9K: How Technology Can Address Current and Emerging Fraud Risks

Similar documents
SAS Fraud Framework for Banking

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

SAS. Fraud Management. Overview. Real-time scoring of all transactions for fast, accurate fraud detection. Challenges PRODUCT BRIEF

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

Payment Fraud and Risk Management

Fraud Solution for Financial Services

Supplement to Authentication in an Internet Banking Environment

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

WHITE PAPER Moving Beyond the FFIEC Guidelines

FICO Falcon Fraud Manager for Retail Banking

ACI Response to FFIEC Guidance

An Oracle White Paper October An Integrated Approach to Fighting Financial Crime: Leveraging Investments in AML and Fraud Solutions

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

An Oracle White Paper November Fraud Fight: Enterprise-wide Strategy Sets the Stage for Victory

SAS Fraud Framework for Health Care Evolution and Learnings

Top Ten Fraud Risks That Impact Your Financial Institution. Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC.

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Top Fraud Trends Facing Financial Institutions

Introducing IBM s Advanced Threat Protection Platform

WHITE PAPER Fighting Banking Fraud Without Driving Away Customers

SANS Top 20 Critical Controls for Effective Cyber Defense

Online Banking Risks efraud: Hands off my Account!

FICO Enterprise Fraud and Security Management. > Protection with a holistic view.

Transaction Anomaly Protection Stopping Malware At The Door. White Paper

Fighting ACH fraud: An industry perspective

The Sophos Security Heartbeat:

How the Past Changes the Future of Fraud

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

CyberArk Privileged Threat Analytics. Solution Brief

Cisco Comprehensive Payments Solution

Case Study SMS Two Factor Authentication. Contact us Infracast Ltd, Merlin House Brunel Road, Theale, Berkshire, RG7 4AB

Strengthen security with intelligent identity and access management

Security strategies to stay off the Børsen front page

Business ebanking Fraud Prevention Best Practices

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Don t Fall Victim to Cybercrime:

PREDICTIVE ANALYTICS IN FRAUD

FRAUD & SECURITY INTELLIGENCE

A Practical Guide to Anomaly Detection

How To Manage Security On A Networked Computer System

Online Account Takeover. Roger Nettie

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Using Analytics to detect and prevent Healthcare fraud. Copyright 2010 SAS Institute Inc. All rights reserved.

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Best Practices in Account Takeover

How To Protect Your Online Banking From Fraud

Electronic Fraud Awareness Advisory

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

The Cloud App Visibility Blindspot

Analyzing HTTP/HTTPS Traffic Logs

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

Multi-Factor Authentication of Online Transactions

Dissecting Wire Fraud: How it Happens, and How to Prevent It WHITE PAPER

End-user Security Analytics Strengthens Protection with ArcSight

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

Peter Hill, Oracle Reveleus & Mantas

RSA Adaptive Authentication For ecommerce

The Informatica Solution for Improper Payments

Your security is our priority

Product. AML Risk Manager for Life Insurance Complete End-to-End AML Coverage for Life Insurance

Are you looking for a single solution to deliver targeted marketing campaigns across multiple channels?

Product. Onboard Advisor Minimize Account Risk Through a Single, Integrated Onboarding Solution

Under the Hood of the IBM Threat Protection System

EnCase Analytics Product Overview

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Business Information Services. Product overview

Fraud Alert Management The Power of an Integrated Approach. Eric Kraus, Sr. Director Fraud Product Management

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

Selecting the right cybercrime-prevention solution

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

Security Bank of California Internet Banking Security Awareness

Device Fingerprinting and Fraud Protection Whitepaper

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Remote Deposit Quick Start Guide

Online Payment Fraud. IP Intelligence is one of the top five techniques used to detect and prevent online fraud

FRAUD DETECTION AND PREVENTION: A DATA ANALYTICS APPROACH BY SESHIKA FERNANDO TECHNICAL LEAD, WSO2

A strategic approach to fraud

Italy. EY s Global Information Security Survey 2013

Transcription:

9K: How Technology Can Address Current and Emerging Fraud Risks Session Level: Intermediate Tuesday, June 14-1:40-3:00 p.m. This session will explore how organizations are addressing the operational and reputational risks associated with ACH (peer-to-peer) and Wire fraud, the priority being given to this type of fraud prevention over the next 1-3 years, and how information security operations should integrate with your fraud operations. Plus, expectations from your enterprise fraud vendor and how the rollout of mobile banking can and should impact your enterprise fraud strategy will also be discussed. 1

How Technology Can Address Current and Emerging Fraud Risks Revathi Subramanian, Director, Research & Development Manuel Da Silva, Fraud Management Consultant Cameron Jones, Director, Financial Crimes Product Management Copyright 2010 SAS Institute Inc. All rights reserved.

