By Martin Rehak, Resistant AI
In the first half of 2021 criminals stole a total of £753.9 million, which is a 30% increase from the same time last year. The report from UK Finance, also highlighted that advanced security systems used by banks prevented a further £726 million being taken, but it is still clear that these criminals are evolving at pace, hunting down new opportunities and infiltrating any gaps they find in these systems.
Since the Pandemic began there have been increases in card fraud, synthetic identity fraud, account takeovers and recruiting money mules to pass stolen funds through their accounts. It appears that authorised push payment (APP), when a customer is tricked into authorising a payment to an account controlled by a criminal, was the area that saw the biggest increase of 71%.
It is very apparent that fraud isn’t going away, so banks and fintechs need to strengthen their existing automated systems. So, the million-dollar question is what is the best way to outsmart these tech-savvy criminals who are out for everything they can get?
What is required is financial automation oversight, a set of AI powered technologies and processes that can effectively and efficiently supervise modern financial systems in real time. Artificial intelligence and machine learning systems excel at fraud prevention, as they identify subtle trends in the cybercriminals approach which enables a three-fold impact:
- Predict – today’s AI powered solutions can identify advanced fraud and manipulation earlier and faster by looking for inconsistencies and high-dimensional correlations in data. Continual learning from such behaviours ensures improvements in modelling efficacy.
- Detect – financial automation oversight engines are adept at identifying previously unidentified vulnerabilities and gaps in third-party systems that are ripe for exploitation by high level criminals. They recognise new patterns of financial crime as they emerge, with millisecond latency.
- Deter – where fraud is identified, a treatment strategy must be implemented, such as an elevated challenge or re-validation of identity. This narrows the focus of when human intervention is required by prioritising and contextualising alerts, thus improving the role of financial crime analysts.
The main areas of vulnerability in the customer journey that need to be protected are onboarding identity integrity and ongoing transaction integrity.
In the general onboarding process, identity validation is the first step to ensure an applicant actually exists. Next is verification, which links that person to the information they have provided in the validation stage. In many automated workflows there are risks from forged or manipulated documents that support the customer journey in online lending, trading, insurance, financing, factoring and payments.
In fact, 1-20% of documents in the application and onboarding process can be subject to manipulation, such as forged bank statements, modified invoices and amended pay slips. By protecting automated processes that use unauthorised documents from third-parties, banks can be sure that all digital documents are genuine.
Once an identity has been validated, by no means a trivial task involving both the initial authentication and subsequent verification – identity data becomes somewhat static for the remainder of the transactional relationship, however even a validated identity can be taken over.
Continuous assessment of transaction integrity typically requires a 360-degree view of each and every customer-merchant transactional interaction. A customer’s behaviours and actions within a session, across sessions and between sessions may hold clues to financial crime through anomalies in behaviours, device characteristics, internet provider, contact information, geo-locations, spikes of related activity or unusual switching between closely related activities. If anomalous behaviours perpetrated by human or robotic actors can be recognised, emerging attacks can be addressed before any losses occur.
Failing that, attacks in progress may be recognised by reasoning about transactions in the context of similar transactions. However, given the goal of a frictionless customer experience, these interventions must take place with minimal latency even at scale.
Transaction volumes and the desire for almost instantaneous response in the on-demand economy make human oversight impractical. Instead, the combination of AI and the human brain offers the strongest defence when it comes to fighting cybercrime. Using AI technology to strengthen the validation, verification and transaction processes ensures security is enhanced, but not at the expense of the customer journey. Not only will this create a safer and more trusted customer experience, but it will also play a key part in improving company reputation and attracting new customers.