The COVID-19 pandemic has brought unprecedented changes and challenges for Financial Services. More than ever now, people are reliant on digital payments and new payment technologies for transactions. And keeping up with the trend, fraudsters are continuously finding creative ways to perpetuate their scams. Financial services must adopt more effective fraud detection and prevention strategies.

OpenGov Asia had the opportunity to speak with Ian Holmes, Global Lead for Enterprise Fraud Solutions, Director, SAS to gain his insights on fraud detection and prevention strategies in financial services.

Having joined SAS in 2011, Ian’s global role is to provide fraud expertise to drive the product enhancement; pre-sales and business implementation of the banking fraud solution globally.

Ian’s fraud expertise is pivotal in retaining SAS’ recognition and reputation in the industry by customers and analysts; supporting marketing initiatives and strategic collaboration with key third party vendors. His career developed from the ‘ground up’ to embrace a customer focussed approach alongside analytics and strategy.

Why is There a Rise in Scams?

As people are staying and working at home, it provides a prime opportunity for fraudsters to infiltrate people’s lives remotely.  Free time and the promise of additional income is a great opportunity to gain the attention of the new victim.  Scams probably represent one of the most diverse ranges of modus operandi, in some way they involve a deceived individual.  

From a payments fraud perspective, such scams are considered within the area of banking fraud.  Most typically in today’s world, this is achieved through remote activities by the fraudster offered by digital devices. The spike in malware and phishing initiated through emails, phones and even SMS also expose us to the risks of fraud.

As recently as 2017, UK Finance, the industry body which reports on all banking fraud types, introduced a new measure covering Authorised Push Payments.  This category specifically cites the genuine account holder being involved in the payment. In this category, both volume and value are increasing dramatically.

Acknowledging that genuine customers are involved, banks are having to invest more in the prevention of this type of fraud.  At a minimum, this can be due to reputational risk.  However, in the UK, the Payment System Regulator introduced a voluntary code. The Contingent Reimbursement Model, which has now been effective for a year, makes Payment Service Provider (PSP) liable under certain circumstances.  This has increased the cost of doing business for a bank – meaning a capable fraud detection solution is going to be key.

What Banks Need to Do to Combat Fraud

Ian explains that independent of the reasons, the fraudsters are certainly on the winning team and losses are escalating. Organisations need to manage risks during the movement from traditional payment methods to the new digital options. Additional channel data that the devices of today offer along with advanced analytics can be very beneficial to overcoming digital fraud and financial crime.

Financial institutions (FIs) need to understand all payment entry points. Protecting these entry points from digital fraud can be quite complicated and tedious. The critical first steps are to start processing all data streams in real-time and to combine identity and transaction monitoring to not only identify fraud as it occurs but to prevent it even before it takes place.

The financial services industry as a whole needs to boost the utilisation of available Artificial Intelligence and machine learning technologies.  Since the start of the pandemic, financial institutions have tirelessly innovated to meet customers’ needs for flexibility and immediacy. Now, with SAS’ proven technology and expertise, they must redefine how they protect themselves and their customers from the associated risks.

Ian believes that in the digital environment we live in today, the use of channel data will be pivotal for real-time analytics and automated activities within businesses. The level of needs may vary from industry to industry but they will be important to all businesses to counter fraud and make insightful strategic decisions.

Customers now expect digital services with seamless interaction. Financial services need to be meticulous in their fraud prevention while reducing false positives at the same time to improve customer experience. The number of scams is extensive, examples include romance and investment scams. The typical processes which protect other fraud types are undermined by the fact that authentication and verification of payments from a scam perspective will be validated by the deceived customer when prompted. This is very different from the immediate feedback which would come from a situation where the customer had no awareness of the activity.

Considerations include:

• Anomaly detection and beneficiary profiling are key real-time capabilities. For example, Advanced Analytical scoring and link analysis of the beneficiary can be key indicators – mule account propensity models have been used and there is no reason why this principle cannot be expanded to identify accounts used by fraudsters
• Industry initiatives such as the beneficiary validation services. This is currently being offered in the UK and allows checking of the account details and validating these this gives confidence from the consortium perspective.
• When confirming suspicious payments with customers then alternative validation is required.
• Transaction level authentication will help to exclude specific third party fraud scenarios – this is especially true for commercial payment where multiple levels of authorisation should be included.

Increasing Customer Experience

For an overall better and more secure customer experience, digital fraud management requires an approach with a faster response to new threats to reduce false positives. Using this approach, businesses would be making faster, better informed risk-based decisions across the entire organisation. Moreover, an end-to-end fraud detection and prevention solution supports multiple channels and lines of business, enabling enterprise-wide monitoring from a single platform.

Such a solution simplifies data integration and enables FIs to combine all internal, external and third-party data to create a better predictive model tuned to the organisation’s needs. Bringing together this data on a single technology platform gives the flexibility to scale up or out as the business changes, and respond faster to new threats as they arise.

