Know your fraudster: Protect the good users, prevent the bad from operating

Online banking fraud is proving increasingly hard to detect and prevent. Counter fraud technology must continuously evolve to keep up with innovative fraudster attacks that seek to circumvent different security techniques. This endless cycle is not working out well for banks, as fraud cases continue to rise year-on-year. 

Traditional anti-fraud solutions most often fail because they focus on blocking cyberattacks that have already been identified as threats. This is in part because learning the modus operandi of criminals – and then adapting anti-fraud solutions to counteract the latest techniques – is time-consuming, technically complex, and therefore expensive. As a result, fraudsters have a large window of opportunity to conduct their crimes. 

Machine learning and artificial intelligence are methods banks can use to become more proactive, and detect and prevent fraud more efficiently. There are thousands of parameters relating to a user’s identity that can be analysed to determine whether they are who they say they are. 

One set of parameters used for authentication is behavioural biometrics. Banks can use behavioural biometrics to recognise how quickly a user typically types, or the way in which they move the cursor, and whether it is normally via a mouse, touchpad, or trackball. By utilising deep learning techniques, these parameters can be used to dynamically profile the distinct way in which users behave and thereby pinpoint the illegitimate users hidden amongst the legitimate customers.

buguroo does all this through Fraudster Hunter, an additional functionality of its award-winning fraud prevention solution. This tool performs an online forensic analysis of each user’s behaviour and takes into account their dynamic context by continually assessing what devices and networks they use, their geolocation data, and the characteristics of their banking sessions. It also detects the interrelationships between users and their environment, mapping these relationships graphically. Once these interrelationships are established, it is a simple process to perform link analysis between the components. Banks can use this intelligence to pinpoint where the risk of fraud lies or where fraud has already occurred. This means banks can perform risk management in real-time.

In particular, the tool analyses user-related data looking for both similarities and differences in order to filter out the fraudsters from the legitimate customers. As a basic example, two distinct users portraying similar behaviour that use identical contexts such as network, device or browser information, could suggest that a single person is using at least two different identities within the same banking system. 

A bank analyst could also use Fraudster Hunter to investigate these suspicious similarities – or anomalies. A particular device, which is regularly used to access an online banking system, could be mapped in relation to the networks it frequently connects to. Here, the analyst might discover that the device has connected from two different IP addresses. There is nothing unusual here, as these could refer to their home and their place of work. This is where knowing a customer’s regular habits can help to understand when there is a risk of fraud.

The analyst could then use Fraudster Hunter to map the same device to all its users, perhaps finding that many different people are linked to it. If this was a family using a shared device at home, there would be clear links between these users and little cause for concern, but when the relationship between all the account holders is unclear, the analyst may become suspicious. In such circumstances, they can take remedial action, freezing accounts linked to the device or setting up extra authentication factors or ID checks on the users. Banks can effectively implement additional security barriers in real time, depending on the risk level. 

Each suspicious factor uncovered by Fraudster Hunter, such as a new device or unlikely location, may not be incriminating in isolation, but when a large set of data variables is analysed, it’s possible to determine the risk of fraud much more precisely. Once a fraudster is discovered, Fraudster Hunter can use all the information about their behaviour to build a 'cyber-profile', which it uses to track the fraudster's activity through the system, regardless of the type of traces they leave behind.

When a top European digital bank recently employed this functionality, it uncovered a complex network of mule accounts operating within its system. In this instance, the bank was made aware that a group of fraudsters had opened illegitimate accounts after police approached it about a reported scam. The bank wasn't sure how to conduct an investigation that could identify which of its accounts and users were fraudulent. 

buguroo stepped in to help. Using Fraudster Hunter's link analysis abilities, the bank was able to pinpoint fraudulent activity and users. From there, it could effectively rewind time by expanding the map and tracing the links to discover all the accounts, users, locations, devices, and sessions that were linked to each fraudulent user. Through leveraging the tool in this way, the bank could detect past and current fraud, and uncovered over 170 mule accounts linked to the scheme in the space of just one month.

What's more, link analysis can also find out details about the individual fraudsters who have been pinpointed. In this real-life example, the bank was able to relay any information they uncovered to the authorities and aid them in their efforts to identify and detain the criminals. 

All this analysis occurs behind the scenes, never affecting the user experience of legitimate account holders and thus preserving frictionless online banking sessions. The deep learning mechanism within the tool means that once an individual fraudster is detected, a bank's system is protected against future fraud attempts by that same person. This means Fraudster Hunter has the capability to cut fraud off at its roots, protecting banks before, during, and after the fraud has occurred.

About Pablo de la Riva

Pablo de la Riva founded his first company when he was 21 years old – a security consulting firm – and buguroo is his first software startup experience. He has been working in the anti-fraud sector for almost 15 years, first as a cyber-security analyst, then as a team leader, later as CTO with almost 200 people reporting to him and now as CEO.

About buguroo

Headquartered in Madrid, Spain, and with offices in the US, UK, Mexico, Brazil, Poland, and Colombia, buguroo helps protect more than 50 million banking customers across the world from online fraud. The company’s flagship anti-fraud solution, bugFraud, utilises deep learning technology combined with behavioural biometrics, device assessment, and advanced malware detection to create a unique profile of each customer, enabling banks to continuously check that the user is who they claim to be and is not being manipulated by fraudsters.