The continued proliferation of digital technologies and the ongoing shift to online channels have heralded a new age of financial crime, one marked by undefined geographies and increased sophistication of attacks.
In light of this new reality, professionals in the financial crime space need to start operating under an innovation imperative, top risk and security specialists representing Standard Chartered, paytech unicorn Nium and fraud prevention firm GBG said during a recent Fintech Fireside Asia virtual panel discussion.
“We are in an era with very smart technology. This is an enabler for fraudsters to increase the level of sophistication that they are putting into devising their schemes,” Dev Dhiman, Managing Director of GBG’s Asia-Pacific (APAC) said.
“Obviously, there are more and more personal data out there, and more and more digital channels that are being opened up, which are increasing the prevalence of opportunities for fraudsters to defraud.
“In very short span of time, the level of sophistication has skyrocketed. This will continue skyrocketing and will get more and more challenging [for financial institutions].”
At Nium, the number of attempted attacks and the types of attacks have significantly increased over the past year. In 2020, the company recorded a little over 1,000 attacks, a number that was reached in just the first six months of 2021, said Raj Viswanathan, Chief Information Security Officer of Nium.
More sophisticated attacks
Attacks are also getting more sophisticated, Raj said, noting that criminals are now leveraging artificial intelligence (AI) and machine learning (ML) to mechanically gather and process large amounts of data for use in automated attacks, making it thus easier to scale up their operations.
In addition, AI allows them to make phishing attacks more convincing through well-worded emails that realistically mimic real people and organizations.
“Attacks are being augmented by technology,” Raj said. “Just like we are augmenting our controls with technology, so are the fraudsters.
“We need to look at each of our foundation controls and see how we can make it better and where we can use innovative technologies, not to replace the human element but to augment the human element … For example, [using] ML and AI to augment fraud rules so that it provides better actionable intelligence to the human element. That’s where we need to continue to innovate.”
To effectively fight fraud and minimize customer impact, notably when it comes to convenience and friction, it’s necessary to utilize data and customize approaches at the individual level.
“It all comes down to profiling customers,” said Victor Apps, Head of Fraud Risk at Standard Chartered in Hong Kong. “You need to be looking at how a particular customer is engaging with your bank to perform transactions and see if that’s in line with their previous behaviors.
“I’m impressed by the growing sophistication amongst fraudsters … [also] there is an increasingly professional aspect behind it which makes our job harder … because we still need to do the old stuff but also try to keep up with what is a rapidly developing rogue space.”
Criminals are innovating at a fast pace and banks are struggling to keep up, Victor said. The reason for that is the red tape and costs associated with installing new surveillance systems and fraud controls.
“Setting up a new data surveillance system requires a lot of investment. You need the budget and give two years for that,” Victor said. “We’re also heavily regulated so we have to … jump over those hurdles. We do have tools and good people, but [criminals] evolve faster and we are still struggling to catch up.”
Increased collaboration and data sharing between stakeholders can lead to better policing of financial crime and early detection of fraud, Victor said, especially considering that fraudsters have no problem working on a global scale.
In Malaysia, GBG operates the IDGuard service with its partner CTOS Data Systems, the country’s largest credit reporting agency.
CTOS IDGuard is a collaborative platform to combat application fraud that has onboarded banks including Maybank, RHB, CIMB, Alliance Bank and Ambank. The platform is powered by GBG’s fraud detention engine, and is able to provide real-time automated alerts on potentially suspicious loan applications.
Between July 2020 and March 2021, CTOS IDGuard successfully identified and prevented potential fraud losses of up to MYR 50 million (US$12 million) in fraudulent applications including personal loans, cards, auto-financing, mortgages and small and medium-sized enterprises (SMEs) loans, demonstrating how information sharing can help financial institutions mitigate risk, Dev said.
Singapore is also preparing a data sharing platform to tackle money laundering. The platform, called Collaborative Sharing of ML/TF Information & Cases (Cosmic), will enable financial institutions to share information on customers or transactions, where they cross material risk thresholds. Cosmic will also enable information to be shared in a structured format that allows integration with data analytics tools.
The Monetary Authority of Singapore (MAS) is working with six major commercial banks on the platform, namely DBS, OCBC, UOB, SCB, Citibank and HSBC.
Scheduled to launch in H1 2023, Cosmic will initially focus on three key financial crime risks in commercial banking: abuse of shell companies, misuse of trade finance for illicit purposes, and proliferation financing.