The fraud “industry” is increasingly large and sophisticated. Advances in technology have led to an increase in more complex forms of account taking. The emergence of deepfake and voice cloning technologies means that bad actors can now look and look exactly like real bank customers. When used with a customer’s stolen credentials, it makes it nearly impossible for banks and other financial institutions to distinguish between a real user and a bad actor in disguise.
The threat of these advanced techniques is compounded by the fact that traditional fraud prevention methods simply cannot keep up. For example, the use of One-Time Access Codes (OTPs), while apparently an added layer of protection for online banking customers, can actually provide a ‘back door’ for fraudsters to exploit – as shown by the increase in SIM swap fraud and OTP scams.
1) Know your user
The most effective way for financial institutions to detect and prevent fraud is to fight fire with fire, using innovative fraud prevention techniques based on the most advanced technologies available.
One of these techniques focuses on a Know Your User (KYU) approach. In addition to the traditional Know Your Customer (KYC), which seeks to verify the identity, suitability and risks of establishing a business relationship, KYU extends this level of trust with advanced behavioral and biometric data analyzed by AI to really know each user inside and out – post onboarding. The customer data collected from each interaction can then be used to create a BionicID – a unique digital profile – for each user and the bad actors. Then each customer’s online interactions can be compared with their own previous behaviors to precisely identify legitimate users, protecting them from manipulation or impersonation attacks. This approach provides a granular and precise method for determining whether a user is who they say they are and thanks to deep learning capabilities, it becomes even more precise with every user interaction.
2) Protection at every stage of the online journey
The pandemic has accelerated the switch to digital banking. To improve the customer experience, banks have focused on streamlining the process of opening an account to make it as easy and convenient as possible.
Unfortunately, this also made it easier for bad actors to take advantage and carry out fraudulent attacks. Threats in the early stages of integration and connection are driven by the theft of customer identifiers, opening the door to new fraud on the accounts. To stop account hacking attacks, financial institutions must prevent the theft of user credentials. This is where a proactive defense approach is the most valuable. Detecting and stopping malware and phishing attacks before credentials are compromised is an essential first step in stopping account hacks.
In addition, banks must stop bad actors in each step of the customer journey. The best way to do this is to implement a solution that focuses on continuous authentication – check each user at every interaction. This can be achieved by analyzing each user’s BionicID at every step of their online journey – and taking action when abnormal behavior is detected. Fraud analysts can implement automated responses for each level of risk detected to streamline this process.
If a bad smart actor still managed to sneak in and reach a point of transaction, this last step can be protected by combining BionicID data with transactional intelligence, in order to fully understand whether the person carrying out the transaction is who they say they are. In order to identify even the smallest of anomalies, fraud teams must combine each user’s online activity data with historical payment information on a single platform – creating a risk engine that “knows” each user on a truly granular individual level.
Combined with AI and behavioral biometric analysis, this process also helps reduce the number of false positives and negatives – thus reducing the workload for fraud analysts – and ensures a smooth customer experience, as all the analyzes and data collections take place. background, without the need for user interaction.
3) A proactive approach
Finally, complete protection requires always on a proactive, rather than just reactive, fraud response, preventing fraud before it has a chance to happen. Following the lead of the corporate cybersecurity industry, a active defense approach must use hybrid AI systems combined with the latest intelligence from bad actors to automatically detect threats along the online journey and trigger automated responses block threats in real time.
Active defense capabilities can, for example, to prevent a legitimate user to take an action manipulated by a bad actor which would lead to further fraud. These capabilities can also identify fraudulent behavior related to bad actors and prevent them from committing further frauds. Thus, fraud can be mitigated before it occurs, avoiding the associated losses and allowing banks to finally get a head start on bad players and beat them at their own game.
About Ken Jochims
Ken Jochims is Director of Product Marketing at Revelock, a Feedzai company. Ken has over 25 years of enterprise software product marketing experience providing fraud prevention, identity and access management, and IT infrastructure solutions to financial institutions and Fortune 1000 enterprises. Prior to Revelock, Ken worked for Arxan Technology, Neustar, ThreatMetrix, Guardian Analytics, CA Technologies and Apple.
Revelock enables financial services and financial technology companies to reveal and respond to identity theft and identity manipulation attacks online without hampering the customer experience. Protecting more than 50 million banking customers worldwide, the Revelock Fraud Detection & Response (FDR) platform combines behavioral biometrics, network and device assessment with hybrid AI and deep learning to create a BionicID ™ and always know your user (KYU), identify the bad actors. and mitigate risks regardless of the type of attack.