Month: March 2018

Cybercrime continues to be an unending botheration for banks. While the focus of attempts and attacks until recently, tended to be on the banks’ customers (via card and account detail compromises), of late fraudsters have become more sophisticated and have raised the stakes.

They have shifted their focus and are now directly targeting banks. They have begun deploying increasingly sophisticated methods of circumventing individual controls in the banks’ local environments and have probed deeper into systems to execute well-planned and finely orchestrated attacks.

One area where fraudsters have increased malicious attacks is Correspondent Banking, especially via SWIFT.

SWIFT was developed at a time when the primary focus was on interconnectivity and security was not really a concern. However, with increased adoption of the SWIFT network, security lapses / gaps in the entire value chain, especially the weaker links, have started getting exposed.

Fraudsters have discovered that they can leverage vulnerabilities in SWIFT’s member banks’ processes and procedures, particularly in countries where regulatory and security controls are less robust.

Here are a few instances –

Bangladesh Central Bank

The February 2016 SWIFT heist was a watershed moment for the payments industry. Though not the first case of fraud against a bank’s payment endpoint, it was the sheer scale and sophistication of the attack which shook up the global financial community.

The fraudsters used the following process to decamp with $81 million –

• Compromising the customer’s environment – by introducing malware using techniques such as phishing or email compromise scams.
• Capturing valid operator credentials – typically through access to password files or by putting key-loggers in place to capture password details, and thereby gaining an understanding of the payment environment and associated behaviors.
• Hiding the transaction activity – by removing payment information from local databases, modifying incoming statement information or rendering the local environments inoperable; and thereby delaying the discovery of the attack and increasing the possibility for the funds to be settled.

A similar modus operandi was seen in the incidents at several other banks as well – Vietnam’s Tien Phong Bank, Ecuador’s Banco del Austro and recently in an Indian private bank.

Indian Private Sector Bank

In this case the modus operandi for the SWIFT attack was on these lines –

• The fraudsters got hold of the operators’ credentials and also quite possibly of the bank’s SWIFT system approvers (probably by planting malware via emails).
• Day 1, 1800 hours approx. – fraudsters initiate the SWIFT instructions from the hacked accounts.
• The transactions were made to 3 different beneficiaries in different geographies – Turkey, China and UAE – to avoid detection. Interestingly, 3 different Correspondent Banks were used for the transactions.
• The fraudsters disabled the printer connected to SWIFT platform, preventing the bank from receiving acknowledgement messages for the fraudulent payment instruction.
• This was a delaying tactic because it ensured that the bank’s staff would not be able to detect the remittances before the next morning.
• Day 2, Morning – the unauthorized remittances are discovered during reconciliation. Approx. $1.8 million is gone.

The root cause

In both cases, even though not all of the money made its way into the fraudsters’ hands, they are still alarming examples of how systems can be duped.

The success of these frauds is an outcome of a combination of factors –

• Exploiting weaknesses in the cyber, fraud, and possibly staff monitoring controls
• Deep, exhaustive and practical knowledge of how banks interact with funds transfer systems
• Sophisticated malware tailored to the target
• Access to detection and response mechanisms, besides funds transfer systems

Banks must counter-attack this combination in a holistic rather than a piece-meal fashion to gain an upper hand over the fraudsters. They must rally efforts on better coordinating their cyber-security, anti-fraud, and staff risk management programs.

SWIFT meanwhile has initiated a Customer Security Program (CSP), wherein it provides elaborative security controls. However, banks should put additional transaction monitoring checks using intelligent fraud detection and prevention systems. This should eliminate fraudulent cases where cyber-security systems have failed in the past.

