Fraud prevention is becoming one of the biggest areas of concern for the financial services industry. But first generation Fraud Management systems are falling short. By moving towards more enterprise approach to fraud management, financial institutions can combat the increasingly treacherous fraud and cyber crime landscape while reaping numerous benefits for the organization.
3. Introduction
In the digital age, the implications of financial crime against
financial services institutions and their customers have become
ever more significant. Fraud prevention now represents one
of the biggest areas of concern for the financial services
industry and is likely to become one of the largest drivers of IT
expenditure in the coming years.
Typical organizations lose 5% of revenues to fraud each
year, with banking and financial services, government and
manufacturing industries most commonly victimized.1
The
digital economy and the rise of cyber crime create an even
greater level of vulnerability for banks and other financial
institutions. In Europe, online banking fraud increased by 12%
in just one year.2
According to a study by Federal Deposit
Insurance Corporation, cyber thieves cost U.S. organizations
more than $15 billion over five years.3
In the U.K., in the first six
months of 2014, losses on remote banking fraud rose to £35.9
million, up 59% from 2013. Online banking fraud comprised
£29.3 million of that total, up 71% from 2013.4
In total, potential
projected global fraud losses related to occupational fraud
reach more than $3.5 trillion.5
While direct losses due to fraud are staggering, the actual
cost is much higher in terms of loss of productivity, loss of
customer confidence and attrition, not to mention losses due
to fraud that goes undetected. Attacks against operational
systems and infrastructures such as e-business, e-commerce
or industrial systems can result in direct loss of business
or revenue. Interception of electronic communications and
intrusions into information systems can result in massive theft
of sensitive corporate or customer information. Loss or leakage
of confidential or personal data can cause serious harm to a
firm’s reputation and lead to lawsuits and financial penalties.
This pressure on banks from fraud and financial crime comes
at a time when financial services organizations must deal with
a new and expanding regulatory environment. Regulators are
demanding that financial institutions hold more capital and
measure and manage risks more efficiently by demonstrating
to regulators that they have active programs to prevent fraud
and financial crimes such as money laundering. The European
Central Bank’s recommendations for the security of Internet
payments, due to come into effect in February 2015, is just
one example of the many new guidelines with which banks
must comply.6
A combination of new regulations and stringent
enforcement will require financial institutions to demonstrate
to both management and regulators that they possess sound
financial crime risk management systems.
1 2012 Global Fraud Study, Report to the Nations on occupational Fraud and Abuse, Association of Certified Fraud Examiners
2 Annual Fraud Indicator 2013 by National Fraud Authority, UK
3 “Bank security: Thieves down the line,” Joseph Menn, Financial Times, Jan 2, 2012
4 “Customers Urged to be Vigilant as Fraudsters Increase Scam Attacks,” Financial Fraud Action UK, 12 September, 2014
5 2012 Global Fraud Study, Report to the Nations on occupational Fraud and Abuse, Association of Certified Fraud Examiners
6 Recommendations for the security of internet payments, Final version after public consultation, European Central Bank, 2013
3
the way we see itBanking
4. First Generation Fraud
Management is Falling Short
The increasing significance of fraud and cyber crime is taxing
first generation fraud management solutions and placing
pressure on many banks’ fraud management capabilities. As
financial institutions have grown larger, managing multiple
portfolios and related business lines across multiple channels
has made fraud detection more difficult. Many solutions are
focused on only one channel or type of crime. Disparate
transaction systems and multiple systems of record make
realizing the true scope of the problem and measuring the
success or failure of existing fraud defenses a challenge.
Current systems and processes are reactive to fraud once it
has occurred and fall short of taking proactive steps to combat
cross-channel behavior.
With the level of sophistication of fraudsters increasing, many
fraud detection systems are no longer effective enough at
identifying fraud.
While rules-based systems are good at spotting recurring and
known fraud patterns, too many legitimate customers can also
be flagged and fraudsters can use trial and error to discover
ways to circumvent the system.
Financial institutions must carefully balance fraud identification
and loss prevention against the customer satisfaction that
results from fast processing of transactions. Furthermore,
too many false positives, inefficient investigative processes,
and lack of speed in transaction authentication all drive
up operational costs, as financial institutions are forced to
increase spending on financial crime risk management against
sophisticated attacks.
The combination of organized crime, global terrorism, and
new and ever-changing types of fraud – in addition to
increased regulatory requirements – have led financial services
organizations to pursue new techniques for preventing and
detecting illegal activity. In fact, for many financial institutions,
a move to a new fraud management system is vital. Failure to
give this area proper attention brings financial, reputational,
and punitive risks.
