The pace of technological innovation has fundamentally shifted the way that businesses and banks store, manage and share their data over the last decade. From the rise of internet banking to mobile apps and cloud storage, nowadays, data is dispersed across networks and devices rather than centralised. Cyber fraud has been evolving alongside too, with attacks growing in sophistication and scope, making securing payments and preventing fraud a top priority.
The Bangladeshi bank heist of 2016 is an example of what can happen when organisations don’t keep up with technological change. Hackers were able to gain access, using the Bank’s gateway, to SWIFT, the closed computer network used by many banks around the world, which processes around 30 million communications and transactions a day. Once inside, the hackers were able to reroute approximately $81 million. Valued as a largely unseen and always effective part of the global banking process, the attack on SWIFT raised serious integrity issues about the security of its members and the network.
Philippe Fleury, Partner of Financial Services at KPMG states that the challenges to Swiss banks is generally no different to those in other countries as to how banks identify, assess and address fraud risk – and the critical role played by their fraud operating model.
Cyber-attacks are lasting longer, and fraud is increasingly going unnoticed until it is too late. The traditional methods of preventing fraud that companies and banks have relied on up until now are not evolving fast enough to keep up.
There are several key areas where cyber fraud prevention needs to be improved to not only meet the challenges of today but also create a solid foundation to meet the challenges of the future.
Time to Get Proactive
According to KMPG’s 2019 Global Banking Fraud Survey, 60% of the companies surveyed reported an increase in fraud volume and 50% had experienced a rise in fraud value. Once affected by fraud, the consequences are often severe. 50% of surveyed companies have managed to recover less than a quarter of their fraud losses. It takes financial institutions an average of 6-8 months to discover a malicious event, rising to 259 days if the attacker is an insider.
Clearly, current methods are too slow to be effective.
In an age of real-time payments and data transfer, the methods that have been effective up until now are simply too reactive. Most organisations rely on reviewing changes in embedded systems daily instead of tracking transactions and user behaviour in real-time. Fast-moving threats need agile solutions. Increasingly, we see banks and businesses implement proactive measures to try and prevent fraud and reputational damage before it happens or to minimise its impact. This is why solutions like ours, which stay up to date and evolve to address threats as they change, are proving popular.
The Need for Visibility
This kind of proactivity has to be underpinned by visibility. If organisations can’t monitor and track data, they won’t be able to put in place the kind of real-time alert system they need to act quickly. Trying to gather, corroborate and make sense of siloed and low-quality data does not facilitate quick review and effective decisions. Additionally, there is complexity surrounding the digitisation of internal processes and customer interactions, which has multiplied the number of touchpoints and potential vulnerabilities.
A large part of fraud detection is spotting small abnormalities in data and user behaviour. Without adequate oversight and data management, this task is much more difficult. A common issue that we see a lot of financial institutions and corporates running into is the integration between legacy systems and modern applications. The loopholes and weak spots this can create are the first port of call for many hackers.
Banks and businesses need to track transaction and user behaviour across all channels. This is no longer something to aim for; it is a prerequisite of payment security and fraud prevention.
Working Effectively, Working Safely
Hackers excel at exploiting the gaps between internal processes and systems, and many organisations may not know the full extent of their vulnerabilities. Again, effectively combating fraud comes down to visibility, but this time the focus is internal. Comprehensive risk assessment and management is a lot harder if organisations don’t fully understand how the different parts of their businesses work together.
For example, when dealing with payments, it is essential to make sure that both the initiation process and actual transaction are equally secure. Real-time payment processing poses a challenge for banks as trying to make the customer experience as seamless as possible can often mean less time for scrutinising transactions. This transaction speed can also make recovery difficult as funds may have gone through multiple accounts and offshore in a few minutes.
If all parts of an organisation aren’t working together in harmony, fraud prevention solutions won’t be as effective. An example of this would be a system producing a high number of false positives, or entries wrongly accused of fraud. As well as being a sign that a fraud prevention system isn’t as accurate as it should be, a high number of false positives can divert resources and manpower away from areas they are needed.
Machine learning analytics and intelligent payment solutions are helping to make sure every part of an organisation’s process is insulated, and that potential vulnerabilities are identified. They help to minimise manual input and make internal processes more connected, but there are further ways that banks and corporates can drive efficiencies. One area that we support many organisations with is improving their case management, assisting them to work more efficiently and enhance product functionality. Bottomline’s solution doesn’t require a change to organisational infrastructure, so it integrates with minimal disruption.
Building a Solid Foundation
Cyber fraud is not a problem that is going to go away on its own. Rather, it is a challenge that will continue to grow in sophistication over time. Companies and banks need to make sure that they are utilising solutions that not only balance tight security with compliance but also have the flexibility to adapt to face new challenges.
For any organisation looking to strengthen their cyber and payment fraud protection, here are some of our key action points:
- Your first step should be testing all the systems you rely on, both internal and external, to find vulnerabilities
- Put in place regular reviews of these systems – preventing fraud is more than a tick box exercise, it is an ongoing commitment
- Make sure your software is updated or use a cloud-based system – solution providers spend much money ensuring their software and services are secure, so make sure you take full advantage
- Try and ensure that all key customer and supplier information is up to date – this will make it easier to spot any unusual behaviour or payment requests
- Get your employees talking and thinking about fraud – an educated and engaged workforce is one of the best assets for combating fraud
- As more countries implement Open Banking, banks must enhance their ability to analyse big data within this environment and navigate through Application Program Interfaces (APIs)
The world of payment fraud is a complex one and keeping up with all the latest trends, developments and techniques is a full-time job. Our extensive global customer base across a range of industries gives us insights and experience into the threats organisations face. Our solutions fit into your working practices and evolve with you over time.
Fraud is a continually shifting threat, and the uncertainty it creates for financial institutions and corporates can be unnerving for decision-makers. As well as our technical expertise and multi-industry insight, we look to give our clients the confidence they need to operate at their best. No matter how the fraud landscape changes, you can be sure we will be one step ahead of those looking to exploit organisations of all sizes and across all industries.
For further insights into the securing payments and preventing fraud, subscribe now and stay up-to-date on the latest tips, trends, and topics. You can also check out The Payments Podcast, where experts weigh-in on real-time factors impacting the payments industry.