How Asian banks are fighting fraud with big data and analytics (Part 2)
Which types of systems can minimise losses from fraud attacks?
In the first part of the two-part series, we explored the rising importance and prevalence of big data and analytics to combat fraud. In this second part, we explore the cutting-edge solutions in big data and analytics and even beyond to software security that analysts believe are essential to keep up with evolving fraud attacks.
It is very difficult for banks to prevent fraud entirely, which is why it is also critical to set up systems that minimise losses from fraudulent transactions, also with the assistance of big data and analytics technology.
Some banks in Asia are now using a combination of blockchain and cognitive analytics to prevent losses from duplicate document financing, says Yashesh Kampani, head of financial services, IBM ASEAN. Others are also using a combination of blockchain and advanced analytics for perpetual know your customer (KYC) monitoring for compliance and fraud prevention.
“Detecting fraudulent transactions in real time can be done through the implementation of a real time data management function that authorizes up to 10,000 transactions per second using pre-configured decision models that are constantly updated,” says Kampani.
“Propensity for fraud is determined through advanced contextual analytics by combining all available data about any individual or entity in real time in a unique ‘resume’ which can be used to generate a ‘score’ for transactions, individuals or entities that should be investigated,” he adds.
Network analysis
Once banks investigate customers and discover that they have indeed conducted a fraudulent scheme, the intelligence can then be used to conduct network analysis to correlate the results with the rest of the bank’s portfolio, according to Chrisol Correia, director, market planning at LexisNexis Risk Solutions. This allows banks to find other risky parties within their customer portfolios and, soon, might even be shared between banks to further enrich each other’s network analysis.
“By knowing a known fraudster banks can identify other unknown bad actors within their portfolios. Imagine if this sophisticated analysis is done across peer banks where banks can cross-reference each other’s data to identify bad actors at the individual level as well as the fraud rings with which individuals are involved. Very powerful technology actually is being used to accomplish this,” says Correia.
Correia reckons there is rising interest across the region in the cost efficiencies and compliance benefits of using anti-money laundering (AML) technology through a utility model. Banks are looking to set up systems that enable them to share information with each other securely with the aim of contributing KYC data for the general good of the utility membership.
“Any one particular bank might have a particular facet of a relationship captured within its KYC data; combining all of the facets held by a community of banks can create data that is more insightful than the sum of its parts,” says Correia. “There is increasing appetite to contribute and use this type of utility in KYC and we expect this trend to gain momentum over the next few years.”
The challenge though for Asian banks is how to hurdle the numerous and diverse regulations in the region to make such a utility model easier and less costly to operate.
“Asia is perhaps the most complex market to protect against financial crimes like fraud, money laundering, terrorist financing and tax evasion. Not only do banks have to know and abide by their native AML and KYC compliance regulations, but they also have to operate within neighbouring-country regulations as well,” says Correia.
Software security
Asian banks must also start looking beyond big data and analytics, and into software security to round out their fraud prevention strategies, especially because attackers are becoming even more intelligent in abusing application and browser weaknesses, says David W. Jones, senior director – global business development at Irdeto.
He reckons that even as the most innovative banks, payment gateways, and e-wallet providers have invested in new services and solutions utilising big data and analytics to fight fraud, and installed robust KYC processes, fraud continues to be a very real and active threat.
“Financial institutions must look at a suite of solutions to provide them with deeper monitoring tools that can detect application and browser tampering at a very early stage, a suite that also has policies that can ensure the integrity of the user’s application and secure exchange with the back-office servers, which house sensitive business and consumer data,” says Jones.
Jones reckons that whitebox cryptography solutions can establish a secure connection from the browser or mobile application to the server, creating a trusted channel for digital commerce and banking. In stressing the need for stronger security to complement big data and analytics, he argues that the $81 million Bangladesh Bank heist was assisted by a lapse in software security.
“Though the methods of the attack are still in review, it is believed that malicious software installed in the bank system was a key culprit in the attack; such an attack cannot be prevented by big data but rather by security software techniques to protect key applications and API. Banks need rich monitoring in place to detect attacks early and execute policies to take action,” says Jones.
“With a clear focus on diversified and renewable security the fraud attack window is greatly minimized – undermining the attacker’s business model,” he adds.
Jones advises Asian banks that are serious about thwarting the emerging breed of hackers and other cyber threats should make security inseparable from the software application and include diverse ‘hooks’ to entangle security, which is uniquely diversified. By doing these, code and data tampering, data monitoring, and attempts to debug the code are intercepted in real-time from the integrity verification process, and ensures attacks are prevented at an early stage.
“Big data, analytics, and risk profiling of transactions has clear value and will continue to expand in mainstream banking and payments. However, considering the evolution of cyber threats and the sophistication of attackers, more robust solutions residing at a deeper application/browser/API level must be seriously considered to mitigate risk,” says Jones. “This achieves a level of fraud prevention far beyond big data and trending analytics.”