Our Vegas Highlight: Top Takeaways for Fraud and Risk Teams

Fraud Whack-a-Mole: Securing Payments in a Post-EMV Chip World

Money20/20, the premier financial and payment technology conference of the year was, as always, chock full of panels, networking events, and cocktails. This year, Alloy was lucky enough to participate in a panel hosted by Casey Merolla, a Senior Manager in Payment Strategy and Innovation Practice at Accenture. Laura Spiekerman represented Alloy there and spoke with XXXXX Brain Byrne of EMVCo, Jim Hickman of USAA, Ken Meiser of ID Analytics and Tom Poole of Capital One. In the session, “Fraud Whack-a-Mole: Securing Payments in a Post-EMV Chip World,” Laura was the sole startup exchanging ideas with large banks and others on the future of fraud and financial crime.

1. Financial Institutions (FIs) are facing unprecedented risks against cyber attacks

Fraudsters are opportunists who will adapt to strike the most vulnerable parts of the financial services ecosystem. When one channel is secured, they simply migrate to another exposed channel. In a feat to throttle criminals’ illicit revenue stream, FIs are forced to play the classic criminal version of the arcade game “whack-a-mole”. The panelists highlighted three emerging forms of online identity thefts:

• Card-Not-Present (CNP) fraud (increased 40% since the EMV liability shift)
• Account takeover (ATO) (increased by 35% just the first half of 2018)
• Synthetic identity fraud and true name fraud in online applications

2. Despite the wealth of data available to combat fraud, standardizing the data remains a challenge

Data can enable banks to understand customer activity patterns and detect cross-channel anomalies. Banks, however, typically do not have systems to make sense of the available data. Moreover, incorporating such systems into fraud detection programs is a painful process:

• External data: Utilizing external data requires an integration process with data vendors. Building vendor relationships is an obstacle itself and the subsequent integration process is a taller hurdle. As a result, banks partner with minimal vendors and therefore use minimal external data to make decisions, forcing a manual verification process and poor customer experience
• Decentralized Internal data: Banks do not have a central repository; each department and line of business has their own database (or even multiple databases). Moreover, data may be in different formats and difficult to standardize.
• Change in processes: Aggregating separate data pieces to form accurate decisions maybe require new data analysis systems and an overhaul of current processes, and business process changes at financial institutions can be long and bureaucracy-filled

3. Actions that banks can take to prepare now and for the future of fraud

Authenticating legitimate customers and spotting suspicious activity has become necessary for organizational capability. Despite the immense challenges, banks can protect themselves and their customers by:

• Using multiple data types: With synthetic identity fraud, homogenous data is insufficient to detect virtual identities. Banks need not only current data but also historical data to cross-check the existence of an identify. In other words, a synthetic identity may check out if you’re simply checking for current qualities (e.g. email, phone, public records, etc.) but won’t have a history of multiple addresses, email addresses, etc.
• Harmonizing machine learning and automation: Traditional fraud detection systems rely on algorithms to identify potential problems. However, algorithms are sets of rules that cannot self-adjust. FIs needs artificial intelligence to automatically adjust algorithms so that verification processes are accelerated as new data is gathered.
• Establishing a flexible system: The types of digital data available (and the vendors of that data) are constantly changing, not to mention the ever-evolving regulatory and fraud ecosystem. In order to future-proof an FI’s data & fraud systems, they must adopt flexible and dynamic systems that will grow and change with them.

It is no exaggeration to say that online fraud is rampant. As fraudsters are ever evolving and learning new tactics, we need to learn along with them. Being better able to attune fraud detection systems to new and unknown fraud patterns will be a key focus for risk teams in the coming years.