According to the international statistics, the percentage of fraud against individuals using social engineering methods (smishing, vishing, phishing, spoofing phone numbers, call forwarding, compromising corporate email mailboxes, identity theft (including digital), etc.) amounted to about 98% of the total. The data was received from financial institutions as part of the mandatory monthly reporting, which shows exactly the reasons for recorded unauthorized transactions.
The rapid development of the market for remote channels of providing services to customers, the emergence of new products and services has significantly increased the attack surface for scammers. At the same time, it is the targeted focus of fraud that has increased, taking into account information about the vulnerabilities of a particular product and/or service. And along with the growth of professional training of fraudsters, their organization in groups (including together with criminal structures and with distributed legal accountability, which makes it more difficult to bring them to justice), significant investments in R&D to improve their tools, insider information (internal fraud) played a big role in this. These facts were also often reflected in the reports of profile specialists on the study of the shadow market on the Internet.
All this requires financial institutions to focus on this issue and take a balanced approach to the implementation of their products and services, as well as the design of anti-fraud systems. Currently, in most cases, such anti-fraud systems are single-channel, i.e. one system for bank cards, another for remote banking services for individuals, the third for internal fraud, etc. In parallel with them, there are information security and session anti-fraud systems, integration with mobile operators. Yes, there are a lot of systems and they are all necessary and in their place, but the problem is that scammers are actively developing and using cross-channel attacks.
What are cross-channel attacks? Simple for fraudsters, but practically impossible to solve for anti-fraud systems and information security systems in their current state. This is due to the nature of the attack development, which may start with a call to the bank’s call center from the client’s phone number, continue with an attempt to register the client’s mobile banking application, then call from the bank’s phone number to the client, there also may be attempts to log in to the Internet banking account (and even possibly from a real client’s device), and only then can operations with payments and transfers follow. Yes, it is possible that all the above systems will record these attempts, but they will not be linked in any way as a single fraudulent action that occurs in a certain period of time, in relation to a specific client and/or client device. And, thus, the attack may only be detected by the transactional anti-fraud system. There are no ideal systems of this kind, and even with good analytics and system settings, fraudulent operations will be skipped.
This suggests an obvious, but difficult, from the point of view of design and integration processes, solution for cross-channel monitoring in a single anti-fraud system.
It should be noted that the calculation of suspicious transaction ratings can be carried out with completely different metrics and their normalization and correlation with each other can be a separate task, which often falls on the employee’s decision, this means, the human factor makes its own mistakes.
FROM THEORY TO PRACTICE
Advantages of multi-vendor systems and negative impact on the concept of a single profile.
The following advantages should be highlighted:
– ability to complete the technical task as much as possible;
– competitive solution cost reduction;
– various compensation for improvements;
– risk diversification.
But at the same time negative factors begin to increase their influence:
– lack of a common solution architecture;
– lack of competence of employees in the work of a complex of systems;
– lack of understanding of the essence of integration interaction and data modeling for a single profile;
– disparate project teams;
– different product support teams;
– highly time-consuming implementation of integrated systems;
– lack of a single client ID in integrated systems;
– different and inconsistent timestamp formats in event sources;
– lack of time synchronization between integrated systems;
– the presence of a significant amount of related data, which reduces the effectiveness of machine learning algorithms.
In this regard, it is necessary to adopt the following principles for the qualitative solution of these factors and the construction of a cross-channel anti-fraud system:
– Ensuring the development of the solution architecture, taking into account the features of each system;
– Formation of a unified project team and establishment of close interaction of all participants with the role of “Architect” and their maximum availability for approval of changes to the project;
– Maintaining a unified project documentation for integrated systems and promptly reflecting all agreed changes in it;
– All changes in the systems should take into account their integration into the cross-channel, at least the following parameters:
– Changing the logic of system interaction;
– Changing the set of fields passed between systems;
– Changes the requirements for the mandatory fields;
– Changing field formats;
– Change the name of fields/their tags;
– Change in the possible content of data in the fields.
A cross-channel fraud prevention system is a unique level of maturity and responsibility, as it requires the coordinated action of many departments in different companies that can work not only in the moment, but also for many years to come. Only in this way the solution will have sufficient quality to become a “silver bullet” in the fight against fraud through social engineering, as well as high-tech methods of fraud.
