FIs: Staying at the Cutting Edge of Cybersecurity Innovation
Today, fraud is among the leading pain points for financial services institutions and consumers alike. As new AI-driving technologies help drive innovation in the sector, so too do they give fraudsters the tools to carry out their malicious aims.
In this roundtable, we speak to industry experts on ways fintechs can stay at the cutting edge of cybersecurity innovation amid rampant, rising fraud rates.
Fraud rate increases, UK Finance:
UK Finance reported £1.2bn losses through payments fraud in 2023.
In 2023, UK Finance sent out 427 fraud-related alerts to the industry, disseminating over 2 million compromised card numbers.
Over 2.9 million cases of fraud were reported in totla in the UK in 2023.
Our speakers:
Adam Davies, Vice President of Product Management, FICO
Grigory Yusupov, Regional Director UK and Rest of the World (ROW) at IDnow
Doriel Abrahams, Principal Technologist at Forter
How important is it for fintechs to stay at the cutting edge of cybersecurity innovation, using AI to stay one step ahead of fraudsters? How can they do it, and what more needs to be done?
Adam Davies:
Banks and fintechs are locked in a race against the fraudsters, a race that’s moving more quickly every day. Fraudsters are using new technologies like Generative AI to increase the speed of their attacks, defeat authentication and socially engineer/scam customers at a scale we’ve never seen before.
Fintechs have to match that speed and make fraud decisions increasingly quickly, with real-time decisions becoming table stakes to stay ahead of criminals.
Fintechs also need to use all the available data to identify anomalous behaviour that might indicate fraud. Whether they’re extracting context from internal data, or bringing in external data, all those relevant signals can help make an informed decision about whether something is fraudulent or legitimate.
Finally, fintechs need the agility to react as fraud types and channels change. Using technology that allows nimble orchestration and the rapid modification and deployment of new fraud-fighting strategies is essential given the very dynamic nature of fraud threats.
Relying on static rules or offline detection will only make a fintech a target for sophisticated fraudsters.
Grigory Yusupov:
We are already witnessing how developments within Artificial Intelligence (AI) are having some adverse effects on cybersecurity. The extraordinary leaps in AI technology mean it’s now almost too easy for a fraudster to carry out financial crimes.
As AI develops further, social engineering attacks on organisations will become easier and faster because cybercriminals no longer need deep technical know-how to execute them.
Particularly, advancements in generative AI mean deepfake technology can now be used to create hyper-realistic fake documents and videos used to commit financial crimes and fraud.
The frightening accuracy of deepfakes means that document forgery is likely to become easier than ever before, with accurate information harder to spot by the naked eye.
To combat these AI-aided advances of cybercriminals, organisations will need to fight fire with fire by leveraging AI themselves to stay one step ahead.
Doriel Abrahams:
Staying ahead in cybersecurity is crucial for fintechs as fraudsters increasingly use AI for sophisticated attacks. It’s important to remember that AI is not a good fraud instigator, it’s a great fraud accelerator and fraudsters can now automate and scale large portions of their operations.
To best combat it, fintech organisations should leverage AI technologies to detect and respond to threats in real-time, using behavioural analytics and focusing on the persona, and the user’s identity, rather than easily manipulated attributes such as billing or IP addresses.
Continuous innovation, collaboration with industry peers, and investment in R&D are essential to maintain security and build trust.
How can finservs/fintechs ensure the customer is secure against potential fraud, not just from a technological standpoint, but in educating the customer about potential dangers as well?
Adam Davies:
Protecting customers is absolutely at the convergence of technology and education. Fintechs can actually get the customers involved in the fraud detection process, which helps the customer feel protected and empowered while building trust with the company.
By using technology to engage customers consistently, fintechs can make sure that they are balancing friction with convenience.
Engaging customers in their preferred channels (whether SMS, fintech app, phone call, email, etc) and giving them the option to self-resolve something like a monetary transaction, helps reinforce the fintech’s role as the protector of their accounts and trusted advisor.
But it’s not just about that one moment or single transaction. Ongoing education efforts should also be a part of the fintech’s strategy, and companies can use omni-channel communication capabilities to share tips, tricks and knowledge to help consumers protect themselves against emerging or evolving fraud threats.
Especially with the increase in scams, banks need to get customers to “stop and think” which might be needed to break the spell the scammers have over the customer.
Grigory Yusupov:
The speed and scale at which AI can enable cybercrime is a thing to behold. With limited skills, nefarious individuals and groups can now target fintech organisations and their customers with relative ease.
Collaboration is critical, as technology alone cannot eradicate fraud. In fact, there is no silver bullet for fighting fraud; it is something that manifests at every online touchpoint, affecting individuals and organisations equally.
The key will be to work together to identify the forms of AI-enabled cybercrime and devise ways to combat them through technology and education.
