Layered Detection Efforts Needed to Combat Fraud
Cybercrooks are stealing as much as $1 billion a year from small and mid-sized bank accounts in the United States and Europe, according to Don Jackson, a security expert at Dell SecureWorks. Online banking, in particular, has been bombarded with new, sophisticated malware and Zeus banking Trojan attacks. Banks are also faced with continued risks in the growing trend of internal or employee fraud. According to the 2011 KPMG report, Analytics of Global Patterns of Fraud, this type of fraud often involves collusion with outside third parties. Both online and employee fraud can be very difficult to catch since often times the information is sold to organized criminals for sophisticated account takeover attacks.
Fraud experts at many financial institutions know they need to do more to deter and detect fraud. Fortunately, today’s advanced analytics provide a means for organizations to sift through data and transactions to make intelligent, real-time decisions as to whether a transaction is fraudulent and what steps should be taken. However, many banks have not taken the necessary steps to train staff and implement the type of layered analytics that are going to be required to thwart off early signs of invasion.
This layered or “hybrid” analytics approach includes rules, anomaly detection, predictive analytics and social network analysis that can be utilized based on the specific type of fraud that is occurring. This is part of a risk-based approach that can quickly triage specific alerts that might be more costly to the financial institution not just based on dollar impact alone, but also reputation.
A common threat banks face today is when a fraudster steals a client’s credentials and then patiently monitors the types of transactions they usually make, such as regular bill payments, deposits, spending, withdrawals, and inquiry habits. Then the fraudster uses the client’s credentials to call into the call center and open a small business account with the same phone number but possibly a different address. The intention of the criminal is to deplete the client’s account, transfer funds over to the new account, wire the money oversees and move on to the next victim. By the time the bank’s systems or the client realize that the account is depleted, it’s too late. Due to the sophisticated types of malware available, this has become a fairly typical scenario, with financial institutions usually one step behind.
Accessing real-time customer behavior analytics on every transaction becomes the “secret sauce” to differentiate what most fraud technology solutions are lacking today. Add to that the ability to access social media data such as unstructured data from sites including Facebook, LinkedIn, Twitter, etc. Other types of important data can include Web browser data, IP device data and various black lists or white lists and you start to add to the power of what the analytics can do to help detect fraud attempts accurately.
Take that a step further and utilize network analytics to visualize any associations to known “bad guys” or unusual behavior. This level of analytical approach is not easily accomplished with most systems implemented today. Using the fraud example above, by leveraging all that unique data regarding the client’s behavior, the bank might have detected movement in and out of the account that was coming from a suspect IP address, or that there were multiple inquiries into the account at the same time. This level of knowledge can only come from multiple analytical techniques working off of both traditional and nontraditional data inputs with real-time transaction analysis.
It is time for a new strategy and approach that will require new analytical approaches, new sources of data, collaboration between organizations on “known bad data” and emerging fraud threats. Without a fresh and innovative approach using the right level of analytics, the decisions made today might just be working in the favor of fraudsters.