically-exposed persons such as government officials, banking and legal.”

The investigation by MAS could lead to hefty fines and various other penalties if the banks under question were found to be non-compliant with the very stringent anti-money laundering rules, policies and measures.

In the past, the US has imposed hefty penalties on banks found to have lapses with money-laundering activities, tax evasion and international sanctions, but Asian regulators have found to be slow to act.

Given this context, it was incumbent upon Singapore to act tough and prove that banks in the city-state are complying with anti-money-laundering rules.

Given this back story it is but natural for the central bank of Singapore to clamp down heavily on any fraudulent activity that jeopardizes the reputation of Singapore as a mecca for banking not only in Asia but globally.

“We will make more robust risk assessments of financial institutions’ business activities, client profiles, geographical connections, transaction volumes and quality of controls,” Ravi Menon, the MD of MAS said.

According to the UN Office on Drugs and Crime, the estimated amount of money siphoned off globally in one year is 2 – 5% of global GDP, or $800 billion – $2 trillion in current US dollars. Money laundering is an epidemic and must be curbed – no question about it.

Advanced tech to the rescue

With escalating frequency and complexity of financial crimes, it is imperative for banks to pay greater attention to fraud prevention not just from a regulatory compliance perspective but for better operational risk management.

They must understand that if their systems are not preemptive in nature, then ‘post-incident’ scenarios are going to be quite common.

Banks need to work in partnership with solution innovators to combat the menace.

 

Given the sophistication of large-scale economic fraud., there is a need to move away from conventional channel-centric AML approaches and consider real-time, cross-channel solutions that have the capability to analyse big data and provide real-time intelligence covering Suspicious Activity Monitoring, Customer Risk Categorization, Entity Identity Resolution/Watch List Filtering, Regulatory Reporting (CTR/STR/SAR), Case Management and Entity Link Analysis.

Banks must understand the gravity of the situation and begin evaluating solutions that can quickly enable a strong and strategic fraud prevention framework to pro-actively thwart potential threats from sophisticated money-laundering syndicates.

Sources:

The Rise of Cybercrime in Indian Banks

Posted on by Clari5

Cybercrime is a relatively new term in the lexicon of criminal terminology. Cybercrime came about after the financial sector especially banking introduced technology for its banking operations in the late ‘90s. This infographic throws light on the current scenario of cybercrime across different sectors in India, as well as answers how and why banking in India is so prone to cybercrime.

 

How can RBI’s latest guidelines help Indian banks combat cybercrime?

Posted on by Clari5

Rising cybercrime in India is no secret. According to a report by Symantec, India now ranks 3rd in the world, after the US and China, as a source of malicious activity. In fact the National Crime Records Bureau data reveals that in the three years up to 2013, registered cases of cyber crime were up 350 percent, from 966 to 4356. Dubious distinctions both, and give banks and the financial sector in India cause for worry.

Keeping in mind the dramatic swell in online economic crimes, India’s central bank – RBI (Reserve Bank of India) recently issued a comprehensive circular to all banks in India urging them to implement a cybersecurity framework. It prescribes the ideal approach for banks on taking concrete measures to combat cybercrime, fraudulent activities online and thereby retain customer confidence, reduce financial losses and ensure business continuity.

Cybersecurity measures for banks as outlined by RBI’s circular

In light of the rising frequency and impact of cyber attacks, the RBI circular to banks urges them to take adequate measures that are robust and resilient which address and tackle risks posed by cyber criminals, and in the meantime also put in place an adaptive Incident Response Management and Recovery framework to deal with adverse disruptions if and when they occur.

The foundation for fighting cyber crime would stem from a Bank Board approved cyber security policy that outlines the approach for combating cyber crime. This policy is not to be confused with the IT policy or IS security policy and its strategy should encompass some of the following:

  • Identify and assess risks, technologies adopted, regulatory compliance, delivery channels (online/ mobile, etc.), organizational culture, internal and external threats, and processes and policies in place to manage and combat risk
  • Continuous surveillance by testing for vulnerabilities through a SOC (Security Operations Centre) that is constantly updating on the nature of emerging cyber threats
  • IT architecture to be conducive to security measures to be implemented by the bank post assessment of readiness and ensure that network connections to database are allowed through a well defined process and by authorized personnel only
  • Ensuring the confidentiality, integrity and security of customer data is preserved, without any compromise of the same
  • Formulating a Cyber Crisis Management Plan (CCMP) whose primary focus should be: detect, response, recovery and containment to address various types of cyber threats including and not limited to: distributed denial of services (DDoS), ransom-ware / crypto ware, destructive malware, business email frauds including spam, email phishing, spear phishing, whaling, vishing frauds, drive-by downloads, browser gateway fraud, ghost administrator exploits, identity frauds, memory update frauds, password related frauds, ‘zero’ day attacks, remote access threats and more.

