Identity and Artificial Intelligence: The Recipe for a Strong Fraud Defence

Sundeep Tengur

Sundeep Tengur

Financial services event Sibos recently ran in London, with the theme for 2019 being “Thriving in a hyper-connected world”. The market has long demanded quicker and more convenient payment methods, and the industry is now answering with ubiquitous payments, but at what cost, asks Sundeep Tengur?

PSD2 and open banking are now established in the legislative framework, while many third party providers are springing up with new offers that democratise access to payments and offer complementary value-added services.

Banks and other financial organisations are already seeing a surge in the volume and value of electronic transactions through digitalisation. New channels like PSD2 are set to exacerbate the pressure on existing fraud defences. Faster payments, through SWIFT gpi and other means, virtually eliminate the window of investigation, therefore necessitating automated real-time detection.

Fraud detection has become a very different ball game. It now requires the use of advanced analytics and Artificial Intelligence to compete with the ruthless agility of fraudsters and organised crime. The 2016 Bank of Bangladesh heist that used SWIFT channels to steal $81 million is a sore reminder of this fact.

Catch me if you can

The 1980s book (and subsequent Hollywood movie) based on the early exploits of ex-fraudster Frank Abagnale Jr is a good reminder of the speed of monetary transactions in the modern world. Payments through fast channels such as Faster Payments (UK), SEPA Instant Credit or the recent SWIFTNET Instant are made in a matter of minutes, if not faster.

It’s a race to the finish line. Can systems thwart fraud attempts in time, or will they risk unrecoverable losses and customer attrition? Fraudsters are also now better than ever at impersonating legitimate entities through phishing and identity theft.

A multidimensional view of a customer profile is, therefore, critical. It should encompass personal identity, device profiles and other attributes (such as biometric footprints). More importantly, organisations must cross-reference and update this ‘golden record’ in real-time to be truly effective.

Trust: the new currency

Identity validation is a real conundrum for the industry. Fraudsters now invest more time in grooming synthetic identities or harvesting valuable information from compromised accounts to appear legitimate. They aim to use similar points of exit – such as local ATMs and preferred online merchants – to funnel money away from their victims’ accounts.

Organised fraud rings can also spoof IP addresses and other data attributes to circumvent common fraud controls.

With so many threat vectors, how do we discover the owner of an identity? There’s no ‘holy grail’ in identity verification. Most techniques, including passwords, biometrics, knowledge-based authentication or device tokens, are flawed in isolation, but they do offer effective defence when used together.

True identity validation surfaces through a covert, multidimensional score to create a unique score for each individual, with overlapping data assets and strong entity resolution.

The majority of what third party fraud organisations witness downstream in their transactional systems indicates identity manipulation. To help resolve downstream issues – like Card Not Present or authorised push payments – it’s important to conduct identity checks upstream at the on-boarding stage and throughout the customer life cycle.

Artificial Intelligence to the rescue?

Artificial Intelligence is overhyped in the fraud domain. Sadly, it isn’t effective against new fraud types, customer behaviours or channels without existing data sets to train models. However, it can be a powerful addition to a fraud management ecosystem, helping as it does to uncover more complex frauds and reduce false alarms.

Transparency and interpretability are key to the process. That’s why many organisations are investing in ‘data labs’ to empower fraud experts and distil their knowledge into models. The key question now is how to ‘operationalise’ Artificial Intelligence. How do you transform a score into a meaningful and actionable outcome?

Humans can no longer compete with machines when it comes to sifting through huge volumes of highly complex data. The optimal solution is to use Artificial Intelligence to do the heavy lifting. Artificial Intelligence can provide ample intelligence that humans can use to make more effective non-binary decisions.

Achieving balance

In a hyper-connected world, the recipe for success in curbing fraud goes beyond the traditional data, people and technology mix. It’s about defining a fraud strategy roadmap with pragmatic milestones and supporting it with advanced analytics and Artificial Intelligence.

With most organisations hosting a diverse landscape of homegrown models, vendor solutions and third party data, it’s critical to interlace these assets into a decision fabric that drives consistency, robustness and operational effectiveness in end-to-end fraud management.

Yet there must also be a fine balance between robust fraud security and a frictionless customer experience. This way, you can achieve new business targets while keeping fraud actors at bay, as well as meet regulatory expectations without undue constraints.

In short, it’s less about what you do and more about how you do it.

Sundeep Tengur is Senior Business Solutions Manager in the Global Fraud and Financial Crime Practice at SAS

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts