By David Mirfield, Director of Product Management, Symphony AyasdiAI
Limited personal interaction, working remotely, travel restrictions – the list goes on. During the pandemic, communication in all sectors went online, and cybercriminals went to work.
Their attacks became more targeted, and one of their biggest targets has been the financial sector. In fact, a study from LexisNexis Risk Solutions found that banks saw more monthly fraud attacks in 2021 than in the prior year – and the attacks became more expensive: “Every $1 of fraud loss now costs U.S. financial services firms $4.00, compared to $3.25 in 2019 and $3.64 in 2020.”
When it comes to fraud, most efforts have been focused on protecting the customers, sometimes neglecting the risks that fraud poses to the banks themselves. But this perspective is changing. Banks are starting to look more internally at how to also protect themselves from fraud – but without just passing the proverbial buck to the customer, either.
All of this means financial organizations need to re-think their approach to rooting out fraud. Let’s call it the Great Bank Reset. Here are three areas where we see this playing out.
First-party fraud will become a greater focus area
What’s known as first-party fraud will – and needs to – become a bigger focus for banks, but it can be too easy to miss. Whereas traditional third-party fraud involves an impersonation or account takeover, be it via someone assuming your identity or someone using stolen card credentials, first-party fraud is more likely to entail a customer claiming to be a good-faith customer and then deliberately trying to commit fraud inside the bank. There also may be a combination of different processes or activities at play that fraudsters can bypass to commit particularly large fraud without the customers knowing anything, but the bank is still liable for the loss of funds.
That makes it challenging to mitigate, and financial services providers often lack the historical data needed to help define what first-party fraud looks like. And first-party fraud often does not have one owner; responsibility lies somewhere in the intersection of the fraud team, operations and the risk department.
Moving away from endpoint solutions
The rapid move to cloud-based models has opened security gaps. Many organizations have tried to solve a lot of the more immediate fraud problems with piecemeal endpoint solutions, but this doesn’t work once fraudsters evolve their attacks. They need to optimize the use of data, optimize the use of analytics and get a 360-degree view of fraud risk – as opposed to having different teams or different solutions working in silos.
Combining AML, financial crime and fraud in one holistic view
This level of change isn’t going to happen overnight, but change is coming. We’ve seen the need to use more advanced and effective techniques in anti-money laundering (AML.) And with the familiarity of using those techniques already in the fraud space, we’re going to see more organizations start to consider how to tie these together more strategically and more aggressively than they ever have before.
In order to detect and block threats in real time, financial institutions need to use advanced technology to get a much deeper understanding of past, present and future human behavior. To put it another way, these organizations must devote the same level of resources, attention and creativity to the rest of their operations that they do to customer security.
Though it’s true that individuals can sometimes be the weakest link in fraud detection, so are manual processes and outmoded procedures that many businesses currently use. Adopting new technology is one option, but firms must also embrace a far more comprehensive approach to risk. They should take a 360-degree view of their customers. It’s about more than how customers interact in general; it’s also about the behaviors that drive them. Organizations can use AI and ML, as well as third-party data, to better discover patterns and construct more effective defenses to halt criminal activities.
Fraud protection for all
Financial institutions have seen unprecedented demands on their cybersecurity teams in the past two years: first from the significant network rejiggering required by the shift to remote work, and then from the cyber-attackers eager to take advantage of the resulting security gaps. No wonder that banks saw a spike in fraud.
That’s why it’s time for a great reset when it comes to how banks approach their fraud mitigation strategy – and we see this playing out with a three-pronged focus: re-examining, first-party fraud, abandoning the point-product strategy and combining modern technologies into one holistic point of reference. This new focus will reinvigorate efforts to combat fraud and protect the banks as well as their customers.