Article | April 7, 2020
Umberto Eco once wrote “Everything is repeated, in a circle. History is a master because it teaches us that it doesn't exist. It's the permutations that matter.” In addition to the effects on the supply and demand side, COVID-19 has jolted financial markets across the globe as oil, bond yields, and equity prices fall, and trillions of dollars, across all asset classes seek safety. As we career towards another global financial crisis, which banks have learnt the hard lessons of 2008?
Article | April 7, 2020
Open Banking is all about the customer being in control of their data and funds. It gives them the freedom and flexibility to decide when and with whom to share their valuable information. However, as with all vibrant and progressive ecosystems, speed, security, and ease of use will determine open banking’s future success along with the key issue of trust. Will the end user trust people to share data with them and trust their banks to still protect their data?
PSD2 Open Banking gives Payment Service Users (PSUs) the legal right to share their transactional account data with regulated third party providers (TPPs). For this to be possible, the 6,000+ Financial Institutions providing transactional payment accounts that can be accessed online have to put in place open banking APIs. These APIs give TPPs the access required to either make payments on an account holder’s behalf or view account data and funds, both of which require the account holder’s prior explicit consent. Access can only be denied if a TPP is believed to be unauthorised or fraudulent.
Open banking regulation has given rise to a new group of FinTechs who are seizing the opportunity to create innovative apps and products with the customer at the core of the offering. At the end of 2019, 240 TPPs from across the EEA and UK were regulated to provide open banking services. A year later, this figure had increased to 450 (excluding the thousands of credit institutions that are also able to act in the capacity of TPPs). The near doubling of newly regulated entities demonstrates user demand for the innovative products and services that these organisations are offering – it is now down to trust and security in the ecosystem, along with ease of use, to drive volumes.
The ability for TPPs, many of whom may be unknown to these Financial Institutions, to request immediate access to valuable data and funds presents many challenges and risks – all of which must be addressed without introducing potential friction in the customer journey. The main challenges are knowing if a TPP is who it claims to be and whether it is regulated to provide the services being requested at the time of the transaction request. After all, these are the key factors enabling the bank to trust the TPP and feel confident the end user can trust them. The added difficulty of knowing which markets within the EEA a TPP is authorised to operate in is an additional challenge.
Financial Institutions have long been the trusted guardians of their customers’ data and funds. Although the open banking model means the customer now has ultimate control of their data, it is still primarily the Financial Institution’s responsibility to ensure nothing goes wrong and they are likely to be held liable in any disputes that arise. There is also the very real reputational risk to Financial Institution if something does go wrong.
Checking a TPP’s identity, its current regulated status, and the services it is requesting to perform are essential but not easy tasks to complete in that, firstly, a Financial Institution needs to determine whether a TPP is who it claims to be. This is done by having real-time access to the 70+ Qualified Trust Service Providers (QTSPs) who can issue PSD2 eIDAS certificates. These eIDAS certificates contain the requisite information on a TPP’s identity and are used to secure communications between Financial Institutions and TPPs. They also digitally seal messages, ensuring the integrity of the concept and proof of origin.
However, an eIDAS certificate can have up to a two-year validity period. During this time, changes may have been made to a TPP’s regulatory authorisation status by its Home National Competent Authority (NCA). This introduces significant risk to the Financial Institution’s decision process.
eIDAS certificates also do not contain information on the countries a TPP is authorised to provide their products and services into under passporting rules. This information is held on the TPP’s Home NCA Credit Institution and Payment Service Provider (PSP) registers. Between them, the 31 NCAs maintain over 115 databases and registers. Checking them at the time of a transaction request is paramount to prevent fraudulent TPPs from slipping through the net.
According to the Konsentus Q4 2020 TPP tracker, every country in the EEA had at least 75 TPPs who could provide open banking services. These may not all be Home regulated TPPs. Take, for instance, Germany, who had 35 Home Regulated TPPs in December 2020 but an additional 112 TPPs who could passport in their services. To do the requisite due diligence on all these TPPs would require having online access to all the databases and registers hosted by the NCAs regulating these TPPs. This means connecting to the 31 NCAs and interrogating over 115 separate registers in real-time, in addition to connecting with all the QTSPs who issue PSD2 eIDAS certificates.
When a Financial Institution is presented with an eIDAS certificate by a TPP, if a real-time online connection can be made to all the legal sources of record, the Financial Institution can make an instant informed risk management decision on whether, or not, to give the TPP access. All this can be done behind the scenes without the end user even being aware of what is happening.
