The need to converge cybersecurity, fraud, and AML domains to better defend against financial crime has been discussed for years. However, recent developments in real-time payments, open banking, and booming digital transactions have prompted this convergence.
As far back as 2013, the Carbanak criminal gang attacks demonstrated the convergence of financial crime attack vectors. The criminal syndicate gained access to an employee’s computer through phishing, and installed malware on the video surveillance system. This was used to record everything that happened on the screens of staff who serviced the cash transfer systems. Criminals were then able to use international e-payment systems to transfer money to bank accounts in other countries and make withdrawals. As a result, more than USD 1 billion was stolen from financial institutions worldwide.
Traditionally, AML is about compliance, cybersecurity is about protecting against IT threats, and fraud programmes are about detecting and preventing financial crime. Sophisticated cyber attacks blur the lines between these teams’ activities. Attacks such as the one described above succeed because criminals take advantage of data monitoring, and process gaps between cyber intelligence, AML, and fraud teams in financial institutions.
The sophistication of cyber attacks continues to increase. At the same time, as financial institutions must instantly process an increasing number of digital transactions to satisfy customers and remain competitive, crime syndicates are adapting to exploit vulnerabilities exposed by these changes.
The fusion approach
Detection of a single anomaly may be innocuous in and of itself. Only by combining the skills, technology, and processes of the cyber security, anti-fraud, and AML teams to correlate data from multiple attack vectors can FIs reliably detect sophisticated cybercrime before significant damage is done.
Leading financial institutions are establishing financial crimes centres that gather cybersecurity, anti-fraud, and AML teams to converge their data and processes for a more holistic view of the threat landscape. This measure is designed to help financial institutions identify financial crimes across the spectrum and stay agile in their preventive operations and response.
A successful convergence programme must contain, among others, the following:
1. A streamlined structure & reporting
PwC recommends that financial institutions examine their existing enterprise-wide structure and identify points where streamlining it will give senior management a centralised view of financial crime risk. Clearly, documented structure with roles and responsibilities will help detect and eliminate duplicate tasks and will ensure better data visibility.
McKinsey & Company suggests that strategic prevention should be the key to improving the protection of the bank and its customers when working on convergence. To achieve their goals, financial institutions need to think like criminals. Since perpetrators are looking for a system’s weak points, banks should trace the flow of crime to come up with an optimised internal structure when planning their defense.
2. Converge data
Timely access to accurate payment transaction data is the foundation of efficient cybercrime, anti-fraud, and AML systems. Convergence requires organisations to move data out of independent silos and provide a single source of authoritative data to multiple teams and systems, enabling a comprehensive view of the financial network and the end-to-end financial transactions travelling across it.
As the threat landscape is forever changing, the data required to detect financial crime must be available to systems prior to a new attack vector emerging. If not, new attack vectors may only be detected retroactively or not at all. For example, if data-fusion initiatives leverage raw payment data in real time, they can benefit from complete end-to-end payment network data without data loss, negative impacts to the network, and the instrumentation of multiple endpoints.
3. The right technology
The faster payment process and open banking require FIs to adopt solutions that proactively identify emerging fraud threats and take immediate action to block them, without negative friction for real customers.
Machine learning fraud detection is an important element of this strategy; newer solutions leverage both unsupervised and supervised machine learning to reduce the need to train models. They create models per customer and per card for precise behavioural analytics and reduced false positive rates. Their self-learning algorithms eliminate delays in updating models when new threats are identified.
Artificial intelligence and machine learning can also help financial institutions protect against DDoS, BIN, bot, and other high-velocity attacks associated with financial crime. Fraud transaction firewalls leverage AI and ML to identify payment network attacks and automatically block malicious activities while letting legitimate transactions proceed unhindered.
Effective operational structure, data fusion, and the right technology are the pillars of success in the digital economy. And, while convergence is not necessarily a simple process, it should be mandatory for financial institutions to improve their resilience to modern financial crimes to stay competitive.
About Stephen Lazenby
About INETCO
INETCO Systems is a Vancouver, Canada-based global fintech company that helps financial institutions, payment providers, and retailers in over 35 countries detect and block payment fraud with granular precision, reducing false positives and fraud losses. INETCO solutions empower customers with easy access to rich payment data that helps them improve payment security and customer engagement, while reducing operational costs.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now