View
379
Download
5
Category
Preview:
Citation preview
•Fraud and Breach Prevention Summit Miami
Anand Sureka | Guardian Analytics
Behavioral Analytics for Preventing
Fraud Today and Tomorrow
•April 12-13, 2016 – Miami, FL
Fraud & Breach Prevention Summit Chicago #ISMGSummits2
About the Speaker
Anand Sureka
Senior Solutions Engineer, Guardian Analytics
Anand Sureka is a Senior Solutions Engineer at Guardian Analytics. He has spent over a
decade working with banks to develop and integrate software solutions into online banking
and payment services, including fraud detection, personal financial management, bill pay,
ACH transfers and credit card payment services. Prior to joining Guardian Analytics, Anand
was a principle consultant for the professional services team at Envestnet-Yodlee.
Fraud & Breach Prevention Summit Chicago #ISMGSummits3
•Fraud and Breach Prevention Summit Miami
Behavioral Analytics - Preventing
Fraud Today
•April 12-13, 2016 – Miami, FL
Anand Sureka
Fraud & Breach Prevention Summit Chicago #ISMGSummits4
Banks Facing Unprecedented Trust Issue
Demise in trust
Legacy and silo approaches failing - increase in fraud
Can’t hold back -competitive pressure forcing innovation
New approach is needed
Trust
Competitive
pressures
Third party providers
Competitive Banks
Speed
Convenience
Simplicity
Products/Services
Customer experience
Operational Costs
Data breaches
• Malware
Social engineering
Single channel
Cross-channel
Customer Access
Customer Data
Fraud & Breach Prevention Summit Chicago #ISMGSummits5
New Requirements for Fraud Prevention
Support
payment /channel
innovation
Improve
customer
experience
Increase
operational
efficiency
Address
modern
fraud
Fraud & Breach Prevention Summit Chicago #ISMGSummits6
Meeting The New Requirements
Identity
Threat specific
Payment/channel slice
Behavior
Threat agnostic
Holistic view
Legacy Modern
Rules/scenarios Analytics
Fraud & Breach Prevention Summit Chicago #ISMGSummits7
Success Starts With Broad View of Behavior
OOBAChannelDelete
OOBAChannelEdit
PasswordChange
UserCreate
UserDelete
UserEdit
UserEnrollmentCreate
UserEnrollmentDelete
UserEnrollmentEdit
UserView
Informational
CheckImageView
AccountCreate
AccountDelete
AccountEdit
AlertCreate
AlertDelete
AlertEdit
ExternalAccountLink
InternalAccountLink
MFAOptionsChange
RemoteDepositCapture
ReportView
OOBAChannelCreate
WireTemplateApprove
WireTemplateCreate
WireTemplateDelete
WireTemplateEdit
WireTemplateSubmit
WireTemplateApprove
WireTemplateCreate
WireTemplateDelete
WireTemplateEdit
WireTemplateSubmit
HTTPAcceptEncoding
HTTPAcceptLanguage
HTTPClientIP
HTTPCookie
HTTPForwarded
HTTPForwardedFor
HTTPHost
HTTPLocation
HTTPProxy
HTTPReferer
HTTPRequestURI
BrowserPlugins
Cookie
CookiesEnabled
DeviceID
FontList
JavaEnabled
LanguageBrowser
LanguageSystem
LanguageUser
Latitude
Longitude
Direction
ToAccount
ToAccountType
FromAccounType
AmountinUSDollars
Status
StatusReason
RecurringPayment
ReceivingBankID
ReceivingBankName
Recipient
OtherInstructions
DestinationType
ACHParticipantDelete
ACHParticipantEdit
ACHParticipantSubmit
ACHTemplateApprove
ACHTemplateCreate
ACHTemplateDelete
ACHTemplateEdit
ACHTemplateSubmit
ACHParticipantApprove
ACHParticipantCreate
WireApprove
WireCreate
WireDelete
WireEdit
WireSubmit
WireEvent
BillPayApprove
BillPayCreate
BillPayDelete
BillPayEdit
BillPaySubmit
ACHBatchApprove
ACHBatchCreate
ACHBatchDelete
ACHBatchEdit
ACHBatchSubmit
ACHCreditEntry
ACHDebitEntry
TransferApprove
TransferCreate
TransferDelete
TransferEdit
TransferSubmit
MFA Challenge
Login
UTCTimestamp
SingleSignOn
Logout
DeviceRegistered
Channel
Company ID
ASNs
Network attributes
HTTPVia
HTTPXClusterClientIP
HTTPXForwarded
