Fraud defences are failing financial services. Why?

(© vs148 - Shutterstock)

Financial fraud reached record levels during the pandemic when criminals capitalized on the massive shift to remote living. Playing on our vulnerabilities and impersonating organizations from health services to delivery companies to recruiters, fraudsters grew increasingly sophisticated in their methods.

Two years on and the threat is ever-present.

According to UK Finance, during the first half of 2022, criminals stole a total of £609.8 million through authorized and unauthorized fraud and scams. 51% of organizations surveyed in PWC’s 2022 Global Economic Crime and Fraud Survey said that they had experienced fraud in the past two years – the highest level in its 20 years of research – with over a quarter reporting over $1 million in financial loss as a result.

Financial services have responded by spending millions on building fraud defenses to protect their customers by keeping the bad actors out. While investment in advanced security systems and processes is going some way to help prevent these massive losses, the battle against fraud remains an uphill one.

Every time an organization fortifies itself in one vulnerable area, fraudsters find a way to penetrate another. Our standard defenses are failing.

Organizations are underestimating economic criminals

As Katy Worobec at Economic Crime UK Finance notes, fraudsters are not ‘cheeky chancers’. They are ruthless, highly organized criminal gangs continuously innovating techniques to trick people out of their financial data. There are deep links between fraud, organized crime and terrorism that undermine public security. Financial services have to defend themselves with the full and frightening awareness of just how cutting-edge the fraud economy is.

The technology available to fraudsters is becoming more powerful and easier to obtain. Just like the organizations they are targeting, criminals are leveraging cloud platforms and machine learning to form coordinated attacks that are taking down even the most secure global systems. At the same time, they are also finding new routes to fraud by avoiding security systems altogether and targeting people directly through social engineering scams, persuading victims to share the personal information that’s designed to protect them.

What’s more, the financial services market is presenting them with new opportunities every day, increasing the surface area of attack by introducing new online services, channels and products to reach customers across the multiple platforms that they are using interchangeably.

Organizational silos are creating cracks in fraud defenses

No one product or technology is the silver bullet for financial fraud. Like the most successful defensive plays, it has to be a team effort. But in reality, it’s a mighty challenge to bring together all of the moving players in and across various organizations to work towards a common goal.

Fraud cases are typically dealt with within their own organizational silos. There is little communication between the various teams – like cybersecurity, anti-fraud, and anti-money laundering – that are affected. This issue is further compounded by a reactive approach that deals with fraud after it occurs, as opposed to proactively tackling it. When an anomaly is detected, where or to whom does it get routed? Or does it risk getting lost in the ether?

Financial services have to wake up to the criticality of collaboration when bad actors are coming together via chat rooms, the dark web and cryptocurrency to connect and coordinate within a growing criminal underworld.

The context is missing

When tech solutions are not holistically integrated it creates points of vulnerability in an IT stack that replicate and exacerbate these organizational silos. Many financial services organizations struggle with legacy infrastructure built up over many years, where data is stored in disparate areas making it almost impossible to detect patterns of fraudulent behavior. A 2021 survey by iSMG Information Security found that one of the top barriers to improving fraud prevention was the inability of information stores to talk to one another across different parts of an organization.

In banking, a single transaction is rarely enough to raise suspicion, even if it is larger than usual, or involves a new recipient. The key to fighting fraud? Context.

Organizations must find a way to understand the circumstances surrounding a transaction. Is the user in a different location from their usual one? Is the user sending a payment to a new recipient? Did they recently change their password? Is the time/day of this transaction unusual? These situational clues can be found in their digital data, including logins, authentication records, and app and website interaction.

Once you’ve got that data, you need to act immediately.

Data is not available in real time

This kind of information comes in different types and formats, from different data sources and systems, and is often available at different speeds and times. 

To understand the picture that data paints and how to respond appropriately, it needs to be aggregated and analyzed cohesively. Systems that only look at historical data from databases or logs for analysis after the fact are not able to detect fraud as it happens, only react to it.

Fraudulent attacks can easily be averted if organizations shift from a transaction-centric, data-at-rest processing mindset to an event-driven, real-time processing mindset. The right data streaming architecture can provide in-the-moment context to customer interactions, transactions and anomalies, which can then be analyzed via predictive models that get smarter over time thanks to machine learning.

Tips for organizations to get started

Can you outsmart a fraudster? You can if your defenses are proactive, set up in such a way that they prevent and combat fraud as it happens.

For example, identifying unusual changes to the behavior profile you hold about a customer can help prevent fraudulent activities before they occur through preventative actions such as blocking a transaction.

Confluent’s latest e-book, Putting Fraud in Context, outlines three approaches organizations should take to inform proactive fraud defense:

1. Gain context by drawing on multiple sources of data to develop good indicators and leverage a fraud scoring system at scale 
2. Enable the processing and transformation of all relevant data for analysis, executed through the application of sophisticated ML modelling, to create appropriate threat scores on anomalous activity 
3. Coordinate the best response by facilitating the sharing of intelligent, contextual data to the right place, in the right format, at the right time

Financial services organizations need to stay one step ahead of criminals whose methods will only adapt and become smarter. At Confluent, we’ve helped several customers to power the kind of winning fraud strategies that fend off fraudsters and protect their business today and tomorrow. You can sign up here.