In the very first half of 2022 criminals stole as many as lb753.9 million, which is a 30% increase from the same time last year. The report from UK Finance, also highlighted that advanced security systems utilized by banks prevented an additional lb726 million being taken, but it's still clear that these criminals are evolving at pace, seeking out new opportunities and infiltrating any gaps they find in scalping strategies.
Since the Pandemic began there has been increases in card fraud, synthetic identity theft, account takeovers and recruiting money mules to pass through stolen funds through their accounts. It appears that authorised push payment , whenever a customer is tricked into authorising a payment to an account controlled with a criminal, was the region that saw the biggest increase of 71%.
It is very apparent that fraud isn't going away, so banks and fintechs need to strengthen their existing automated systems. So, the million-dollar real question is what is the the easy way outsmart these tech-savvy criminals who're out for everything they are able to get?
What is needed is financial automation oversight, a set of AI powered technologies and processes that may effectively and efficiently supervise modern financial systems instantly. Artificial intelligence and machine learning systems excel at fraud prevention, as they identify subtle trends within the cybercriminals approach which helps a three-fold impact:
- Predict – today's AI powered solutions can identify advanced fraud and manipulation earlier and faster by looking for inconsistencies and high-dimensional correlations in data. Continual gaining knowledge from such behaviours ensures improvements in modelling efficacy.
- Detect – financial automation oversight engines are skilled at identifying previously unidentified vulnerabilities and gaps in third-party systems which are ripe for exploitation by higher level criminals. They recognise new patterns of monetary crime because they emerge, with millisecond latency.
- Deter – where fraud is identified, a treatment strategy must be implemented, such as an elevated challenge or re-validation of identity. This narrows the main focus of when human intervention is needed by prioritising and contextualising alerts, thus improving the role of monetary crime analysts.
The main regions of vulnerability in the customer journey that need to be protected are onboarding identity integrity and ongoing transaction integrity.
In the general onboarding process, identity validation is the initial step to ensure a job candidate actually exists. Next is verification, which links that individual towards the information they have provided in the validation stage. In many automated workflows you will find risks from forged or manipulated documents that support the customer journey in online lending, trading, insurance, financing, factoring and payments.
In fact, 1-20% of documents within the application and onboarding process can be susceptible to manipulation, such as forged bank statements, modified invoices and amended pay slips. By protecting automated processes which use unauthorised documents from third-parties, banks can be sure that all digital documents are genuine.
Once a name continues to be validated, by no means a trivial task involving both the initial authentication and subsequent verification – identity data becomes somewhat static through out the transactional relationship, however even a validated identity could be taken over.
Continuous assessment of transaction integrity typically needs a 360-degree view of each and every customer-merchant transactional interaction. A customer's behaviours and actions inside a session, across sessions and between sessions may hold clues to financial crime through anomalies in behaviours, device characteristics, internet provider, contact details, geo-locations, spikes of related activity or unusual switching between closely related activities. If anomalous behaviours perpetrated by human or robotic actors can be recognised, emerging attacks can be handled before any losses occur.
Failing that, attacks in progress might be recognised by reasoning about transactions in the context of similar transactions. However, given the goal of a frictionless customer experience, these interventions will need to take place with minimal latency even at scale.