Model behaviour: Using AI to beat financial cybercrime

As the gatekeepers to personal and business wealth, banks and financial institutions are prime targets for cybercrime.  Financial cybercrime attempts are increasingly frequent, costly and highly successful in many cases. According to research and advisory group UK Finance’s report Fraud – The Facts 2021, the sector prevented £1.6bn of unauthorised fraud losses in 2020, approximately £6.73 in every £10 attempted. UK Finance’s Information and Intelligence Unit also helped protect over 2.1 million compromised card numbers in 2020.

Financial organisations have responded to their clients’ demands for greater agility and access through apps and online banking, driven by the need to remain competitive. But this shouldn’t have to come at the cost of security, either during the onboarding process or within existing customer interactions. Regulatory compliance regulations and consumer convenience demands are additional considerations, putting pressure on CISOs to make security investments that correlate with their digital initiatives.

At the same time, the integration of financial and cybercrime has continued at pace. From identity photo and document theft or manipulation, through account takeover scams to the persistent threat of card fraud, cybersecurity weaknesses are being exploited to maximise the effectiveness and impact of financial crime.

Indeed, cyber and financial crime are now inextricably linked, with ‘go to’ cybercrime strategies widely used as a method to generate inputs for financial crime. Whether it’s the theft of identities (including elements such as documents and ID photos), credit card numbers or a host of other assets, bad actors routinely harvest this information and use it repeatedly and effectively online to commit a wide range of crimes.

The challenge created by automation

The rapid expansion and automation of financial services to minimise friction for customers has created new challenges with regard to verification and risk management policies and practices. Evaluating if a digital interaction is authentic now depends on referencing a huge amount of data from multiple sources – everything from geolocation and session behaviours to data from merchants, bureaus, and customer profiles.

Added to which, today’s financial fraudsters are becoming expert at targeting these complex digital environments and are using innovations such as block chain and instant payments against banks and their customers.

Staying ahead of criminals is an imperative. Especially as directives like Open Banking open up third party access to customer data that further heightens the vulnerability of finance firms to fraudulent activities if this process is not appropriately monitored and managed.

Financial organisations spend vast amounts of money protecting their information and IT, yet the automated processes that deliver access to money are often the least protected. Traditional approaches to fraud prevention that rely primarily on human intervention have proved inadequate for preventing the activities of today’s sophisticated digital criminals, who are capable of exploiting vulnerable automated systems at scale.

Real-time identity forensics

Despite financial organisations’ generous fraud prevention budgets, the automated process to access money is often weakly protected.  Combatting fraudsters’ innovative techniques to access financial systems requires an equally sophisticated strategy which surpasses human speed and intelligence, on a large scale – it calls for real time identity forensics.

This is a set of AI-powered technologies and processes that supervise modern financial systems effectively in real time. It brings together state-of-the-art document and customer behaviour evaluation to uncover synthetic identities, account takeover attempts, money laundering and other emerging types of fraud plaguing financial services.  Using a system of continuously refined relationships between the algorithms, methods and capabilities, data is used to learn behavioural patterns associated with attacks which means threats can be mitigated.

A Global AI in Financial Services Survey from the World Economic Forum in 2020 reported the vast majority of financial institutions believe that AI will be a critical aspect of their business moving forward.  The research conducted with banks and fintech leaders showed 85% currently use AI and 77% view it as having high importance.  Thwarting cybercriminal activity will rely heavily on the continued momentum of AI investment.

Strengthening Validation, Verification and Transaction Processes

A tightly checked process of customer onboarding exists to maximise data and account protection. The preliminary stage is applicant identity validation. Verification comes next, which connects that applicant to the information they provided.

The challenge is that automated workflows allow risk from manipulated or forged documents that support the customer journey in online lending, trading, insurance, financing, factoring and payments. As many as 1-20% of documents in the onboarding process are potentially manipulated, which includes documents such as bank statements, invoices and pay slips.  Banks must protect automated processes that use unauthorised documents from third parties, to ensure that all documents presented digitally are authentic.

Sophisticated AI continually assesses transactions and generates team alerts to detect likely fraudulent patterns. Qualified anomalies, such as unusual behavioural, devices, locations or even switching between accounts can be instantly flagged.  With cyber analyst teams often overwhelmed with alerts, this tactic eliminates the occurrence of false positives, allowing priority alerts to be immediately investigated.

Detect and deter while strengthening customer trust

Banks and fintechs are leaning hard on AI to proactively predict suspicious malicious activity. Identify forensics engines can also identify vulnerabilities in the wider tech ecosystem, spotting anomalies and gaps in third-party systems. A perfect blend of this technology with human expertise is the most effective campaign to defend from financial crime.

AI technology can bolster the entire validation, verification, and transaction processes to elevate security power without curbing the customer experience and journey. Stronger cyber protection, which allows a bank to build mutual customer trust, will also build customer loyalty, increased brand reputation and appeal to prospective customers.

State of the art document and customer behaviour forensics keep financial organisations one move ahead of actors in an ever-changing threatscape to protect customers, secure their data assets and build a profitable business.