HTTPXForwardedFor
HTTPXTrusteerRapport
ImmutableCompanyID
ImmutableUserID
IPAddress
IPv6Address
SessionID
SignOnID
OSPlatform
ScreenResolution
TimeZoneOffset
UserAgentString
UserAgentStringDOM
Phone Number
GPS events
Wifi/Bluetooth/NFC
Hardware
HTTPAccept
HTTPAcceptCharsets
PayeeApprove
PayeeCreate
PayeeDelete
PayeeEdit
PayeeSubmit
TransferTemplateApprove
TransferTemplateCreate
TransferTemplateDelete
TransferTemplateEdit
TransferTemplateSubmit
Login/Access
Account Activity
Transactions
Fraud & Breach Prevention Summit Chicago #ISMGSummits8
Real-time Behavior-based Risk Scoring
Login/Access
Account Activity
Transactions
Risk score every event
Each event updates risk
LL
ML
H
Rule
Rule
Behavioral Analytics•Individual •Population
•
Risk Data
Machine Learning
Fraud & Breach Prevention Summit Chicago #ISMGSummits9
Risk-based Intervention
Login/Access
Account Activity
Transactions
Risk score every event
Each event updates risk
LL
ML
H
Rule
Rule
•Behavioral Analytics•Individual •Population
•
Risk Data
Rules-driven interdiction
Risk-driven interdiction
Policies drive interdiction actions(for any risk score)
Fraud & Breach Prevention Summit Chicago #ISMGSummits10 •1
0
Guardian Analytics Protects
Fraud & Breach Prevention Summit Chicago #ISMGSummits11
Partnership with The Norman Group
“To stay competitive, financial institutions need to
continually enhance their customer-facing products and
back-end technology platforms, and in parallel, rapidly
advance their capabilities to protect offerings and
channels. We are excited to combine our technical and
project management expertise in conjunction with
Guardian Analytics Omni-Channel Fraud Prevention
solutions to help financial institutions maintain a strong
pace of innovation without increasing their fraud risk.”
- Rob Grzeszczak, President and Managing Director
Fraud & Breach Prevention Summit Chicago #ISMGSummits12
Use Case #1 – Reducing Challenges for Large
Commercial Bank
Domestic Cash Movement Application
Global Cash Movement Application
Wire Processing
System
ACH Processing
System
Client
Business Banking
Private Banking
Wealth Management
Performance Analysis/Risk Mgmt
Market Investment/ Fund Mgmt
External Deposit Services
Foreign Exchange
Benefits Management
Benefits Participant
Retail Banking
Business BankingCentral Authentication
•Guardian Analytics Online Behavioral Analytics
Risk scores
drive stepped up
authentication
Fraud & Breach Prevention Summit Chicago #ISMGSummits13
Use Case #2 – ACH, Same Day ACH
• NACHA files transmitted or uploaded
• Files processed upon receipt
• Alerts published within minutes
ODFI
$$ to customer
Guardian Analytics ACH Behavioral Analytics
ACH Batch
Risk scores
ACH Batch
Risk scores
ACH Batch
Risk scores
Fraud & Breach Prevention Summit Chicago #ISMGSummits14
Use Case #3 – Wire Fraud
Detection Rates
Alert Volumes
Low
Low
High
High
Trust too little
Know when to trustKnow when NOT to trust
Trust too much
Over $100KAnd internationalAnd new recipient
Over $100KOr internationalOr new recipient
The Wire Fraud Challenge
Fraud & Breach Prevention Summit Chicago #ISMGSummits15
Analytics Innovations to Raise and Lower Trust
Learn each individual originator behavior over time to determine risk
Learn new recipient ratio, typical
beneficiary patterns (i.e. keeps false positives for title companies down)
Look to see if we can raise or lower trust of a
beneficiary
If multiple wires to same “bene”
spread out, can raise trust
If many in rapid
succession, less trust
worthyUse what we’ve
learned from other fraud
Mule
Match in mule db?
Recipient
Originator
Fraud & Breach Prevention Summit Chicago #ISMGSummits16
Putting It All Together
Would beneficiary be expected?
