By Anna Fedorova
More than £500 million has been stolen from customers of UK banks in the first half of 2018, according to the latest data released by UK Finance.
Though the amount lost as a result of unauthorized financial transactions has fallen by 2% to £358 million in H1 2018, authorized push payment scams, where the account holder is duped into making the payment to another account, have risen by some 44% compared with the same period in 2017, to £145.4 million.
Authorized fraud is typically committed through social engineering tactics, where criminals pose as genuine individuals or organizations using telephone, email, text messages and increasingly social media.
Though the statistics on authorized fraud for the two periods are not comparable – four additional UK Finance members began reporting data as of January 1, 2018 – the numbers nevertheless indicate the scope of the problem, with new sophisticated methods making it harder to detect and prevent fraudulent activity.
Authorized payment scams are particularly dangerous since current legislation means customers have no legal protection to cover them for losses – which is different for an unauthorized transaction.
However, the industry has not stood still and has undertaken a number of initiatives to tackle fraud, and in particular authorized push scams.
Jay Floyd, principal fraud strategy consultant at ACI Worldwide, says: “While the fraud threat may be constantly evolving, so is the banking industry’s capability of stopping the threat.
“The advent of open APIs means financial institutions can now use overlay services such as ‘confirmation of payee’ to pre-empt and prevent fraud before a transaction happens,” he adds.
“Industry efforts to solve these issues are under way in the UK, for example, by creating a checking facility to cross-check the account name with the account details and give the payer certainty.”
Floyd continues: “Some countries have implemented similar proxy databases to provide an extra level of certainty to the payer. There is increasing recognition in the industry that real-time fraud monitoring needs to be an essential part of the payments processing solutions that a bank employs.”
The industry response includes raising awareness of how to stay safe through the Take Five to Stop Fraud campaign, launched in conjunction with the Home Office, and working with consumer groups as part of the Payment Systems Regulator’s steering group to develop an industry code for the reimbursement of scam victims.
The industry is also looking at potential legislative changes to account-opening procedures to help firms act more proactively on suspicion of fraud and prevent criminals from accessing financial systems.
Fraud detection is a key area of focus, which includes the recently established rapid response scheme Banking Protocol, through which branch staff can alert police and trading standards to suspected frauds taking place.
This system has already prevented £14.6 million in fraud in its first six months of operation and led to 100 arrests.
As well as focusing on fraud detection, the industry is making progress in the field of security, particularly looking at biometric technologies for customer authentication.
Ricky Knox, CEO of challenger bank Tandem Money, says: “When it comes to security, knowledge-based tests are relatively easy to get around as someone might be able to access this information.
“Biometric authentication alternatives are a great solution to securing customer accounts. This could be facial recognition, a fingerprint scanner, or something a little more advanced.”
The challenger bank offers all its services to customers through a banking app, which users can access via biometric authentication.
Knox adds: “We are also looking into behavioural biometric solutions that analyse users’ app usage across a range of data points to identify whether it is really them managing their accounts.
“Things like how you swipe your finger across your phone, the angle at which you hold your phone when you are using it, or how long you typically spend on your phone are all data points that come together to create a consistent profile of a customer.”
Firms are also employing other digital innovations to improve customer security.
For example, treasury management tech firm Kyriba employs such techniques as two-factor authentication, IP filtering – which allows clients to restrict logins to selected IP addresses – as well as digital signatures such as Swift’s 3SKey.
Meanwhile, many financial services firms are turning to artificial-intelligence technologies to develop reliable and innovative ways to detect and prevent fraud.
Mark Gazit, CEO of cyber security firm ThetaRay, says: “In an era when traditional financial crime is transitioning into cyber/financial crime powered by AI, banks cannot rely on old methods of identifying suspicious behavior, because criminals are able to make sure their crimes look identical to legitimate transactions.
“Banks can only protect themselves by using AI-powered threat-detection systems that have the ability to rapidly analyze massive amounts of data, constantly monitor ongoing transactions and identify fraud as it happens, or even before.”
ThetaRay offers clients a self-learning programme that can help detect suspicious activity before it happens and prevent all kinds of financial fraud, including money laundering.
According to Imam Hoque, chief product officer at big-data analytics firm Quantexa, the key advantage of AI technology is that it can analyze vast data sets to derive actionable intelligence.
Hoque says: “Looking at the banking industry, traditionally, companies did not have enough data to make enlightened choices and fraudsters took full advantage of these cracks.
“However, artificial intelligence has helped to knit datasets together, creating a more accurate image of accounts held and linking activity together. This has enabled banks to hone in on fraudsters where they once remained undetected.”
He adds: “Artificial intelligence can also process more data than a human and therefore make predictions, enabling informed decisions to be made more accurately, consistently and 24/7.
“As an example, a decision to alert an organization of suspected money laundering can account for not only the transaction being made, but also the entire history of the company too.”
Hoque concludes: “By bringing data together, analysing it and using it to gain insights, the financial industry is able to tackle financial fraud head on, and decrease risk to us all.”