Challenges Customers want Convenience Devices Increase Payment Channel Choices Organizations View Technology in a Siloed Perspective Focus is on Traditional Fraud Attacks 3

Generation Y Demographic Demographic traits: 97% of students own a computer 94% own a cell phone 76% of students use instant messaging (SMS) (~90% Europe/Asia) 92% multitask while IM ing Spend at least 3.5 hours a day online 2007 Junco/Mastrodicasa study of high school students 4

Generation Y Banking Insights Online/Mobile Use 48% signed up for credit cards online 36% applied for personal loans online 80% use internet banking monthly Cards/Accounts 36% have a debit card, savings or checking account Daily payment method for expenses is debit card Mobile Devices 32% check account balances 15% receive and pay bills 5

Combating Financial Crimes Data Data Data Data Access & Integration Data Analysis & Detection Alert Management Case Management Data Business Analytics Platform Trend is moving integration of data and analytics upstream in the fraud management process. Proactive Prevention through Predictive Analytics 6 Copyright 2010, SAS Institute Inc. All rights reserved.

Enterprise Financial Crimes Source Systems Customer Transx Account Non-mon Employee Intelligent Financial Crimes Repository Financial Crimes Risk Exposures Credit Card Debit Card ACH / Wire Check ATM Online/ Internet Mobile Banking Lending Mortgage Card (Bust-out) Application Internal AML/ CFT Detection & Alert Generation Alert Management Enterprise Case Management Business Intelligence (Reporting, Analytics, Dashboards, Operational Metrics) 7 Copyright 2010, SAS Institute Inc. All rights reserved.

Multiple Analytical Approaches Layered Analytics Using a Hybrid Approach for Fraud Detection Enterprise Data Suitable for known patterns Suitable for unknown patterns Suitable for complex patterns Suitable for associative link patterns Rules Anomaly Detection Predictive Models Social Network Analysis Customers Account Rules to filter fraudulent transactions and behaviors Detect individual and aggregated abnormal patterns Predictive assessment against known fraud cases Knowledge discovery through associative link analysis Transactions Employee Applications Internal Bad Lists Examples: Txns in different time zones within short period of time 1 st Txn outside US Cash cycling event Examples: Wire transactions on account exceed norm # unsecured loans on network exceed norm Accounts per address exceed norm Examples: Like wire transaction patterns Like account opening & closure patterns Like network growth rate (velocity) Examples: Association to known fraud Identity manipulation Transactions to suspicious counterparties 3 rd Party Flags Call Center Logs Hybrid Approach Proactively applies combination of all 4 approaches at account, customer, and network levels. 8

Potential for Accuracy Improvement 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 35% 70% Retail Bank Personal Accounts 6.5% 43% Brokerage High Net Worth Accounts Scenario Results from POCs, POVs, and Projects Scenario + Model 25% 1.3% 0.2% E-Banking (Phishing) 49% Watch List Compliance 9 Copyright 2010, SAS Institute Inc. All rights reserved.

Neural Network Analytics 10

The Challenge Enterprise Fraud Fraud got more sophisticated Across multiple lines Through different channels New Technologies More channels are available to conduct variety of monetary or non-monetary activities Constantly changing environment Demand in customer relationship management Monitor the customer in silo fashion is insufficient Need better understanding of the customer across the enterprise 11

ACH / Wire Transfer Fraud Analytics Most existing systems use rules Rule based systems have very high false positive rates - not feasible for taking action Commercial ACH and Wire fraud very rare Very few cases to learn from Fraud rates much lower than payment card fraud May not have many historical bad cases to train supervised models Lacks patent pending semi-supervised or unsupervised modeling techniques that will be utilized for this problem 12

Typical Problem Characteristics Extremely large volumes of disparate data (numbers / text) Identify very rare events (needles in a haystack) Rare events constitute monetary / psychological high value (Credit card fraud, Tax under-filing, intrusion of highly secure networks) Solutions involve sophisticated analytical models, high performing software all rolled into one 13

Broad Classes of Problems Supervised Learning: Target fully known Learn from the examples and extrapolate Credit card fraud, bankruptcy Semi-Supervised Learning: Partial target known Learn from the known targets as well as anomalous behavior to predict risk Tax fraud, purchase card fraud good examples Unsupervised Learning: Target unknown Learn from anomalous behavior and isolate cases Insurance fraud, network intrusion good examples 14