(new beneficiary ratio, beneficiary and FI
location/region)
Are the originator’s wire actions normal?
(timing, velocity, type, accounts, direction, use of
instructions, content of instructions)
Are the wires typical?
(type, amount)
Originator Model
Wire Behavioral Analytics
Cross-institution risk data(Network effect)
Beneficiary Model
Is this a high or low risk beneficiary?
(beneficiary history with other originators, name/
account number match, suspected mule)
Self learningNo rules to write
Not threat specificAdapts to new threat
Automatic updates to analytics
100+ attributes from wire system
Fraud & Breach Prevention Summit Chicago #ISMGSummits17
Approach Highly Effective With BEC
New beneficiaries common (40%
of wires to new beneficiaries)
BEC beneficiary FIs vary (domestic,
international, banks, credit unions)
Spoofed CEO email
Spoofed supplier email
Legitimate user
(CFO or controller)
•Online
•Fax
•Branch
•Criminal beneficiary
• or mule
Criminals do their
homework on their
targets and prey on
urgency, sense of
duty and importance
Legitimate user logs into
online banking or
requests the wire
(legacy ATO detection
methods don’t work)
BEC amounts
within typical
range of client
wires
Fraud & Breach Prevention Summit Chicago #ISMGSummits18
Behavioral Analytics Detects Account Takeover and Business Email Compromise
Spoofed CEO email
Spoofed supplier email
Legitimate user
(CFO or
controller)
•Online
•Fax
•Branch
•Wire transfer
Amount
Expected OBI use
Velocity
Beneficiary
Beneficiary FI
Beneficiary Location
Name/account number changes and
match
Individual and
Bank Population Originator ModelsCross-originator
Beneficiary Models
Guardian Analytics uses originator, population and cross-originator beneficiary models to accurately detect fraud with low alert volume; no rules or
scenarios to define
Criminal can spoof
email sender, content
language, style, wire
amounts
But they cannot
spoof how an
originator sends a
wire
Fraud & Breach Prevention Summit Chicago #ISMGSummits19
Recent Successes
Fraud prevented$19M in last two months
(primarily BEC, have not missed fraud)
Efficiency gainsBank reduced reviews to only
high risk wires (50-100 wires/day)
Client experienceReduced callbacks
Reduction in alerts has freed time to discuss possible BEC with
clients in more detail
Bank with ~4,000 wires per day
Fraud prevented$500K in last six months
(BEC and ATO, have not missed any fraud)
Efficiency gainsReduced reviews 70%
(75/day)
Increased wire risk management coverage 400%
Client experienceFaster processingFewer callbacks
(1-5/day)
Bank with nearly 2,000 wires per day
Fraud & Breach Prevention Summit Chicago #ISMGSummits20
Behavioral Analytics In The
FutureAnand Sureka
Fraud & Breach Prevention Summit Chicago #ISMGSummits21
Meeting The New Requirements
Identity
Threat specific
Payment/channel slice
Behavior
Threat agnostic
Holistic view
Behavior + context
Threat agnostic
Omni-channel
Legacy Modern Next-Generation
Rules/scenarios Analytics Analytics
Fraud & Breach Prevention Summit Chicago #ISMGSummits22
Unified Omni-channel Fraud Prevention
•Channels
•Payments
•ATM
•Contact Center
•POS
•Branch
•Online
•Mobile
•Bill Pay
•Debit
•Wire
•ACH
•P2P
C
u
s
t
o
m
e
r
s
a
r
Fraud & Breach Prevention Summit Chicago #ISMGSummits23
Unified Omni-channel Fraud Prevention
Channels
Payments
•ATM
•Contact Center
•POS
•Branch
•Online
•Mobile
•Bill Pay
•Debit
•Wire
•ACH
•P2P
Fraud prevention should be omni-channel, too
Enterprise API
Omni-Channel
Risk Engine
Omni-Channel
Visual Analytics
Payments Channels Devices Locations Risk Data
Fraud & Breach Prevention Summit Chicago #ISMGSummits24
New Requirements for Fraud Prevention
Support
payment /channel
innovation
Improve
customer
experience
Increase
operational
efficiency
Address
modern
fraud
Questions?
Follow Guardian Analytics
Thank You for Attending!
Recommended