 

Baseline Cybersecurity requirements – an indicative list

Banks need to fortify the measures adopted to achieve baseline security and resilience. For instance:

  • monitor logs and incidents in real time or near real time
  • configure hardware and software appropriately
  • automate network discovery and management
  • use the right tools and mechanisms to detect unusual activities in servers, end
    points and network devices
  • protect customer access credentials such as logon user-id, authentication information and tokens, access profiles, etc. against leakage/attacks
  • implement controls to minimize invalid logon counts, deactivate dormant accounts
  • monitor any abnormal change in pattern of logon

The RBI circular mandates a detailed list of cyber defence apparatus. It is evident that a large majority of these measures and requirements can be fulfilled by robust software tools and products that are built for specific purposes. But banks must also remember that from a day-to-day operations’ perspective, it is imperative to have a system that monitors, tracks, alerts and preempts any anomalies that occur in banking transactions, in real time.

“Detect and prevent” as it happens and not wait for end-of-the-day reporting of incidents that are suspicious. In fact RBI’s circular lists out the implementation of risk-based transaction monitoring or surveillance process as part of fraud risk management system across all delivery channels.

In addition to optimizing available technology to strengthen controls for effective risk and fraud management, banks need to conduct employee and management awareness workshops, encourage them to report any suspicious behavior to the incident management team, and conduct targeted training for key staff in operations/ management roles and evaluate awareness periodically.

In parallel, banks need to conduct awareness programmes for their customers and encourage them to report phishing mails/ phishing sites, highlight the risks of sharing their online account credentials, passwords, and other measures they can take to protect themselves from fraudsters and people with malafide intent.

The RBI circular also touches upon the topic of governance aspects which include dashboards, intelligence, proactive monitoring and management capabilities with sophisticated tools for detection, quick response and backed by data and tools for sound analytics.  In addition, banks must keep in mind several other issues while equipping themselves to fight cyber attacks: technology issues, people related issues and process related issues.

It would be fair to assume that if Indian banks were to proactively implement an intelligent, cross-channel anti-fraud defense mechanism, the impact of cybercrime (if/when it occurs) can be vastly minimized.

 

Source: RBI Circular of June 2016

Nigeria – Online Fraud

Posted on by Clari5

Internet Technology for banking: A Boon or A Bane?

Internet Technology has opened up new scope for the banking systems .It has enhanced our lifestyle up to some extent and it made our lives easier. But at the same time it comes with some risks because of its associated fraud.

According to NIBSS, increasing use of ATM and E-Platform has contributed to accelerated growth of fraudulent activities. According to latest figures, the volume of fraud is going up but actual loss from the attempted fraud is reducing. To know more check out this below info graphic which reflects the fraud data related to Nigeria.

 

Banking Fraud in India

Posted on by Clari5

Banking Fraud have been in existence  from a long time in the form of insider trading, stock manipulation, accounting irregularity etc. But now-a-days the fraud in this sector has become more sophisticated and the Indian banking sector is overwhelmed with more advanced frauds.

There are many other scams prevailing like ID theft, fraudulent documentation and diversion of funds etc., but the leading scam among all of them is Non Performing Assets (NPAs).

This info graphic below reflects increasing percentage of banking fraud in India year after year.

 

 

By Priyanka Gautam 

Reach her at clari5@customerxps.com

CustomerXPs offers real-time, intelligent products that empower banks with instant insights enabling influenced outcomes of deeper customer engagement and fraud-free transactions.

Learn more about CustomerXPs Clari5

The carding scene of India is a topic that has been talked about for years. There are many misconceptions about carders and carding in general, but the truth is that carding https://dumps.to/product/fast-clean-paypal-transfer-1000 is not always bad. In this blog post, we will discuss what carding actually means in the country of India, how to understand it better, and what you can do to fight against it.

Redefining starfish banks with use cases

Posted on by Clari5

Cross channel scams are the most pervasive form of frauds perpetrated against bank customers. Fraudsters target customer accounts by a number of access points- branches, ATM, cards, online banking or wire transfers. With multiple channels leading to multiple access points, installing adequate combat mechanisms takes a backseat, thus expanding the attack surface. Consumers have been steadily using mobile phones, cards and Internet banking, mainly relying on good faith in financial institutions. But as scams become more complex and less predictable, banks need to keep a tight vigil against fraudsters targeting across multiple channels. Banks need to break free from the traditional ‘Starfish’ approach of combating fraud in silos; they need to actively base their combat mechanism on cross-pollinated intelligence that runs across multiple channels.

Let’s assume a scenario to better validate the above points.

Jamie is a budding photojournalist. She stays in a paying guest accommodation in Mumbai. She is an intern with a well-known magazine. Normally, she receives her salary on the last day of every month and pays her rent on the 1st. She saves the rest of her salary for paying off her expenses throughout the month and manages to save some money for her impending Euro trip. This time though, soon after her salary gets credited, there is an entire salary debit on 1st. By the time the bank and Jamie get to know about this fraudulent transaction, the entire money is lost. The bank fails to recognize this transaction as a fraudulent one.