Data analytics and machine learning solutions can enable the monitoring of payments as well as non-monetary transactions and also events, thus enabling businesses to identify and respond to unwanted and suspicious behaviour in real-time. Embedded machine learning methods detect and adapt to changing behaviour patterns, resulting in more effective, robust models.

Key technology components let banks easily spot anomalies for each customer. In-memory processing delivers high-throughput, low-latency response times (even in high-volume environments) – enabling FIs to score 100% of transactions in real-time. Data without analytics is intelligence not realised and monetised, which means businesses are unable to operate at their optimum capacity.

Thus, organisations must understand the value and significance of data analytics in this fast-paced digital world. Organisations that want to survive in today’s competitive market need to build the right infrastructure and adopt the right practices across their infrastructure.

Key Trends in Financial Services

Payments fraud has historically been a third party fraud issue.  Although the use of machine learning, rules and operations processes are still valid, scams require a different view of payment account activity than is typical with a bank’s processes.  Because of this, there is often a complete review required of the risk management framework in place at banks and how it is applied to fraud detection.

Without technological and operational improvements, the global rise of digital fraud will surpass the losses associated with counterfeiting magnetic stripe payment cards. A and SAS suggests this digital shift is also fuelling a multibillion-dollar fraud surge worldwide.

These are key trends that Ian is seeing in the market:

1. Digital payments present an escalating global risk.

• Though prevalent payment technologies vary by region, fraud trends have significant commonalities across geographies.
• This indicates that criminals coordinate and share information more openly than do FIs, giving them a significant advantage in thwarting fraud controls.
• Cross-border fraud is increasingly common.

2. Digital fraud is increasing in frequency and sophistication.

• Fraudsters and criminal networks’ arsenal of tricks are becoming as advanced as the technologies used to detect their activities.
• Social engineering, phishing and identity schemes, and the breadth of digital payment methods are shifting the odds in the bad guys’ favour.

3. Layered technology and analytic capabilities are needed to identify overlapping threats in real-time.

• The complexity of criminals’ attack vectors demands a layered approach to preventing and detecting fraud, while also providing a means to orchestrate strategies and investigation activities.
• Automated actions and predictive case management powered by AI and machine learning can help reduce reliance on human resources.

4. Data is critical.

• Using data for real-time analytics and automated actions will be crucial to thriving in this new digital normal.

Big Data Analytics in Financial Industry

Digital fraud is increasing in frequency and sophistication. Fraudsters and criminal networks’ arsenal of tricks are becoming as advanced as the technologies used to detect their activities. Social engineering, phishing and identity schemes and the breadth of digital payment methods are shifting the odds in the bad guys’ favour.

Organisations should be aware that new payment mechanisms are especially targeted due to ineffective risk mitigation controls at launch. Layered technology and analytic capabilities are needed to identify overlapping threats in real-time. The complexity of criminals’ attack vectors demands a layered approach to preventing and detecting fraud, while also providing a means to orchestrate strategies and investigation activities.

Automated actions and predictive case management powered by AI and machine learning can help reduce reliance on human resources. Data is critical. Using data for real-time analytics and automated actions will be crucial to thriving in this new digital normal.

Capabilities will vary based on technological maturity, but organisations at all stages have a common need for as much real-time data as possible to make effective decisions. Importantly, deploying cloud infrastructure for fraud management systems boosts data ingestion capabilities.

How can Banks Manage Fraud in CryptoCurrency?

Crypto is currently ungoverned and uncontrolled, it is ripe for abuse. And therefore Fraud and Financial Crime is always going levitate towards any such exposure.  Ian has seen in this region the combination of the proceeds of fraud and money laundering being converted to cryptocurrencies offer an alternative to the principles of Money Laundering and the underlying placement, layering and integration necessary to support this criminal activity.

Crypto and the underlying Distributed Ledger technology, undoubtedly brings a great deal of additional security in principle but always it’s the endpoints and the consumer who are the weakest link.  From a fraud perspective, Ian does not think the fraudsters are needing to be too innovative currently, they are focussed on  committing Account Takeover (ATO) and hacking to steal.

Why SAS?

Ian believes that SAS is creating the future of our interactions with data, analytics and AI – delivering an innovative system for a more intelligent, responsible and safer world.

To transform a world of data into a world of intelligence, organisations need to empower and inspire everyone with the most trusted analytics. SAS do this by bringing the capability to curiosity so people and organisations can drive progress – making better decisions and improving lives.

1. Better Together – SAS develops strategic partnerships, open integration and drive collaboration in communities and industry. Through developing leading innovations together, SAS creates positive change.
2. For Everyone – SAS brings together creators and consumers and give access to data and insights through analytics that adapt to people. SAS does this through simplifying model development, providing end-to-end analytics capabilities and driving responsible and transparent AI.
3. Everywhere – SAS’s cloud-native platform drives digital transformation, unleashing value from data analytics wherever it resides, from the cloud, on-premise or coming off the edge in sensors and devices.