ACH/Wire Strategic & Operational Risk 15

Why Fraudsters love ACH/Wire Multiple channels and products of intrusion. Online, Phone, Direct deposits, Payroll, Procurement, Automated Checks, Bill Payments, Social Security payments Common ACH/Wire fraud traits: Employee collusion / Internal Fraud Interception; (Seasonal targets emails i.e. IRS-Unreported Income ) installs malicious Trojan software ( Zeus/Zbot and Backdoor.bot ) Malware (Generic): MiTM / MiTB Single Authentication Process Mules / Stay-at-home schemes to process funds - Structured and complex fraud group attacks Commercial v s Consumer recovery periods: Commercial targeting High velocity (#) and high value($) of ACH/Wire hides small but significant incremental changes (low velocity/large $ value) 16

ACH / Wire Transfer Fraud Analytics (r) Most existing systems use rules. Subjective focus Rule based systems have very high false positive rates - not feasible for taking action Commercial ACH and Wire fraud very rare Very few cases to learn from Fraud rates much lower than payment card fraud May not have many historical bad cases to train supervised models Lacks patent pending semi-supervised or unsupervised modeling techniques that will be utilized for this problem 17

How Pervasive is ACH/Wire Fraud Oct-2009 - FBI report: Approximately $100 million in attempted losses due to ACH fraud. Most Cases; Accounts held at regional/local, credit unions. Apr-2011 FBI Statement: Mar-2010/Apr-2011, identified incidents where online banking credentials of small/medium U.S. businesses were compromised and used to initiate wire transfers to Chinese economic/trade companies. Total attempted fraud amounts to ~ $20 million. Wire funds of $50K in large-part successful; funds withdrawn immediately. Zeus/Zbot: Available to buy on internet (~$700-4000) Proliferation : Machines in 196 countries/most significant» USA, Mexico, Saudi Arabia, Egypt and Turkey. Altogether, 2,411 companies and organizations are said to have been affected. US ~3.6 million consumer PCs Difficult to detect; Llargest botnet on internet 18

Strategic Responses to Reduce Fraud Risks Manage risk holistically, including fraud risk. Manage fraud, security, compliance in coordinated fashion. Improve data governance. Leverage fraud information for new business opportunities. Merge AML and fraud strategy, technology, processes. Standardize security and business process with supply chain. Adopt enterprise fraud management with LOB responsibility. Manage valuation, liquidity, counterparty risk with eye to fraud. Use risk-based, not standardized, approach to fraud. Upgrade technology to comply with new regulations. Source: TowerGroup 19

A Layered Security Framework 1. Proactive Monitoring Real-Time / Online Processing of ACH, ACH/Batch and Wire Transactions Manage within processing Time Windows Monitor both Debits and Credits into Account Monitor ( house-hold, non-monetary type transactions) Allow for Real-Time Blocking/Hold Strategies Managed by the Business Team 20

A Layered Security Framework 2. Authentication Utilize 2-Factor Type Authentication for log-in/access process Different processes Malware Detection programs IP intelligence HTTP header / Secure browser Wireless / Virtual Tokens, etc. 21

A Layered Security Framework 3. Analytics / Behavioral Profiling Deploy Proven Model Methodologies to capture fraud more effectively reduce false positive/increase detection rates Utilize Signatures as part of Entity Behavior Single & Complex Structures (Account, Customer, Bank_id, Devise_id, Payee/Benefactor Data driven Use Scores, Reason & Operational Codes to predict suspicious/fraud activity (make avail in Rules Logic) Maximize data values (incl. House-hold and Demographic data) Explore Link Analysis Find common patterns of fraud traits 22

A Layered Security Framework 4. Transaction Monitoring / Batch Fraud Monitoring Set Strategies based on Risk and Tolerance Prioritize based on Hold and Time Sensitive Transactions Authenticate Suspicious Actions Manage Strategy and Champion/Challenge Environment Provide Holistic view of customer/account Empower analyst to action and reconcile investigations 23

A Layered Security Framework 3. Analytics / Behavioral Profiling Deploy Proven Model Methodologies to capture fraud more effectively reduce false positive/increase detection rates Build Signatures as part of Entity Behavior Single & Complex Structures (Account, Customer, Bank Details, Devise_Id, Payee/Benefactor Use Scores, Reason & Operational Codes to predict suspicious/fraud activity (make avail in Rules Logic) Maximize data values (incl. House-hold and Demographic data) 24

A Layered Security Framework Authenticate Suspicious Transactions Customer Education Preset Limits Interactive Alerts 5. Customer Education / Involvement Increase Outbound Contact Medium (SMS, Email, Secure Message) 25

Conclusions Challenge ACH/Wire Status Quo Fraud Detection Manage risk holistically Adopt proven Analytical methodologies to increase fraud rate detection Use a risk-based rather than standardized approach to fraud Upgrade technology to comply with new fraud requirements No Quick Wins - Layered Security Adopt enterprise fraud management with line-ofbusiness responsibility 26

Thank you - Questions Copyright 2010, SAS Institute Inc. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information