As volumes look to dramatically increase over the next few years fraudulent and other sorts of attacks are bound to increase. Financial institutions are going to face increasing challenges around protecting end users’ data, ensuring access is only given to those with the appropriate authorisations and permissions. A very real risk for them is the reputational one; after all, end users may not be that good at separating a reputational issue around open banking from broader issues around their banking relationship.
For Financial Institutions, maintaining trust in their brands is going to be crucial going forward, but the risks are going to increase if they have not locked down who can access end user account data and funds.
Article | April 7, 2020
Fintech has drastically improved the products and the services of the traditional financial services in the past few years. However, even after many financial institutions have readily adopted fintech services, there are still some hidden risks in the aforementioned industry. For instance, the integration of the fintech services in the existing banking solutions raised a severe concern for data security. Also, the rapid growth of digital platforms made the fintech industry and its customers uniquely vulnerable to various breaches in IT security networks.
Article | April 7, 2020
Going far away beyond conventional attack detection, advanced machine learning operations assist organizations to stay one step ahead of financial fraudsters.
We hear tons of stories about account takeovers and hacking also. How can financial institutions detect and mitigate these attacks?
The world of fraud prevention in banking institutions has always been supported by rules. Bankers and their engineers were uniting rules engines on the banking data system to stop or identify common fraud patterns. For quite a while, this was sufficient. But today we are experiencing a change of society, a digital and technological revolution. Following the primary iPhone, and therefore the later mobile internet explosion, people are interconnected all the time, everywhere and for all quite useful. In this digital age, the digitization of means and behaviors forces corporations to revise their business model. As a result, banking institutions are going massively online and digital-first. Both the bank users and customers have unfolded their behaviors with the brand-new means offered by the digital era.
Learn more: https://deck7.io/Women-Leadership-verrency-audrey-blackmon
With the shift towards universal digitalization, perpetrators are finding new weak spots in financial digital applications. Ironically, the technology works both ways: it accommodates firms to supply more reliable customer experience and optimize operations and, at an equivalent time, aids cybercriminals in performing numerous sophisticated unlawful schemes.
According to the Association of Certified Fraud Examiners (ACFE), 30pc of fraud occurrences happened in small businesses, and 60pc of small-business fraud victims did not retrieve any of their losses.
According to Statista, in 2017, the global FDP (fraud detection and prevention) market was calculated to be worth $16.6 billion.
According to McKinsey, worldwide losses from card fraud could be close to $44 billion by 2025.
Financial crimes do not limit crimes like credit card fraud, tax dodging, and elder abuse. In fact, it includes much broader offenses – such as Identity theft, human trafficking, phishing, pharming, drug trafficking, money laundering, and terrorist financing that can have enduring impacts on society.
Fighting financial fraud is difficult because fraudsters frequently change and adapt. The moment you figure out how to identify and prevent one scam, a unique one emerges to take its spot. Identifying, eliminating, and blocking these threats are sensitive points for e-commerce and banking industries. Sincerely, the best technology for combating fraud is one that can evolve and adapt as instantly as the fraudster’s tactics. That’s what makes machine learning (ML) systems ideal to fight fraud and financial crime.
The big problem is that companies think they need to establish rules, policies, and procedures to prevent fraud. But today’s criminals are much more sophisticated and are able to circumvent these business rules. Businesses need to take a more dynamic approach that includes business rules as well as machine learning and AI to learn from evolving criminal behavior and deliver a more sophisticated and effective approach to dealing with financial crimes.
Andrew Simpson, Chief Operating Officer of CaseWare Analytics.
Why use machine learning to combat financial fraud?
Machine Learning knocks down the conventional ways of detecting fraud. It’s quicker, works with extensive amounts of data, and doesn’t rely on human resources. When designed optimally, it absorbs, adapts, and uncovers emerging patterns without the over-adaptation resulting in too many false positives. It’s time for ML to conclusively take center stage in assisting firms to recognize and counter fraud as fast as it’s performed.
How Machine Learning Helps in Fighting Fraud and Financial Crime?
Machine learning can learn normal behavior from training data and recognize abnormal behaviors that indicates money laundering, like, when money is transferred between suspicious geographies, active movement of funds between different accounts, or invoicing number sequences have been falsified. Machine learning is continually learning, and so they can recognize when the pattern of laundering change and adjust rapidly.
