How banks will slay the many-headed hydra of fraud in 2019
Financial fraud may not take its cue from a Greco-Roman water monster known as the hydra, but it wouldn’t be a stretch to name the next computer virus after it. For in ancient mythology, a hydra’s heads number anywhere from six to 50. But who’s counting when, every time a would-be hero lops off one, two more grow in its place?
And yet in financial services, this vicious cycle of regeneration is no myth—literally. As soon as security experts stem the tide in one channel, fraudsters find one or more vulnerabilities to exploit, using a number of different tactics.
In 2018, high-tech advances and the promise of ill-gotten monetary gain meant new, frightening fraud variations. Fraud-as-a-Service and fraud-for-hire groups are growing, while artificial intelligence looms as another potential game changer—though in this case, the game has no rules or referee.
As Charles Cooper points out in a recent article, “cybercrime-as-a-service … has opened a wide digital door to anyone looking to score a quick, illicit buck on the internet.” Some criminals are even “making customer service guarantees a key differentiator, with try-before-you-buy options and returns for ‘faulty’ merchandise such as bad payments cards.” How about that: The tools you need to rip off bank customers, delivered with the customer experience you expect.
Fraudsters can also turn to organized rings that provide technical elements and a support network to perpetrate their crimes. Again from Charles Cooper:
“Many online marketplaces on the dark web actually tout the technical support they can supply. … The cybercrime-for-hire business appears to be so robust that hacker gangs reportedly are hard pressed to keep up with demand.”
AI and machine learning have also received recent attention; while AI facilitates many pieces of daily life, disquieting developments have helped to fuel financial fraud.
As Deepak Dutt, CEO and founder of Zighra, mentions: “Artificial intelligence can be used to mine large amounts of public data … that can be used for hacking.” AI can also feed irregularities into company cyber defenses; create sophisticated and personalized phishing emails; automate large scale digital attacks; or coordinate smaller, targeted brute-force password attacks.
These facets of fraud continue to evolve, and new tactics appear regularly. Our close work with fraud solution providers gives us insight into fraud present and future. Here are some trends in combating fraud we will see increase in 2019.
The four pillars of verification
Financial institutions (FIs) are working to strike a fine balance between sufficient fraud prevention and detection measures on the one hand, and minimal customer friction on the other. The key to getting the balance right is a modular, modern approach. FIs that layer their fraud mitigation solutions will boast much greater flexibility to apply friction when appropriate, while allowing legitimate customers through with ease and convenience.
Many companies use verification measures beyond passwords and one-time PINs. They also weave solutions into the application process separate fraud from legitimate applications. These solutions include:
- Tokenization. Tokenization allows FIs to build specific profiles for individual consumers by replacing sensitive, personally identifiable information (PII) with randomly generated substitute values. Tokens can be specific to a merchant, lender, card, individual transaction or device.
Tokenization doesn’t expose sensitive information to fraudsters, which makes it appealing. It can function as a “digital signature” for a specific device, account or individual—virtually impossible to replicate—that creates an excellent layer of fraud prevention. Tokenization also helps fight customer friction. Tokens require an initial setup but once in place run behind the scenes for seamless interactions.
- Prescriptive analytics. This approach combines descriptive analytics (an assessment of what happened) with predictive analytics (modeling and forecasting what might happen). It aims to take these pieces of insight and “determine the best solution or outcome among various choices, given the known parameters.”
In a fraud-fighting capacity, prescriptive analytics are useful for online applications. Organizations can provide proprietary scoring assessments of how customers interact with critical application questions. Those scores can then inform a “friction application” strategy, where FIs can choose to ask for more detail, or route through additional fraud prevention.
- Biometrics. Biometrics rely on unique physical attributes—fingerprints or iris patterns, for example—to verify consumer identity. They are difficult for criminals to duplicate and so can serve as a single point of identity, such as the thumbprint login on an iPhone. Or they can employ two-factor authentication, such as with the recent Apple Pay development that leverages facial recognition to validate purchases.
Biometric identifiers pose two main challenges. One: overcoming reluctance to adopt these methods, particularly among older consumers. And two: securely storing and maintaining a large database of sensitive biometric information.
This highly personal information has tremendous inherent value for fraudsters. Thus any organization that uses biometrics can expect aggressive efforts to breach and exploit that data. The potential consequences of a successful breach would be catastrophic; consumers can change their passwords with relative ease, but definitely not their fingerprints or faces.
- Behavioral Biometrics. This technology relies on “uniquely identifying and measurable patterns in human activities.” Rather than rely on fingerprint or face scans, secret question responses or a one-time password, these verification techniques employ sophisticated technology to identify people “by how they do what they do.”
Behavioral biometrics hold promise for secure authentication, and hold particular appeal because FIs need not house sensitive personal information data. This innovative approach also bridges the gap between device and user, since each person will interact with unique devices in unique ways.
Putting it all together: Nowhere for fraud to hydra
If the proliferation of fraud is hydra headed, the resources to stem it must become singular. In 2019 and beyond, successful FIs will adopt an all-inclusive, layered strategy for fraud detection and prevention. They will bring as many solutions together as possible, on a single, easy-to-manage platform that allows for real time connection and updates.
The way ahead suggests, if you will, an improbable leap of faith from mythology to Buddhism by way of this joke: What did the Buddhist monk say to the hot dog vendor? “Make me one with everything.”
Want more Banking Strategies? Sign up for our free newsletter!