Having spent my career inside financial institutions for over twenty years, endeavouring to help those organisations prevent and solve fraud attacks, it’s been interesting to witness the recent, unprecedented media coverage of data breach activity.
This is activity that companies have been battling with for years, each and every day. Terry Lawson, head of fraud at RBS, told BBC News that the ‘threat of scams is growing’. That is true – and that’s off an already high base.
In the most recent cases, the people arrested for attacks on consumer companies have not, at face value, appeared to adhere to a typical criminal profile. But that’s the thing – identify theft doesn’t fit a ‘typical’ profile. Criminals know they are unlikely to be able to gather enough data from hacking one company to go on to impersonate genuine customers, with the end aim of stealing goods or funds. So they look for more data to create a complete picture.
With enough information, a fraudster will use people and scripts to attack other data sources, such as a credit reference report. Piecing all of that data together can then be enough to convince a vulnerable individual that they are talking to their bank. We refer to these types of fraudulent activity as ‘account takeover’ and ‘application fraud’. I have seen many account takeovers where vulnerable people are convinced they are talking to their bank and have had their entire savings accounts emptied.
It’s really tough to stay ahead of the criminals. What I’ve seen is that this often means that it’s the customer who first spots that they’ve been the victim of fraud, as a result of earlier identity theft. Fraud systems that rely on rules can’t keep up with changing attacks. This has a direct impact on customer experience and operational costs for the financial institution involved.
Figures from the RBS Group showed that 70% of customers affected by this type of fraud attack never get their money back, becoming the direct victims of the earlier data breach of personal ID from the retail merchant.
What I’ve learnt from battling fraud is that financial institutions need to keep one step ahead by understanding every individual customer. It’s one of the main reasons that I moved to Featurespace, who pioneered a totally unique way of solving this problem with a machine learning platform. By viewing events in context and by building a deep understanding of every single customer, monitoring every event and transaction taking place in real-time and from multiple channels, fraud attacks stand out like a sore thumb.
We saw an example with a fraud attack on an airline. The issuing bank was only alerted when a customer called to ask why an attempted legitimate purchase had been declined. It became apparent that the customer’s credit list had been overrun by a criminal making fraudulent purchases on the customer’s account.
The existing fraud system hadn’t spotted that the customer’s spending habits were uncharacteristic for that individual. Using Featurespace’s system, the fraud attack was spotted within the first few transactions, cutting the total fraud loss by over 60%.
With this fraud threat growing, I predict it’s a case of ‘when’ not ‘if’ for considering the next big data breach and its impact on financial services. Financial institutions know this, but they need to be keeping ahead with new solutions to beat these criminals. Today’s consumer is technically smart – they expect their banks to be using the latest technology developments for fraud prevention.
We can’t predict when the next data breach will happen – and how it will impact financial institutions downstream from the attack. Luckily, what we don’t have to predict is how to solve the problem – the answer is here with machine learning. It’s up to organisations to embrace these systems and gain that vital competitive edge in protecting their customers and their reputations.