Fighting fraud in the future: What banks need to do

By Pat Shea

Customer behaviors changed radically during the pandemic lockdown which naturally changed the payments industry as well.

To avoid fraud, the financial industry has always had specific checks and balances in place to identify suspicious behavior or chart changes in customer behaviors. These checks and balances, which were based on logic and training to identify patterns, worked well for the most part until a pandemic that was based on anything but logic and patterns had customers who never used online banking or purchased goods and services through a digital wallet suddenly doing so repeatedly. And more customers online meant more fraud.

“The patterns and models that were always used to determine fraud are unfortunately, no longer relevant,” James Heinzman, EVP of financial service solutions for ThetaRay, said in an interview with ATM Marketplace. “Banks are now generating 400-600 times the volume of alerts than they were before the pandemic and the models are identifying the new behaviors as suspicious, instead of recognizing that the fundamental behavior of the market has changed.”

Heinzman explained because the industry never saw such radical changes before, the models that were used pre-pandemic have to be rewritten, retrained and re-calibrated to be in any way meaningful going forward.

“This is a very expensive and resource-consuming effort. Does it really make sense to rewrite legacy technology programs? We believe that unsupervised machine learning is a better solution to the problem. Advanced artificial intelligence solutions solves this issue because it’s data-driven and automatically tunes to the new normal,” Heinzman said. “It accurately distinguishes between wholesale market changes and real suspicious behaviors. Because there are no predefined rules or models, it can make connections and identify patterns even if there’s been no prior example.”

Q: If anti-money laundering and anti-fraud detection models been rendered nearly useless by COVID-19 what should a bank do?

A: The first thing [a bank] needs to do is take a fresh look at their AML programs. Check out the people, process and technology. They need to acknowledge that the world has changed forever; the virus isn’t going away. It’s time for banks to really adopt new technologies and modernize their infrastructure. A lot of banking was based on relationships human interaction. That’s changed dramatically. The banking of the future will be conducted primarily through web and digital channels. AML programs need to adapt to meet this change and modernize the technology.

Q: How are banks leaving themselves open to an increase in cybercrime?

A:The bank workforce is now working from home, security systems weren’t designed for that, and new vulnerabilities have arisen. It’s also forcing the banks to reveal sensitive information to these remote workers on their personal devices, thus exposing sensitive data. Banks need to adopt more modern approaches to cybercrime and look not just at perimeter defenses, but at business activity as well, in order to identify and mitigate these breaches that go undetected.

Q: What are the top cybercrimes that financial institutions have to watch out for?

A:There are a lot of attacks we’ve never seen before hitting these banks, and they’re only getting more sophisticated. And now thanks to the Financial Crimes Enforcement Network breach, they’re better informed. Phishing and spear-phishing techniques are becoming more effective thanks to the remote workforce; the chances of clicking on a suspicious link increase when employees aren’t in the office and supervising them proves to be difficult. Additionally, the fear of job displacement causes employees to do things they normally wouldn’t do, which puts them at a higher risk for falling for this type of attack. The greatest threats in the post COVID era may well come from within the banks themselves.

Q: Can you explain the new intuitive type of AI?

A: Artificial Intuition enables computers to identify threats and opportunities without following a predefined model based on human experience or past events and being told what to look for. Just as human intuition allows us to make decisions without specifically being instructed on how to do so. Essentially, artificial intuition evaluates all the data points and how they are connected. It can create a dynamic view on what is happening and how everything is connected to everything else. In this way, it can mimic how the human brain processes information and makes decisions about what is unusual.

Consider what happens when you see a person approaching you. Most people don’t take out a ruler and measure the distance between their ears, or how far apart their eyes are or the length of their chin. What they do is very quickly look at all of the information about this person. All the connections of data points and compare it to a memory. Is this someone I have seen before? Are they a friend? A threat? etc. In the same way, artificial intuition can make connections between data points that separately seem normal, but when looked at together arouse suspicion.

Q: Why is it referred to as artificial intuition and not intelligence?

A: When people hear the term “artificial intelligence,” they tend to picture these extremely logic-based systems that follow rule-based programming. Yes, it’s true that most real-world AI applications aren’t HAL9000, but they still follow a set of rules they were trained on; “if X happens then Y will happen.” Artificial intuition moves away from this rules-based approach and allows the system to act on its own using sophisticated algorithms to make connections between data points. It doesn’t need to be taught every possible scenario, and let’s face it, that would be impossible since it would require human beings to be aware and understand an infinite number of possible situations. It can go beyond human intelligence and automatically make inferences about big data that mimic a human’s intuition, if they were able to process it.

Q: What are the benefits of this technology?

A: Financial institutions have increasingly begun to adopt artificial intuition to detect new and sophisticated financial cybercrime schemes, including correspondent banking, cross border transactions, trade finance, money laundering, fraud and ATM hacking. These crimes are usually concealed between thousands upon thousands of transactions that have their own set of connected parameters. By combining sophisticated, patented mathematical algorithms and user-friendly technology interfaces, artificial intuition automatically and accurately identifies real suspicious activity and presents it to analysts in an easily understandable format with full transparency, and expandability. It also provides all the tools and forensic data together in a single interface to investigate and resolve issues identified. It increases efficiency and reduces risk.