Financial institutions can effectively
perform Enterprise Fraud
Management in a centralized
or decentralized manner. A
decentralized approach sacrifices
operational efficiencies and customer service, while
a centralized function can make for more efficient
operations, hold one area fully accountable for the
function, and extend a career track to employees,
yielding greater dedication and productivity.”
“Enterprise Fraud Management:
Still Evolving After All These Years”,
AITE Group, May 2014
4
5. Five Emerging Trends Driving the
Next Generation of Fraud
Management
Forward thinking banks are evolving their fraud management
systems from a level of stand-alone basic detection to one
of enterprise predictive risk assessment, integrating big data,
advanced analytics, and real-time functionality as well as
customer experience. These new solutions capitalize on five
emerging trends in fraud management.
1. A centralized approach to fighting financial crime
To both increase efficiency and improve the effectiveness
of fraud detection and prevention, an increasing number of
financial institutions are implementing solutions that cover a
broad spectrum of financial crimes from cyber-security to fraud
and anti-money laundering. Integrated solutions enable firms
to more easily leverage information and more efficiently comply
with numerous evolving regulatory requirements. Centralized
operations help to break down silos across business units and
channels. Furthermore, maintaining data and infrastructure
security and updating fraud management systems with new
rules, statistical models and acquired knowledge becomes
easier and more efficient with centralized systems.
2. Use of more real-time data and monitoring
Several financial services institutions are no longer content
with just using regular transactional data to fight fraud. They
are also looking at external information obtained from third
party vendors and intelligence from social networking sites
to improve their fraud detection capabilities. They are further
enhancing information credibility by integrating disparate data
sources, regardless of format (including unstructured text like
notes fields in call center files). By using data across all of a
customer’s accounts and transactions they are able to better
monitor the behavior of individuals to incrementally detect
fraud and reduce false positives. Solution can be integrated or
on-demand, providing 100% real-time scoring of all transaction
types and giving clients full coverage for fraud detection.
3. Use of advanced analytical techniques
New fraud solutions incorporate a hybrid of advanced analytics
to uncover hidden relationships, detect subtle patterns of
behavior, prioritize suspicious cases and predict future risks.
Each technique is powerful when used in isolation but when
combined in a hybrid approach they enable fraud analysts
to identify the targeted transactions, entities and potentially
fraudulent networks through multiple organizations. Some of
these techniques include:
• Out of pattern analysis, which compares customer activity
with peer group behavior, and also with the customer’s own
past behavior, to identify outlying transactions.
• Linkage analysis, which identifies other entities associated
with known types of fraud, as well as practices used by
fraud-linked entities, and develops strategies to counter
these practices. Sometimes data on social networking
activity is included in this type of analysis.
• Model development, which includes fraud-scoring tools and
detailed statistical analytics to provide quantitative insight
into possible fraud activity.
• Rule development, which involves creating and applying
rules for basic business activities to spot unusual trends, as
well as specialized rules for specific transactions.
5
the way we see itBanking
6. Fraud detection with a rapid
return
One large bank which took a
single platform approach to address all financial crime
benefited by being able to analyze transactions and
customer activity, develop new models and tune existing
models to improve fraud detection efficiency, and create
reports. The bank has detected twice the level of check
fraud than it did with its legacy system, increased Internet
banking fraud alerts by 60%, and improved check and
Internet fraud loss-to-turnover ratios by 50% and 80%,
respectively, compared with five years ago.”
4. Next generation authentication
Financial institutions are improving their ability to combat cyber
crime by securing transactions through a new generation
of authentication, such as biometric authentication enabled
through mobile technology. This can improve security while
creating competitive advantage by meeting consumers’
expectations for products that are both simple and secure.
5. Future proofing against new fraud risks
New fraud risks are constantly emerging. For example, the
increased adoption of mobile devices has been accompanied
by a proliferation of malware with the ability to infect mobile
phones. The variety of mobile devices being brought into
the work environment has made it nearly impossible for
organizations to mandate the use of a specific brand to
maintain standards, leading to increased risk in the form
of data theft, rogue applications, and data ownership. It is
imperative that fraud management solutions include proactive
approaches to fraud detection analytics to future proof against
unforeseen risks.
The Maturing of Anti-Money
Laundering Controls
New regulations and guidance
have identified many shortcomings
in banks’ existing approaches to
AML controls. In fact, new regulations and the levying of
significant fines demonstrate that AML is no longer an
operational numbers issue, where every alert is worked
and volumes managed. Financial institutions need to take
a true risk-based approach, applying new capabilities
and technologies to meet the evolving regulatory
environment.