Analyzing Huge Amounts of Transaction Data
One of the most powerful features of machine learning algorithms is that they can analyze huge numbers of transaction data and flag suspicious transactions with highly accurate risk scores in real-time. Its algorithms serve 24/7 and process an immense amount of information with the flip of a switch. This risky analytics method recognizes complex patterns that are challenging for analysts to identify; this means banks and financial organizations are far more operationally proficient while detecting more fraud.
The algorithms take various factors into account, including; customer’s location, the device used, and other circumstantial data points to form a detailed picture of every transaction. This strategy improves real-time decisions and protects customers against fraud, all without affecting the user experience.
Thanks to extensive technological development, organizations will frequently rely on machine learning algorithms to determine which transactions are suspicious.
Learn more: https://www.sas.com/en_in/insights/articles/risk-fraud/strategies-fraud-detection.html#/
Supervised and Unsupervised Learning for Detecting Complex Patterns
Machines can be programmed to self-learn in an unsupervised model with ML so that transactions that do not conform to a set pattern are recognized and hence can be actioned upon in right period.
Machine Learning automatizes the extraction of aware and unaware patterns from data. Once it identifies those patterns, it can employ what it learns to new and unseen data. The machine learns and modifies as new outcomes and new patterns are introduced to it via a feedback loop.
In fraud detection, supervised machine learning algorithms can self-learn from targets within the data. While training a supervised model, it's important to present to it both fraudulent and non-fraudulent records that have been labeled as such.
Unsupervised Machine Learning is different. It reveals potentially unusual risks you might not watch for because it works without a target. Instead, it looks for irregularities in the data.
Machine Learning in Fraud Detection
The fraud detection method employing machine learning starts with gathering and segmenting the data. Alongside this, the machine learning model receives training sets that train it to predict the possibility of fraud. Conclusively, it creates a fraud detection model:
Input data- The first step is data input, which differs in Machine learning and humans. Humans strive to comprehend massive amounts of data, such a task is a five-finger play for ML. The more data an ML model eats, the better it can learn and polish its fraud detection abilities.
Extract Features- Extracted features defining good customer behavior and deceitful behavior are added. These features normally include the customer’s location, identity, orders, network, and preferred payment method. Based on the complexity of the fraud detection system, the list of examined features can vary.
Train Algorithm- Further in this process, a training algorithm is launched. In short, this algorithm is a collection of rules that a machine learning model has to pursue when deciding whether an operation is genuine or fraudulent. The more data a business can supply for a training set, the more reliable the ML model will be.
Create Model- After the training is over, an organization receives a fraud detection model acceptable for their business. This model can detect fraud in no time with great accuracy. To be efficient in credit card fraud detection, a machine learning model needs to be continually improved and updated. Eventually, fraudsters will turn up with new bamboozle to game the system unless you keep it updated.
Employing advanced fraud protection and detection systems electrified by ML, multiple industries can keep their finances secured.
Capgemini alleges their ML fraud detection system can lessen fraud investigation time by 70% while boosting accuracy by 90%.
Another ML fraud prevention solution provider, Feedzai, alleges that a well-trained machine learning solution can recognize and prevent 95% of all fraud while reducing the amount of human labor needed during the investigation stage.
Reduction of False Positives
With the level of complicatedness in today’s financial infrastructures, the term ‘false positive’ has become nearly correlated with the industry’s efforts to fight fraud. One of the banking’s most significant challenges is to minimize the number of false positives being generated, thereby saving time, money, and bypassing needlessly frustrating customers.
AI and machine learning play a significant role in this area. Because they are proficient in examining a much more comprehensive set of data points, connections between entities and fraud patterns – including fraud scenarios not yet known to fraud analysts – the predominance of false positives can be extremely reduced.
Bringing it all Together
Multinationals like Airbnb, Yelp, and Jet.com are already employing AI solutions to get insights from big data and counter issues such as fake accounts, account takeover, payment fraud, and promotion abuse. Machine learning entertains all the messy work of data analysis and predictive analytics and empowers companies to grow and develop secure from financial fraud and crime.
As mentioned, machine learning can be very convenient when it comes to fighting cybercrimes. ML prevents critical attacks on users’ and companies’ finances. It’s a quick, up-to-date, and cost-effective method to shield customers and the company’s data.