The New Generation of Fraud Management Technology: A True Enterprise Wide Approach
Current Trends in Fraud & Financial Crime Laura Hutton – Director of Banking Solutions, SAS
Fraud is a global problem
Organisations are faced with tough challenges to focus on reducing losses AND ensure a smooth customer journey AND take effective, timely action.
“Cyber thieves have cost US companies and their banks more than $15 billion in the past five years, the FDIC found in a recent study.” Financial Times, 2012
“Tax evasion losses are estimated at $3.1 trillion for 145 countries in the world which represent 98% of the world GDP between them.” The Tax Justice Network
HSBC to pay $1.9bn in US money laundering penalties
Standard Chartered to pay $340m settlement over Iran investigation
RBS and HSBC among banks fined £2.6bn for forex rigging
BNP Paribas to pay $9bn to settle sanctions violations
VAT fraud costing Europe €€50bn a yearCarousel scam escalates out of control as governments are accused of denial
Global trade in phantom cargoes swindles banks of £500m
Today’s frauds are
• Increasingly sophisticated
• Higher velocity/faster
• Cross industry
• Multi channel
• Advanced technologies
• Social with pressures on staff
Current fraud systems are not
good at finding fraudsters
• Siloed by line of business - no sharing of data
• Act on event or customer
• Rules and predictive models alone have limitations
• Few proactive steps taken to combat cross channel fraud
• Evidence insufficient to act upon
• Investigation time consuming
Internal Fraud - Laura Hutton, SAS
Online Fraud – Patrick Risch, ACFE
Application Fraud – Zoltan Zsolt, OTP Bank
Creating an Optimal Fraud Solution
Internal Fraud
Safeguarding your reputation from internal risks
Why is insider fraud so hard to spot ?
75% of all major fraud cases involved insidersKPMG Australia 2012 survey
Statistics
75%
Today’s schemes areFinancial losses Reputational Damage
Motivation
Pressure
PressureThe motivation, e.g. debt problems, external pressures from crime groups
OpportunityThe means
RationalisationA cognitive process Justifies the crime
How to rob a bank
The perfect heist requires:
• Advanced safe cracking
• Mountain climbing
• Kung Fu
• Computer hacking
• CCTV hacking …
Or …
Get a job at the bank …
… or better still
Get to know someone who has a job at the bank
Insider fraud is the low risk, high
reward crime of choice for modern
organised criminals
How do you define internal ‘fraud’?
Favouring applications
from a friend
Stealing money from a dormant customer account
Searching the account
of a favourite
team
Giving themselves
credit to cover debts
Searching for
information of use to a competitor
How to detect fraudulent staff –a 3-step programme
Step 1
Train your staff to spot the signs of social engineering and Organised Crime recruitment.
Step 2
Recognise that none of your external fraud detection systems are likely to find an insider –they already have the keys to the safe!
Step 3
Adopt a holistic “defence in depth” approach to the problem.
Identify data sources that will enable you to distinguish staff behaviour.
Make better use of your data
Network
Entity
Event
Understand the risks
Theft from customers
Credit abuse
Breaches of policy
Money laundering
Data theft
Procurement fraud
Expenses & Payroll
Trading fraud
Hybrid analytics
Visual scenario configuration
Ad-hoc, in memory reporting and exploration
Concise and efficient investigation
Visualise – empower the business user
Fixing Fraud How to detect staff behaving badly
"Security and fraud risk exposure is increasing as organizations are
threatened at multiple points of vulnerability.
Companies are re-evaluating how they tackle security since a
fragmented approach is consistently leaving organizations at
greater risk of attack. A more holistic approach to security ensures
all layers of protection function together.“
Avivah Litan, VP Gartner
Protection across the enterprise
Protection across the enterprise
Application Fraud
A world of opportunity – or a perilous journey?
Online Fraud
Potential projected global fraud losses related to occupational fraud are more than $3.5 trillion USD.
ACFE 2012 Report to the Nations
“Cyberthieves have cost US companies and their banks more than $15 billion in the past five years, the FDIC found in a recent study.”
Financial Times, 2012
Estimated global financial crime IT spending will grow to $4.3 billion USD by 2013.
Chartis Research
Online Banking Fraud increases by 71% in the first 6 months 2014
UK Payments
A growing threat
Modus operandi are changing quickly
… or….
All within 30 min
Real-life example
Points of vulnerability for online fraud
Point of exit
• New beneficiaries
• Velocity of transactions
• Suspicious session activity
Create alerts!
Point of compromise
Score incoming transactions for:
• Anomalous behaviour
• Change of details
• Drain of funds from savings
account (me2me transfers)
Customer behaviour
Score customers over their lifetimes for:
• Possible mule accounts
• Victim propensity
• Appearance on a watch-list
• Unusual behaviour
OPEN BOX SOLUTION COVERING ALL AREAS
Real time meets offline
Back-end analytics
Transaction DataCustomer DataThird-Party DataSession Data
Advanced Analytics
Social Network Analytics
Data ingest, link and enhance
Rules
Anomaly detection
SAS Hybrid Approach
Event Stream Processing (ESP)
Online Transaction
SAS Fraud Framework (SFF)
Enterprise Case Management (ECM)
SAS Fraud ModelsSAS Fraud Rules
Protecting Your Customer Against FraudPatrick Risch, ACFE
Application FraudZoltan Zsolt, OTP Bank
The New Generation of Fraud Management Technology: A True Enterprise Wide Approach