Enterprise Fraud Management
Advanced analytics methodologies
Fraud Monitoring & Detection Fraud Management Actions
Decisions
Alert
Management
Data
Notifications
Customer View Internal Data
Unstructured data – Social Media,
Call Centers etc.
Credit Bureau, Fraud Vendors,
Watch Lists
Customer View External Data
Customer View Transaction Data
Artificial Neural
Networks/
Pattern Recognition
Account Opening
Decisioning
Customer
Level Fraud
Management
Transaction
Fraud Monitoring
Device Tracking
Offline
Entity
Link
Analysis
Adaptive
Analytics,
Rule based
Models
CaseManagement
Reports/Dashboards
Analytics
Big Data
Lending
Cards
Banking
Other
Relationships
Phone
Banking
ATM
Internet
POS
Other Channels
6
7. The emergence of advanced analytics is changing
the paradigm of how companies monitor risk. High
performance analytics enable users to run more
rapid, comprehensive analytics to visualize the flow
of funds as patterns emerge. Processes that used
to take 6 to 12 hours can now be run in minutes or
seconds, transforming an institution’s ability to identify
risk exposures and implement controls more quickly.
Advanced analytics enhances the quality and accuracy
of the detection process by allowing analysts to simulate
strategies, enabling organizations to reduce false
positives and increase operating efficiency.
Next generation approaches to anti-money laundering
embed advanced analytics into four risk assessment
components:
• Customer risk assessment: Using detailed
information and transaction activities which
are collected at the time that an account
is opened, to investigate all aspects of the
customer’s profile
• Transaction risk measurement: Identifying
and filtering account related transactions
that pose the greatest risk for potential
money laundering activities
• Behavior detection technology: Using
specific technologies that are able to detect
suspicious patterns of behavior that may be
hidden beneath large volumes of financial data
• Workflow and reporting tools: Using
tools that will assist in alert investigation
and compliance reporting
Several leading banks are now coordinating AML as a
whole to provide efficient implementation and tangible
business value.
For one large North American bank, combining fraud
and AML paid dividends in transaction monitoring.
An independent assessment of the value of fraud
prevention estimated that for every dollar invested in
the bank’s enhanced AML fraud capabilities (including
implementing a leading vendor solution), $27 in fraud
was prevented. Currently the bank prevents 97% of
attempted fraud.
A large French bank rolled out AML/CTF across 17
European countries via a centralised program. A central
team conducts investigations on behalf of subsidiaries
across Europe and feeds back only those cases requiring
hands-on investigation by local AML officers. In this way,
the bank was able to continuously improve its processing
and standardise its risk based approach at a Group level.
Looking to the future as AML controls mature, banks and
their regulators can be confident the organization has the
means to actively detect money laundering and that its
systems have the flexibility to be quickly modified as new
threats emerge.
Why Banks Must Adapt
When combined, these five trends outline the capabilities that
will define the next generation of enterprise fraud management.
By moving toward more modern fraud management, financial
institutions can combat the increasingly treacherous fraud
and cyber crime landscape while reaping numerous benefits
for the organization. New solutions provide faster and more
effective fraud detection and higher visibility of exposure across
channels. Companies have achieved increases in detection
rates from 50% to 90%, while reducing overall alerts from
tens of thousands to under 100. This increased effectiveness
results in reduced financial loss due to fraud and leads
directly to improved financial performance and greater value
for shareholders.
A new approach to fraud management also protects a firm’s
brand and reputation, leading to greater trust among customers.
Faster response times and a reduction in false positives – with
some companies experiencing up to 95% improvement in false
positive rates –improve customer satisfaction and retention.
With “stickier” customers, firms have greater opportunity to
cross-sell and expand the customer relationship.
Finally, next generation fraud management reduces total cost of
ownership for a firm’s fraud solutions by consolidating disparate
systems, enhancing staff productivity and reducing the total
cost of anti-fraud activities. Companies have significantly
improved investigator efficiency and achieved huge efficiencies
in processes such as credit approval.
Fraudsters will always be working to find new schemes to
commit fraud and other financial crimes. In this digital age,
the importance of fraud prevention and detection will only
increase in significance. As they consider new processes and
solutions to fight financial crime, financial institutions that adapt
to capitalize on these emerging trends will be well poised to
mitigate risk and generate a more substantial return on their
investment.
7
the way we see itBanking