How SAS Determines the Best Strategy for Effective Fraud Detection

• Security by design

This is not a bolt-on option to a financial instrument, it’s the core battleground for consumer adoption and recommendation – 83% of millennials would change the bank account for better CX. Security is not locking the doors, nor is it raising the bar so high you inflict overdue pressures on your good clients and operational staff. It is using all the intelligence available to ensure you can correctly identify risk, and seamlessly move to the correct challenge response – visiting the branch with physical ID is not an option in COVID-19 times, but even before, you are likely to lose a customer.

• Data

While SAS controls the use of personal data  FI’s should all be very aware of the provisions for fraud detection and maximise the use and analytics using relevant data. SAS can ingest and process in real-time both internal and external data which can all add to understanding the traits of normality or not. Establish clear fraud definitions and continuously question the value of data and the quality of AI decisions.

You need to orchestrate and adapt using external providers which add value to the ability to trust an interaction, analytically led examination understanding the value both positive and negative allow for better decisions for your business and customers, given the ability to leverage various data sources and change both a waterfall of events and enrich certain decision points is the right way to make those decisions.

• Consortium Intelligence

Use the intelligence from wider networks, share and syndicate fraud reporting. Experience is a competitive issue – fraud needs a concerted intelligence sharing on a real-time basis, use systems such as innovation which enables sharing with minimum personal data facilitating a common language for the exchange of fraud data

To handle digital fraud, businesses need more than just standard analytics. They need to implement adaptive techniques including AI and machine learning, supervised machine learning, unsupervised machine learning, network analysis and text analysis. All of these technologies form a powerful force for improving both the accuracy and efficiency of fraud detection. It only makes sense to bring fraud, Anti Money Laundering (AML) and cyber functions together.

Here are key considerations of a strategy for an effective defence using analytics:

• Converge fraud and AML programmes. Centralise insights from multiple sources, including cyber-event data, for more complete customer risk assessments in a broader context.
• Establish consistent business processes. Intuitive workflow and case management support more efficient investigations, faster resolutions, fewer false positives and higher productivity.
• Reduce false positives. Advanced analytics and machine learning can reduce such anomalies so investigative analyses can focus on the cases that pose the most risk to the organisation.
• Intelligently prioritise alerts for triage, investigation and disposition. Advanced analytics can let defenders quickly see areas of interest and where to focus first.
• Leverage interactive visualisations. Investigations can be more targeted and conducted more efficiently through the use of interactive graphics and tables. Import, search, filter and visualise the results in different ways to reveal patterns, people and events hidden in complex data.
• Easy report generation. Findings can be documented with screen captures, analyst notes and images and advanced reporting that presents data to stakeholders and decision-makers much more impactful.

The Future of Fraud Prevention and Management

The pandemic has opened Pandora’s box of global fraud. Based on a recent survey (Association of Certified Fraud Examiners (ACFE) and SAS) responses from nearly 900 ACFE members worldwide, the 2022 Anti-Fraud Technology Benchmarking Report illuminates how organisations across sectors are using technology to fight fraud.

More than 40% of respondents reported accelerating their use of data analytics significantly (14%) or slightly (29%) amid the pandemic. The majority (60%) expect their anti-fraud tech budgets to grow over the next two years. Advanced analytics topped the investment list, particularly artificial intelligence (AI) and machine learning (cited by 26% of respondents) followed by predictive analytics/modelling (22%).

Analytics is an indispensable fraud detection tool. When asked about their use of analytics, nearly all survey participants indicated their organisation’s use of data analytics was beneficial in helping them:

• Boost the volume of transactions reviewed or suspected fraud cases identified (99%);
• Timeliness of their anomaly detection (98%);
• Efficiency in automating time-consuming tasks (98%); and
• Overall accuracy in reducing false-positive rates (97%).

Data-sharing consortiums are gaining momentum. Internal structured data sources remain the crux of most organisations’ anti-fraud analytics initiatives (cited by 80% of respondents), but many are also tapping a variety of external data sources, including:

• Public records (41%),
• Law enforcement or government watch lists (31%),
• Social media (29%),
• Other third-party data (25%), and data from connected devices (25%).

Organisations are using a variety of emerging technologies to fight fraud. The report highlights the growing use of technologies like physical and behavioural biometrics, computer vision analysis, robotic process automation (RPA), blockchain, and virtual and augmented reality.

Current use of these technologies ranges from:

• 7% (virtual/augmented reality) to
• 34% (physical biometrics) of surveyed organisations.
• Among respondents from organisations not using particular emerging technology,
• 13% (virtual/augmented reality) to
• 19% (RPA) expect to deploy it within the next one to two years.

Technology and SAS Cloud/SaaS is making deployments quicker and easier. Cloud capability is making updates and new functions available. Digital data such as identity, biometrics and user behaviours are becoming key.  Although the level of data is massive, it’s all for the great good and is helping to make our lives safer.