BAI pegs top FI fraud threats, security strategies

To counteract the flood of attacks by fraudsters employing diverse and sophisticated tactics, financial institutions must be more nimble in addressing malware intrusions, exploitation of web-facing vulnerabilities and illicit access gained via third parties. That is according to a BAI Banking Strategies report, Fraud and cybersecurity: Staying steps ahead, which delves into the top cyber threats to FIs and strategies for diffusing them.

Among the threats cited, state actors, especially North Korea where state-sponsored hackers allegedly breached the SWIFT banking messaging system, are actively targeting victims in the Americas, Europe and Southeast Asia. Card skimming, and more recently jackpotting, threaten ATM security. Fraudsters posing as technicians are able to crack into ATMs using a generic key to retrieve cash at an estimated rate of 80 bills per minute.

Another serious threat is the exploitation of FI call centers, which handle approximately 36 billion interactions yearly and now account for nearly two-thirds of FI fraud. Last year, call center fraud represented $14 billion in fraud losses to FIs, the BAI noted, adding that in many of these incidents the contact centers were lightly defended.

Also on the rise is synthetic fraud, which involves fraudsters creating fake identities using untraceable Social Security numbers to defraud institutions. Rounding out the top five cyber threats is the exploitation of artificial intelligence, putting FIs on the defensive in terms of tracing and reacting to new forms of abnormal behaviors.

"It's a form of asymmetric warfare with the fraudster choosing the time, place and magnitude of their attacks," William Griffith, Senior Industry Consultant, Financial Services, Think Big Analytics, a division of Teradata Corp., wrote in the report. Thieves also create fake identities stringing together segmented information from actual people, such as date of birth from one person, the contact information of another, and so forth, the report noted.

Data security best practices

In the BAI report, data security experts weighed in on how FIs can improve data security protection. One basic approach they suggested is to limit the amount of data used for analysis. Other measures included securing end points, constant surveillance of network systems and damage control once a breach has been detected.

The report also recommends eight steps designed to supercharge fraud detection techniques, which are summarized as follows:

1. Perform holistic cross-channel monitoring: Isolated transaction monitoring systems may flag a transaction, but without a full view that spans the entire network of potentially related customers, hidden risks that threaten multiple systems may go undetected.

2. Deploy hybrid analytics: Single techniques or models for detecting fraud have proven less effective against more advanced forms of fraud. BAI recommends blending multiple analytic techniques from different disciplines and developing appropriate business rules.

3. Adopt machine learning: More experienced fraudsters can circumvent rules-based models, whereas the algorithms applied in machine learning are better able to adapt to changing behaviors and single out potential threats.

4. Build transparency into systems: Machine learning outputs require interpretive analysis. To accommodate this, BAI recommends a scorecard, or a set of visuals or auto-generated content that highlights data and insights on potential threats.

5. Manage model performance: As the fraud landscape shifts, so must analytical models. It's imperative that FIs monitor model inputs and outputs and results to identify potential weaknesses. BAI suggests testing challenger models for comparative analysis purposes.

6. Prospect for patterns: BAI advises FIs to look for new patterns identified by machine learning, test new hypotheses to validate existing hypotheses and adjust to emerging threats flagged as anomolies by machine learning to harden systems for the future.

7. Automate investigative process: To be effective, analytics-driven fraud solutions should incorporate enriched alerts with details on associated accounts and customers, prioritize cases, prepare suspicious activity reports and cull data from various databases.

8. System above sequence: Fraud detection and investigation integrated as a continuous feedback loop can monitor all processes and track events, decisions and actions as part of an ongoing cycle, rather than as individual pieces from disparate systems.

A final note in the research pointed to the continued value of checking accounts, which today are maintained by more affluent, loyal accountholders. While check fraud accounts for 35 percent of total fraud losses for FIs, the opportunity to cross-sell and optimize channels will continue to be integral to banks even in the digital age, the BAI noted.

To view the full report, visit info.bai.org/executive-report-fraud-cybersecurity.html?_ga=2.96692895.1629862793.1527095160-1136838619.1527095160.

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.