Q: What are the challenges?

A: The main challenges are not really with the technology per se, but they are more related to the paradigm shift the technology represents. This is new and it’s different. It represents change that can be scary for some and hard to embrace for others. It can also be perceived as a threat to internal stakeholders who prefer to build and create technology solutions in house. These challenges can be dangerous for a bank and can inhibit their ability to find the best solutions to the current crises.

Other challenges are not unique to this technology, but they do merit a mention here. Big data is still a big issue for banks. They have gotten better at having a cohesive data strategy and bringing in big data technologies, but they still have a way to go. Data acquisition, data quality, and the ETL process are still challenges for banks that inhibit their ability to rapidly deploy new technology.

Q: How does AI “sense” changes?

A: A system using artificial intuition senses changes by applying a qualitative model to the data it’s analyzing, rather than the traditional quantitative model that rules-based AI solutions use. From there, artificial intuition analyzes the dataset and develops a contextual language that represents the overall configuration of the data. It’s able to understand the “big picture” of what lies in front of it, rather than just the individual data points.

For instance, even if X, Y and Z data points look completely normal on their own, an artificial intuition-based model would identify that, when analyzed together, something just doesn’t add up. The system would flag that. It also automatically identified “drift” in the data. As business operations and market conditions change, so does the data being presented to the system. By automatically identifying these drifts, the system can tune itself to the “new normal”. In this way, it can continuously identify only those cases that are truly suspicious, future-proofing the bank’s defenses and providing effective and efficient detection.

Q: Is it able to decrease alerts and separate the threats from just basic behavioral shifts?

A:Yes. In fact, the pandemic is a great example of this. As a result of COVID-19, banking habits of consumers have changed dramatically. In-person banking is not happening on the scale it did before COVID, cash payments have dropped dramatically (no one wants to touch it for fear of catching the virus), credit and debit card usage has spiked and online and mobile banking have exploded.

These macro changes in consumer behavior are automatically identified as “drift” in the data by the system and the technology relearns the “new normal” across the entire dataset. By understanding these macro changes and accounting for them, the system can continue to produce high quality, low volumes of alerts. Banks are reporting that they have decreased the total number of alerts by 30-40%, with 95% being “investigation worthy,” while simultaneously reducing the overall investigation time per alert by as much as 50%. When you compare this with the spike of 400-600 times more alerts and 90+ percent false positives that banks are experiencing with their current systems, it speaks volumes.

Q: How does your company’s technology work to combat fraud?

A: ThetaRay technology is designed to deliver end-to-end solutions from data integration through alert disposition and reporting. With a combination of market-leading big data technologies, microservices, API based architecture and cloud-ready capabilities the technology can be deployed on-premise or in the cloud. With full-stack detection capabilities, the system can bring together different detection capabilities in a single solutions. The user interface is designed by investigation experts for investigation experts and to provide a high quality, efficient user experience.

Q: Are there limitations?

A:The core technology is based on the human brain and really is limited only by the imagination of those who would use it. The technology runs on standard hardware and big data infrastructure, so it can scale up and scale out as necessary. It is designed to seamlessly integrate with existing systems and can immediately enhance and augment current systems and bring effectiveness through better identification of real results and efficiency through reduction of alert volumes and false positives. Over time, the system could either be integrated into the technology ecosystem at a bank, or it could be transitioned as a replacement of a legacy system.

Q: What does the future look like for financial institutions in your opinion post-pandemic?

A:The pandemic has accelerated a lot of curves. By that I mean the adoption of digital banking, the movement towards a checkless and cashless society, how consumers interact with their financial services providers and the real-time, self-directed approach to banking that younger generations are demanding will continue to fundamentally change the banking industry.

Fintechs that provide bank-like services, are gaining market share and pressuring banks to innovate. I think this is a difficult time for banks as they struggle to adjust and compete in the post-pandemic world. This change was in process well before the pandemic, but it has dramatically accelerated because of it. I think it will be a bit rough for banks over the next few years. With interest rates near zero (in some countries they are negative), profit centers and revenue models will be reevaluated, innovative new products will be developed, services and delivery methods will be created, and in the end, the financial sector will emerge from it better, stronger and more resilient than ever before. I see this period a bit like growing pains. It is going to be hard, even painful for a period of time, but the end result will be worth it.

Q: What is the most important thing a financial institution can do to protect itself against fraud?

A: Forget about the past. Whatever was working before the pandemic will not work anymore. Embrace new ideas, technologies, and methods. Don’t be afraid to innovate. Try new things and “fail fast.” The longer you wait, the worse it will be. Don’t be paralyzed by analysis and inaction. Take a fresh look at problems and be creative in the approach.

Leave a reply

Please enter your comment!
Please enter your name here