Security

10:00 AM
Wesley Wilhelm
Wesley Wilhelm
Commentary
50%
50%

Plan Ahead for Financial Institution Fraud Management in 2015

Fraud trends that banks need to be prepared for this year.

What changes in financial institution fraud management will 2015 bring? Will the call center continue to be the weakest link in the fraud-prevention chain? How will the explosion of smart phones, mobile banking applications, and mobile remote deposit capture impact fraudster behavior? Last, will fraud attempts, losses, recoveries, and prevention expenses in the financial industry remain as opaque as they are today? We may not be able to answer these questions completely and accurately until 2016, but focusing on these issues now, while the crystal ball is cloudy, provides valuable time to plan and work effectively to mitigate these challenges. Here are some of my forecasts for the coming year in fraud.

Card fraud: Expect a continued increase in the frequency and severity of card mass compromise data breaches. Ahead of the liability shift, fraudsters will continue to speed up their efforts to steal data (magstripe & PIN) while they can still be used in counterfeit card fraud. The fraudsters will likely come to realize the additional value of stealing personally identifying information (PII) and continue to diversify by selling PII to data brokers as a way to continue to make money as the value of the card data decreases with the roll out of EMV. Now is the time to ensure that your point of compromise and card-not present fraud detection methods are up-to-date and ready for prime time.

[For more on trends to watch in 2015, check out: 3 Compliance Trends Community Banks Should Watch in 2015.]

Deposit account fraud: Traditional deposit account fraud will continue its downward trend this year. But expect increases in remote deposit capture losses as fraudsters continue to probe to find vulnerabilities in this new delivery system -- especially Mobile RDC. The newer delivery channels RDC, MRDC, P2P, kiosk banking, and even image-enabled ATM’s will continue to be probed for weaknesses and methods to mutate old fraud methods. Fraudsters will experiment with new methods of duplicate deposits -- a branch or ATM deposit followed by a mobile remote deposit, for example -- and will investigate new multiple-item mobile remote deposit capture applications.

Fraudsters will also determine back-office vulnerabilities by attacking them, using methods like forcing deposit corrections in order to get quicker funds availability. Last and not least, there will be pressure from the market to reduce the controls, limits, and product restrictions imposed on legitimate mobile remote deposit customers. It is not the time to assume that historically low losses from mobile and RDC delivery channels are inherent to the channels or that they can be maintained without active efforts to improve analysis and detection.

Wire transfer fraud: Deeper and more prevalent wire transfer fraud schemes will prosper, where the fraudster mimics the historical transaction patterns of the victim’s account. Wire transfers of the same or very similar amounts, along with the same timing and frequency, will become more prevalent in fraud schemes. Fraudsters will continue to manipulate unsuspecting victims by spoofing internal wire requests that fit existing patterns. Now is the time to extend wire transfer monitoring to include proactive customer contact and confirmations on new beneficiaries and new accounts for existing beneficiaries.

Call center fraud: As mass data compromises of card details and personally identifying information increase and EMV cards become more prevalent, fraudsters will continue to increase their social engineering attacks on the financial institution’s call centers. This increasing prevalence of social engineering attacks on call centers will support fraudsters' need for more involved cross-channel fraud schemes. Now is the time to evaluate and invest in voice biometric systems that identify fraudsters as well as authenticate legitimate customers.

Mobile banking fraud: The smart phone, along with new and existing smart phone applications, will be further probed and attacked. Attacks on the smart phones will target the information in the phone and the information the phone can access. Additionally, the new payments systems using smart phones will be hit with malware attacks on the devices and the apps they are running. You thought protecting card transaction data at merchants was difficult? Try protecting mobile phone data.

Fraud loss reporting: Financial institution fraud reporting will continue to lack the transparency sufficient to facilitate a relevant and organized response to all the attacks on financial institutions individually as well as across the financial industry as a whole. The current focus on separated delivery channels will continue to cloud financial institution decision-making and at an industry level result in ineffective risk management.

Happy New Year. The year 2015 should create a fun yet challenging ride for those of us working to manage fraud and financial crime in our institutions.

Wesley Wilhelm (Wes) has more than 30 years of experience in banking and consulting to the financial services industry, with extensive knowledge of fraud management, payments, and retail banking technology and operations. He has held numerous management positions in risk and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
ckuthyar
50%
50%
ckuthyar,
User Rank: Apprentice
1/5/2015 | 4:59:52 PM
Step-up Layered Authentication to reduce impact of Banking Fraud
The article on "Fraud trends that banks need to be prepared for this year" needs reading again and again by end-users as well as bank users. The mobile phone usage lends itself to Identity Theft all the time.  Unknowingly we are revealing different aspects of our Identity, Context, Location, Behaviour to fraudsters. There are trained hacker groups who can stitch them all together and prepare for a massive onslaught of financial attack on a pool of say 1 million bank accounts. Just like fishermen go out and cast their nets, surely more than 1000 people will fall prey in just the first scoop.   So, Fraud cannot be easily prevented.  It is going to increase and increase with each passing day.   

So, how do we reduce the impact of Banking Fraud?  One way is to have a Step-up and Layered Authentication depending on the amount of Transaction.   Example

For $10 transaction, allow a TEXT Message with just Mobile Number as Identifier (1 parameter)

For $ 100 transaction, insist on User Name and Password  (2 parameters)

For $ 1000 transaction, insist on User Name, Password followed by OTP ( 3 parameters)

For $ 10,000 transaction, insist on User Name, Password, special Transaction Password and OTP ( 4 parameters)

For $100,000 transaction, insist on an additional Biometric Authentication (Iris, Face, Fingerprint, Voice, Cardiac Pattern etc)

Banks and Solution Providers can innovate by changing the sequence and nature of Authentication but the philosophy of Staggered, Layered, Step-up Authentication will help reduce impact of Fraud.
Blog Voyage
100%
0%
Blog Voyage,
User Rank: Strategist
7/6/2015 | 2:49:02 AM
Re: Step-up Layered Authentication to reduce impact of Banking Fraud
Wow, that's a really nice method ! Want to see this IRL.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.