Why banks need to continue to take the fight to fraud
Risk-based systems are crucial for banks to defend against attacks, says Mark Crichton, senior director, security product management, at technology group OneSpan.
Risk-based systems are crucial for banks to defend against attacks, says Mark Crichton, senior director, security product management, at technology group OneSpan.
The UK banking industry has a billion-pound fraud problem, with £1.2bn lost to fraud and scams in 2018. There’s no shortage of statistics that further expose the sheer scale of the problem, such as recent findings from Experian that reveal a new incident of financial fraud was reported every 15 seconds in 2018.
We’re also witnessing an uptick in technology-enabled financial crime with the targeting of new channels, including social media and contactless payments, thanks to increasingly cyber-savvy fraudsters.
In response to rising fraud levels, financial institutions (FIs) are investing heavily to tackle the problem: it’s estimated the industry is spending over £650 million annually in dedicated staff time alone to combat financial crime. When you consider the additional spending on technology, the real number is likely far higher.
The development of new tools and technology powered by artificial intelligence (AI) and machine learning is certainly driving change. However, the mobile channel is growing as a lucrative target for criminals, and regular data breaches are making personally identifiable information (PII) more readily available to hackers and is a major contributor to fraud losses.
So, how can banks get ahead? Let’s take a look at where the industry is already making progress and address the changes necessary in reducing fraud across the UK.
AI and machine learning are driving transformation across virtually all industries and disciplines, and the financial services sector in particular is benefitting massively from the development of this technology.
Machine learning has the ability to analyse vast amounts of channel specific data to accurately flag suspicious transactions and new fraud attacks in real-time. This risk-based approach detects complex patterns that are otherwise difficult for analysts alone to identify, giving banks and FIs the capabilities to detect more fraud whilst becoming more operationally efficient.
AI and machine learning are also powering next-generation adaptive authentication technology, which can analyse and determine the risk of a situation and implement security accordingly.
The fact that banks and FIs successfully stopped two thirds of unauthorised fraud in 2018 is promising news for banks and consumers alike, and illustrative of the benefits these new technologies can bring. However, new threats are always emerging, so there is still work to be done to increase adoption of these technologies to enhance fraud detection.
With the explosion in mobile banking, and as banks get better at identifying fraud online, mobile banking fraud is growing: it increased 20% from 2017 to 2018. As the popularity of mobile banking grows, threats will only get more dangerous.
We’re witnessing some of the most dangerous attacks in mobile, including overlay attacks, SMS phishing scams and SIM swap fraud, which rose by 63% in 2017. With new and old threats to mobile devices and applications appearing daily, banks and FIs must increase their efforts in securing the mobile channel.
Mobile app shielding technology can secure and proactively protect individual banking apps from increasingly innovative threats and malware as it can prevent the injection of malicious code before it can cause damage. In addition, gaining more visibility into mobile users through behavioral biometrics and other contextual data will also help shore up a bank’s defenses against mobile fraud.
Frequent data breaches are exposing personally identifiable information (PII) across the web are a major contributor to fraud losses. Breaches make it remarkably easy for fraudsters to use and cross-reference stolen information to commit account takeover fraud (ATO) and new account fraud (NAF).
For example, cases of card ID theft, made up of card application fraud and card account takeover fraud, increased by a massive 119% in 2018. And whilst banks cannot control external breaches, they must prioritise better detecting the types of fraud that these breaches make possible.
The good news is we’re seeing huge developments in the methods used for verifying the identity of someone conducting remote digital transactions. More and more banks are implementing risk analytics, powered by AI and machine learning, that analyses thousands of transactions in real time, alongside device, geographical and behavioural data, to build up a profile for a customer to identify potentially fraudulent transactions.
Fraud prevention and detection continues to make huge strides in the UK, but we’re not out of the woods yet. As fraud becomes more digitally complex, and with significant sums at stake for both consumers and FIs, risk-based systems are crucial for banks to adequately defend against attacks and to be in with a chance of bucking fraud trends once and for all.