What to look for in an anti-fraud solution
The right anti-fraud solution not only cuts fraud, but lowers costs, builds and maintains trust, and protects the customer experience, writes Joël Winteregg.
When it comes to fraud, prevention is better than cure. In a world connected via the internet, fraudsters are remotely stealing $3.7 trillion* a year, safe in the knowledge that their spoils are rarely recovered and they themselves are unlikely to be tracked down by law enforcement. In the UK, for example, there were just 61 prosecutions for cyber-crime in 2015.
With trust, cash, profits and the risk of big fines from regulators at stake, banks must try harder. If it is so difficult to catch fraudsters after the event, we need to stop them before.
Profiling is a well-established tool for law enforcement and a successful part of the marketer’s armory. In both cases, it gives insight into behavior and character to help achieve a desired outcome. Profiling can be used to detect and stop internal and external fraudsters, too, by building a 360-degree picture of staff and customers that can be used to spot out-of-character behavior.
The best anti-fraud solutions incorporate this type of profiling of customers and staff and are designed to work specifically with banks, bringing analytics and data together in real time to give powerful insights in a scalable system.
A number of companies claim to offer anti-fraud solutions based on user behavior analytics, but often these just don’t cut it. Most develop a list of bad behaviors and via a list of rules, for example noting a customer or employee’s usual location, they look for suspicious activity. This approach has serious flaws, perhaps the biggest of which is that it represents an endless and expensive game of cat and mouse, with the banks constantly trying to develop and refine rules of bad behavior that will catch the innovative fraudsters.
Not only does a huge amount of fraud still succeed – note the $3.7 trillion lost each year – but this approach throws up a huge number of false positives, alerts that turn out to be for acceptable customer activity, and these can undermine trust and diminish the customer experience. One company that we know of was called so often about its overseas activities that it considered closing its account with the bank in question.
It is far better to build a profile from a list of good and acceptable behaviors taken from observation. After all, there are far fewer things that define me than those that don’t. For example, the times when I usually buy online, do my online banking, or which computer I’m likely to use.
You may also be interested in our eBook about Digital Banking Fraud: Best Practice for Technology-Based Prevention
Another problem with traditional anti-fraud solutions is that they don’t operate in real time, yet a bank has just a few seconds maximum to spot and block a fraud or allow the transaction. After that, the money is often gone forever.
Equally, the solutions provider needs to understand all the variables facing a bank. Most solutions just focus on the technological variables such as browser language, session duration, client location, language used, display resolution and user agent. But financial variables including currency, counterparty, destination country and amount also need to be taken into account.
This is important because it’s about seeing the whole picture. For example, a bank customer sends money to his mother every month. On this occasion he is traveling in Italy for the first time and sends the cash from there. A solution using purely technical variables would pick up this transaction as out of character – he has never sent money from Italy; a solution that includes financial variables would see that it fits into his pattern of spending and payments.
By combining technological and financial variables, we have found that a bank can cut the number of false positives by four-fifths.
For SWIFT transactions, financial variables are even more important, as they are for e-banking, m-banking and in the fight against malware, where a computer becomes infected with a worm or virus designed to hijack accounts or initiate and complete transactions.
Finally, the whole solution needs to be scalable. Cap Gemini predicted digital transaction growth of more than 10 percent in 2016 to some 500bn a year. This growth is only likely to accelerate as more people adopt mobile and e-banking. Banks need to ensure that their anti-fraud system can keep up.
Getting the right anti-fraud solution will cut fraud, lower costs and give a good customer experience. Get it wrong and not only will a bank continue to lose money, lose trust and lose customers, it will also lose out when the regulator comes knocking.
*Association of Certified Fraud Examiners