What is currently happening in the financial crime and fraud space?
The mandatory isolation and social distancing of COVID-19 resulted in major changes in customers’ and organizations’ behavior and activities, both financial and commercial. The digital economy experienced a significant growth that led to the generation and acceleration of the supply of digital products and services. This rise of increased online transactions increased the security risks of the digital economy, given its increased exposure to cyber threats.
Even before the pandemic, the decade of 2010/2020 was already shaping up to be one of digital banking transformation. COVID-19 accelerated this process and even changed the behavior of customers leading them to consider the use of new technological tools where the trend of accessing digital channels and payments to perform transactions in real-time, is oriented and facilitated using smart devices.
From the above, financial institutions must or have had to adjust and respond to the additional needs of their customers. In terms of fraud prevention, organizations must update and improve their monitoring processes to identify, alert, and stop risk conditions in real-time. They need to do this all while balancing anti-fraud controls, the optimization of operational efficiency, and offering a better user experience, providing the customer with a multichannel interaction with capabilities to self-manage their products and services, resulting in a much more fluid experience with less friction.
We are not winning the war and criminals are getting smarter
Cyber-attacks in digital banking and fraud methodologies, in general, have increased both in number and level of sophistication. One of the biggest challenges and where we are gaining ground as a company is in the growth of the control of different attack vectors, among which stand out:
Synthetic Identity – the creation of false identities by combining real information of one or more persons with falsified data.
Account Takeover – a fraudster fraudulently gains access to a genuine customer’s account to take control of it.
Social Engineering Techniques – tricking people into giving up their personal information such as passwords, bank details, or allowing access to a computer to inadvertently install malicious software. To perform social engineering fraudsters frequently use phishing, vishing, CEO phishing, spear phishing, etc.
Business Email Compromise – this method aims to hijack and control business accounts that cybercriminals can use to intercept or redirect financial transactions.
Banking Malware and Trojans – this point has higher levels of sophistication. It employs any type of malicious software that tries to infect a computer or mobile device.
We must be aware that criminal structures are highly qualified, with high levels of sophistication. Fraudsters have resources, study their victims very well, and carry out multiple tests before attacking.
What is stopping us from winning and what can be done?
With the endless fight against the various fraud modalities, there is a sense that we are at a disadvantage. In some financial institutions, fraud is addressed reactively, through specialized tools or policies, with no correlation between the different tools, causing the operational and technical areas to work as silos.
In this complex context, it is necessary to establish a strategy and address the problem from a preventive point of view. We must understand the current and new threats and re-evaluate the business risks to establish an integrated and multi-layered security model that covers the entire life cycle of the operation and incorporates a scheme of correlation of events in multiple channels.
As part of the fraud mitigation analysis, it is necessary to extend the monitoring and security perimeter to incorporate the end-user, their devices, and the environment. Other aspects to consider are the knowledge about the customer to strengthen onboarding processes and using technological trends such as AI and ML that facilitate risk identification and behavioral analysis as well as strong authentication mechanisms based on multiple factors that incorporate a risk-based scheme for minimal customer friction.
These collaborative schemes are a key aspect. Plus, a financial fraud prevention hub allows connecting the entire system to jointly solve cybersecurity challenges so that in the daily management there is this mix of different systems and databases, integrated and orchestrated to provide a centralized and holistic view under a risk approach.
This editorial was first published in our Financial Crime and Fraud Report 2022, which showcases the innovation and development of the best practices and instruments used by financial institutions in their fraud prevention activities, to improve the digital onboarding process of their customers while fighting against financial crime .
About Ilian Alejandro Vasco
Ilian is a Computer Engineer, with a Master’s degree in Digital Marketing and Business Management. He is also a specialist in financial risk and AML Certified by FIBA/FIU, with more than 12 years of experience in the financial sector, holding management positions in compliance.
About Plus TI