How a smart enterprise-wide fraud management system helps

A good enterprise fraud management system has the capability to solve most problems in the fund transfer process and prevent big ticket frauds. Some of the highlights of a multi-centric approach of a smart fraud management system are –

• Cross-channel Platform – Banks must remove siloes in their IT ecosystem to allow generating centralized, cross-channel intelligence required to fight multi-faceted frauds. An intelligent, real-time enterprise-wide fraud management system unifies the bank’s CRM, core banking system and remittance processing systems at a single centralized point to generate cross-channel intelligence. It provides a real-time remittance transaction surveillance capability to block suspicious transactions based on centralized fraud intelligence.
• Transaction Monitoring – Real-time remittance transaction monitoring can go a extra mile to reduce instances of cyber fraud. Banks can validate remittance transaction parameters against third-party watch lists, custom high-risk countries and beneficiaries’ lists. Banks can apply transaction velocity or cumulative value-based checks on the outward remittances based on multiple perspectives viz. sender, beneficiary, correspondent bank, user etc. Cross-pollination of remittance instructions’ data with the data from CRM, core banking and other systems provides multi-channel intelligence to counter fraud.
• Limits Monitoring – Banks should implement limits monitoring and control policies at various levels in the fund transfer process (originator, beneficiary, correspondent bank, beneficiary bank, destination country, etc).
• Staff Fraud Management – Operating procedures and processes should limit and protect administrator and system privileges. Banks must implement staff specific remittance transaction checks and controls. It should check for users who abuse or exceed their access. Also, identify anomalies in credentials or access to fund transfer systems (e.g. excessive logins, logins at unusual times) and raise red flags.
• Centralized Case Management System – to enable following up on the red flags raised and to plug loopholes. A Centralized Case Management System clubs together inter-linked suspicious activities for easier and faster investigation.

With cybercriminals continuing to attempt penetrating traditional strongholds, it is imperative that financial institutions take necessary steps to secure their environments. Enterprise-Wide fraud management is one of the approaches that can enable financial institutions to prevent the attacks, as well as increase the likelihood of an attack being detected in time.

During the last holiday season, a third of all online purchases came from smartphone users. Just how central e-commerce and m-commerce (almost by default) has become to our way of life and how it’s expected to continue to grow is quite evident. According to Business Insider, e-commerce and m-commerce are showing no signs of stopping.

Mobile transactions are overtaking everything else at a rate faster than businesses can handle. With the number of consumers switching to digital and mobile channels growing literally by the hour, banks need to simultaneously boost their defense mechanisms to prevent e-commerce and m-commerce frauds.

In fact, real-time payment systems could very well be helping accelerate financial crime.  A smarter mechanism to detect patterns and quickly form rules without the added complexity of software mutation and changes is essential for fraud threats to be preempted and prevented in real-time. Intelligent systems start from a basic rule and update these rules based on patterns detected from data, at incredible speeds.

Machine learning algorithms today can analyze petabytes of data in a matter of hours and detect patterns with very simple computations. The entire process of analyzing data and formulating rules can be tested, verified and validated, making this a very precise and accurate science that gets better with use. Read more on applying Machine Learning and AI in fraud detection.

But implementing AI and machine learning in banks has its own share of challenges –

• Learning curve: An obstacle to machine learning is the steep learning curve for data scientists to optimize insights gained from machine learning. Machine learning is only as good as the data scientists behind it. It requires expertise and experience-driven judgement to make decisions and even the most advanced technology cannot replace that to effectively filter, process and evaluate the meaning of the risk score via data.
• Black box decision making: Much of machine learning is grounded on black box decision-making. Black box decisioning by AI currently is unable to sift authentic transactions from fraudulent ones with 100% accuracy and therefore is a limitation. Many policy execution or governance requirements need clear explanations of decisions (e.g. explaining to a customer why a transaction was blocked) and this may still pose a challenge when it comes to AI-driven systems.
• Sifting the chaff from the grain: Finally, an increased capacity to process Big Data creates an inherent tendency towards including irrelevant data. Machines lack common sense, so human experts are still needed to supervise. It takes a significant amount of data for machine learning models to become accurate.

The key to advanced fraud-detection is a departure from rule-based, non-predictive detection to a non-deterministic approach that can explore and detect hitherto unknown issues/ challenges. This approach relies on several areas of AI including machine learning, deep learning and cognitive computing. Using these techniques to quickly analyze huge amounts of data, analysts can create benchmarks of normal activity and behavior patterns.

But most importantly, ecommerce platforms, financial institutions and payments systems and must have the ability to instantly detect (and prevent) threats in real-time using contextual insights synthesized from across internal and external channels.

References:

• E-Commerce Fraud Loss Reaches $57.8 Billion
• Online Fraud Benchmark Report: Persistence Is Critical
• Ecommerce Payment Fraud Outlook 2017-2020 by Emily Vuitton