In recent years, high-visibility fraudulent wire transfers have become well documented and the bane of many financial institutions. But it doesn’t have to be that way. Whether the customer is the victim of an account takeover attack, compromised login credentials, or a man-in-the-browser attack, wire versioning analysis technology has proven to offer significant benefits to improve wire transfer fraud detection.
Assessing the risk within a specific wire transfer requires the analysis of the wire at each point in its journey. Changes -- including wire transfer amounts, destinations, payees, comments, and beneficiary banks -- can significantly alter the level of risk inherent in the wire.
Why is risk assessment improved by having the entire lifecycle of the wire transfer request examined?
If the wire system does not log and forward the various iterations the wire goes through before it is released, valuable contextual information is lost. At this point, the bank faces two bad choices: It could choose the wire as it was initiated to get the alerts earlier, and ultimately lose any information that changes the beneficiary, amount, or other important details. Or, the bank has to choose the wire as released, significantly delaying the investigation and providing no visibility to the changes it went through prior to being released. Not monitoring the changes to the wire transfer from its creation, through to its release, is a potentially risky lapse.
This is why versioning is so helpful. Each change to the wire on the portal is logged and added to the versions of the wire analyzed. Comparisons between versions yields informed context for determining if the changes are indicative of fraudulent wire activity. By scoring each wire transfer version, you can flag risk as soon as it appears, providing valuable analysis time for wire fraud investigators, and you can take into account the channel details of each user who touched the wire.
FFIEC guidance, regarding layered security programs, discusses the need to look at “customer history and behavior.” This guidance should be interpreted to mean, not only completed monetary payment behavior, but also behavior of the users on banking channels. Therefore, it is important to monitor the versions to see if a user is operating in an atypical manner. By scoring each version, you can flag risk as soon as it appears, instead of waiting until the wire is about ready to be released.
Any business that relies on the effective use of wire transfers -- such as escrow and cash management companies -- should know definitively if its banks are evaluating the intermediate versions of the wires they send or if they are just evaluating the wires as they are entered or released. If the answer does not include the use of wire versioning analysis, then a deeper process review should follow.
At many financial institutions, the customary due diligence of wire transfer version monitoring is becoming “best practice.” And where it is not, it should be. This is important because the process permits evaluation of the various versions the wire transfer passes through, and it also addresses the fact that more and more portals are capturing and passing the information through the processing system to fraud systems for evaluation. Wire versioning technology is available to improve your odds against the latest attacks -- but you have to use it well to reap the benefits.
Wesley Wilhelm (Wes) has more than 30 years of experience in banking and consulting to the financial services industry, with extensive knowledge of fraud management, payments, and retail banking technology and operations. He has held numerous management positions in risk and ... View Full Bio