In recent years, online banking and financial fraud have grown into a massive industry for cyber-criminals – as it continues to prove a low-risk, high-reward endeavor. Fraud teams at banks and other financial institutions are overwhelmed by the sheer number of fraud alerts they receive.
A situation only made worse by the many false positives and negatives that arise from implementing traditional anti-fraud solutions. A new approach is urgently needed to save time and money.
When inundated with fraud alerts, analysts have to prioritize them based on the risk level of each and then decide how to act. This process is naturally time-consuming since analysts must first determine which threats to escalate and what actions to take against these threats.
Whilst this is happening, fraudsters are often free to continue jumping from victim to victim. Thus, financial institutions can often find themselves sucked into a constant game of cat-and-mouse.
This lengthy process is also expensive - resulting in high operational costs, in addition to any fraud losses along with possible brand damage. Reducing false negatives and false positives and automating alert processing can take the burden off fraud teams.
Reducing false positives and negatives
One of the main causes of high fraud operational costs is fraud teams having to deal with many false negatives and false positives. These types of alerts can occur for several reasons. One example is Friendly Account Takeover
when a friend or family member uses the owner’s legitimate account. With the ongoing rise in the adoption of online banking services by less tech-savvy users, this can be a common occurrence.
While the perpetrator of this so-called ‘friendly fraud’ may have the account’s legitimate security details, some anti-fraud systems will pick up that the user is not the owner of the account.
Fraud teams are often overwhelmed with alerts regarding this circumstance, despite no actual malicious activity occurring – whilst their time and resources are needed for genuine threats.
Financial institutions, therefore, need to invest in a solution that treats anomalies detected when friends or family are helping account owners as low risk - thereby avoiding the friction that false positives can cause, and freeing up fraud analysts to focus on high-risk threats.
‘Know Your User’
Another reason for the high volume of false positives and negatives is how traditional online fraud prevention methods approach looking for bad actors. Typical approaches profile users into ‘clusters’ of good or bad actors.
This type of profiling requires fraud prevention solutions to comb through massive databases containing millions of bad actor or good actor attributes to find a match. This process can also classify a lot of new users as unclassified – neither good nor bad. And it is unclassified bad actors who are in fact, responsible for the majority of online fraud. Instead of using this profiling approach, a new way to analyze users examines each user on an individual, more granular level, including analyzing their current behavior compared with their past behavior.
This revolutionary ‘Know Your User’ (KYU)
approach analyses the risk of every user interaction by continuously examining their behavior combined with device and network assessments and allows financial institutions to build ‘cyber profiles’ for every user.
are unique to each user – a bit like a digital fingerprint – and are created using continuous behavioral biometric analysis, which occurs ‘behind-the-scenes’ and thus does not disrupt the user experience.
A focus on recognizing each user and building their BionicID again greatly reduces the number of false positives and negatives. It thus dramatically reduces both fraud losses and the costs of online fraud prevention operations.
Automating fraud response
Fraud teams would be better served with tools that allow them to be proactive in their fight against fraud - instead of relying on just detection and alerting processes. The most efficient way to prevent fraud losses is to allow fraud teams to configure automated responses that prevent attacks and block known bad actors – thus minimizing the workload of fraud analysts whilst stopping fraud in its tracks.
More importantly, fraud teams can adjust the level of response depending on the risk, maintaining complete control over the online fraud prevention process.
For example, a team could configure lower-risk fraud alerts to result in an automatic step-up in authentication, such as sending an OTP to the user’s phone.
In fact, financial institutions can implement a proactive mindset to prevent fraud across the board through a strategy centered around an Active Defense
to take the pressure off their fraud teams. In cybersecurity, ‘active defense’ refers to deploying actions that make it more complex and costly for cyber adversaries to carry out their attacks.
These actions aim to confuse attackers with traps and advanced forensics and often provide an automated incident response to increase the work required for the attackers and decrease the work for the defenders.
Using an Active Defense to fight online fraud is a game-changer. Automating the handling of most types of alerts can automatically and proactively prevent fraud losses, allowing fraud teams
to focus on the more complicated and most crucial investigations.
The banks and financial institutions of today can often feel as if they are stuck between a rock and a hard place: with, on the one hand, online fraud ever-increasing in scope, sophistication, and frequency, and, on the other, fraud teams that are in short supply and overworked – inundated with a never-ending flood of fraud alerts and notifications.
Fortunately, the modern technological advances which have helped online attackers can also benefit the defenders. With the advent of new tools specifically designed to support fraud teams, through methods such as automation, behavioral biometrics, and Know Your User, fraud analysts will now be well-equipped to effectively and efficiently deal with the ever-evolving landscape of online banking and financial fraud.