According to the IDnow UK Fraud Awareness Report 2024, 33% of Brits have shared scans or photos of an ID card, driving licence or passport via insecure digital channels, such as social media or email, despite knowing that these ID documents could land in the wrong hands.
However, less than a third (31%) of Britons know what deepfake documents are, nor are they aware of the potential risks posed by digitally generated images of physical documents.
The public must be educated on the threats associated with sharing highly sensitive personal information online. Our advice is always to think twice before sending a scan or photo of official ID documents into the digital ether via unencrypted channels.
Alongside deepfakes and document forgery, another risk that stems from AI is social engineering, which, unlike other forms of cyberattacks, appeals to human vulnerabilities and emotions. In these cases, generative AI may be used by criminals to target exposed people within organisations, to elicit information or make a financial gain.
Doriel Abrahams:
Fintechs must combine classic advanced security measures like multi-factor authentication and encryption with customer education: regular awareness campaigns, phishing alerts and training resources help customers recognise and avoid fraud. Open communication channels ensure customers feel supported and informed.
Blockchain and DLT (distributed ledger technology) can mitigate fraud by creating immutable ledger transactions. How is it being employed today, and what are the barriers to organisations that currently aren’t leveraging blockchain technology?
Adam Davies:
Fintechs and other companies in financial services are always looking to understand the value that new technologies like blockchain (distributed ledger technology) can provide.
At FICO, we have pioneered a technique for blockchain/distributed ledger technology to improve model governance and observability.
We were recently awarded a patent for the use of blockchain technology to track the end-to-end provenance of the development, operationalisation and monitoring of machine learning models.
This allows us to offer explainability to all our customers and promote explainability in all our transactional fraud models and model development.
Grigory Yusupov:
In financial services, blockchain can be used to increase the security and transparency of transactions. As an example, banks can use blockchain to streamline cross-border payments and reduce fraud through an unambiguous, immutable record of each transaction.
However, today’s adoption of blockchain and DLT is still often hindered by technical, regulatory, cost, and organisational barriers.
One example of the regulatory challenges associated with blockchain and DLT is the new Transfer of Funds Regulation (TFR) in the EU, which mandates that all cryptocurrency transactions will need to carry identifying data of the sender and the receiver.
According to the new rule, compliance with TFR is mandatory for all Crypto Asset Service Providers (CASPs). One challenge for CASPs lies in GDPR compliance, as personally identifiable information (PII) should not be stored on blockchains or DLT.
However, to comply with the new regulations, CASPs need to know with whom they are doing business and continuously verify this information.
Today, finance fraud is happening beyond the KYC stage. How can fintechs/finserv enhance their onboarding processes and ensure fraud beyond the KYC stage is limited?
Doriel Abrahams:
Doriel offers three key points for FIs to take note of during the onboarding and KYC processes to reduce fraud.
Continuous, real-time monitoring: Monitor customer transactions and behaviour for signs of fraud even after the initial KYC process.
Behavioural Analysis: Utilising behavioural data points to monitor how users interact with the platform, detecting and flagging unusual behaviours.
Dynamic KYC: Implementing dynamic KYC processes that periodically re-verify customer identities and update their risk profiles. This is important not only to stop fraud but also to generate trust with good users who deserve less friction in the user experience.
Adam Davies:
Accessing data from across multiple internal and external systems (eg, device intelligence, biometric validation, contact data verification) will help to resolve customers' identities and transform that data to the appropriate format for making decisions.
That level of insight also helps put the customer's interaction in a historical context, which can enable fintechs to identify anomalies that may indicate fraud.
Link analysis/social network analysis helps to associate data entities and perform data matching across multiple data sources, such as applications and account records. Matching can uncover links indicative of criminal activity, and connections that are several degrees separate can be detected and visualised.
Finally, fintechs need dynamic orchestration to meet the requirements of each specific scenario, whether during the onboarding process or during a customer management process.
For example, the source of an application helps to determine what identity checks are invoked; or a high-value transaction to a new beneficiary may result in more stringent identity verification than a small dollar transaction to a known beneficiary.
That level of agility and composability allows fintechs to deliver truly personalised experiences that help reduce fraud while meeting customer expectations.
Grigory Yusupov:
As financial fraud happens beyond the KYC stage, fintechs should implement an effective, long-term cybercrime and fraud prevention strategy.
So-called risk signals are an innovation within the added ‘layers of defence’ that fintechs can use to tackle cybercrime after the initial KYC process is complete.
In fact, more focus will have to be placed on authentication processes rather than focusing only on the initial verification process of a user.
In the future, users will likely have to prove their identity through authentication measures throughout their user life cycle. Fintechs and financial service providers will be able to mitigate risks by adding an extra layer of authentication.
To read the full story in the magazine click HERE
**************
Make sure you check out the latest edition of FinTech Magazine and also sign up to our global conference series - FinTech LIVE 2024
**************
FinTech Magazine is a BizClik brand