The scenario discussed above could have easily been averted had the bank implemented a unified cross-channel fraud management system. Jamie wouldn’t have lost her salary. The bank wouldn’t have let the abnormal transaction to go through without additional levels of authentication across different channels.

Traditional fraud management solutions employed by banks have silo based systems that have the ability to monitor and detect fraud only for a single channel/product at a time e.g. credit card fraud detection, Internet banking fraud detection etc. Even the systems credited for being multi-channel managed frauds on multiple channels but not across multiple channels. An ideal cross-channel fraud management solution not just monitors and prevents fraud on multiple channels but also has the ability to correlate the intelligence gathered from one source system to the events happening on other channel to detect and prevent fraud.

To know more on redefining starfish banks with the help of use cases, download our entire white paper here or 

5 Min Guide to Data Breaches

Posted on by Clari5

5 Min Guide to Data Breaches

So, how far is your data protected??

Percentage of Data breaches is enormous & this fraud increases exponentially in developed countries. As there are so many types of data breaches and it is difficult to monitor all breaches in real time because of which consumers feel insecure at the time of financial transaction. We use technology to prevent information from fraud but in such cases technology is incapable in making our payment safer. Data breaches strike the people of all ages either intentionally or un-intentionally.

According to Federal Trade Commission Consumer Sentinel Network Data Book, globally total data breaches were 1541 in 2014 & at the same time, the total data records lost or stolen were 1023,108,267 that emerged as the largest form of fraud worldwide.

This infographic below reflects this global fraud scenario.

 

By Priyanka Gautam 

Reach her at clari5@customerxps.com

CustomerXPs offers real-time, intelligent products that empower banks with instant insights enabling influenced outcomes of deeper customer engagement and fraud-free transactions.

Learn more about CustomerXPs Clari5

Combating Cross-channel Fraud

Posted on by Clari5

Combating Cross-channel Fraud 

Banks throughout the world are recognizing that fraud has become sophisticated and more and more pervasive. Potential projected global fraud losses related to occupational fraud are estimated to be more than $3.5 trillion.

While direct losses due to fraud are startling, the actual loss incurred is much higher in terms of loss of productivity, loss of customer confidence and attrition, notwithstanding losses due to fraud that goes undetected. Attacks against operational systems and infrastructures such as online banking and e-commerce can result in direct loss of business or revenue. Any kind of intrusions into information systems can result in massive theft of sensitive data or customer information.

Such enormous pressure on banks from fraud incidents and financial crime comes at a time when financial services organizations must deal with a new and expanding regulatory environment. Thus, the current environment is putting the banks’ fraud management capabilities into question.

Traditional fraud management systems have never been able to keep up with the sophistication of fraud across channels. The combat systems work in silos similar to a starfish and have the capability of monitoring frauds across only a single channel at a time. Thus, such systems are ineffective at identifying and combating cross-channel frauds. Banks should move away from silo based systems to take into account channel-specific fraud management techniques that have the ability to share information with other channels for combating cross-channel fraud.

The Problem with Current Fraud Management Solutions

Fraudsters on the prowl are constantly increasing their sophistication level rendering many fraud detection systems ineffective at identifying fraud. While rules-based systems are adept at spotting fraud patterns, it runs the risk of flagging many legitimate customers while fraudsters can use trial and error to discover ways to circumvent the system.

In addition, too many false positives, lack of speed in transaction authentication and inefficient investigative processes drive up operational costs, as banks are forced to increase spending on enterprise financial crime management against sophisticated attacks.

The amalgamation of organized crime and new and ever-changing types of fraud – in addition to heightened regulatory requirements – have led banks to pursue new techniques for preventing and detecting fraudulent activity.

According to Deloitte, around 30 percent of their survey respondents indicated that it took them 6-24 months to detect fraud. Close to 22 percent of survey respondents said they could recover only up to 25 percent of the fraud loss amount. These statistics indicate a move towards reliance on multiple channels, including technology based channels, to detect fraud, as indicated by a significant percentage of respondents.

Thus, moving over to advanced fraud management systems that overcome all these challenges is vital. Any negligence in awarding this area proper attention would ensure financial, reputational, and punitive risks.

Fighting Fraud

The challenges discussed above have led to the extreme need of discarding age old fraud management systems that follow the starfish approach of working in silos, without any sharing of real-time information across different channels. Banks have a variety of risk functions to identify different kinds of risks. Each risk function varies in capability and how it coordinates with other risk functions. A central goal, and challenge, of any fraud management system is improving this capability and coordination, while integrating the output to provide a unified picture of risk for stakeholders and improving the organization’s ability to manage risks effectively.

To know more on combating cross-channel frauds, download our entire white paper on this page.