IBM RegTech Innovations

How do you solve a $48 billion payment fraud problem?

Share this post:

According to recent information from Juniper Research, online payment fraud losses from e-commerce, airline ticketing, and money transfer and banking services are expected to reach $48 billion by 2023, more than double the $22 billion in losses estimated for 2018.

There’s been a wave of data breaches, now what?

The wave of data breaches in the past 24 months has flooded the market with personal information that criminals are using to steal money. They employ a variety of techniques including account takeover, where a criminal uses malware, social engineering or other means to gain access to a legitimate customer account. Also, we’re seeing new account fraud happening, where a criminal creates an account using a stolen or synthetic identity for the purpose of not paying back the financial institution.

New, faster, digital payments create new criminal opportunities

With the global rise in instant payment schemes, specifically new P2P payments methods, Juniper Research forecasts fraud losses for money transfers increasing by over 20% per annum to $10 billion in 2023. As new products are offered through more channels with increasing speed, criminals exploit financial institutions’ lack of visibility across interaction channels and payment types. These “cross-channel” fraud attacks are typically account takeovers, where the criminal is not the customer. In addition, the lack of historical data for these new products makes new schemes harder to spot, and increases the pressure to innovate new products while maintaining adequate security, heightens the importance of defenses that adapt quickly.

Synthetic identities and new account fraud

Criminals increasingly put together fragments of real data together to create new, “synthetic” identities. In fact, synthetic identity fraud has become a “predominant tactic for fraudsters” according to credit reporting agency Equifax. Synthetic customers will build credit for months or even years, appearing to be legitimate. This established credit will then be used to take in or send out money to others, typically leading to a “bust out” in the network where a party defaults on a payment and/or disappears. Such activity is often difficult to distinguish from bad debt until well after the fact.

Financial institutions faced with need to adapt faster

Faster payments and new products and disintermediation put pressure on the old tradeoff between convenience and security. Traditional fraud solutions built over the past 20 years are designed to spot trends in historical data. These can be tricky to adapt to new data inputs and new fraud schemes, so are typically augmented with rules written by humans in the short term, while waiting for models to be updated over weeks or months.

According to an IBM Institute for Business Value (IBV) study of 500 bank C-level executives, many legacy fraud systems are perceived as hard to adapt to new, faster and changing cross-channel threats. 81% of respondents said it takes more than four weeks to discover a new pattern, then another four weeks to adjust the scoring engines.

Need to adopt a more holistic approach to fraud and cybersecurity risk

In this changing ecosystem, it is hard to see threats looking at only one slice of a customer’s activity. Profiling behavior across channels and rapidly adapting the profile variables, rules and models using the complete picture of the customer are critical to remaining effective and efficient. The Financial Crimes Enforcement Network (FINCEN), who oversees financial crime in the US, has emphasized the importance of combining fraud, cybersecurity and AML:

“Financial institutions can play an important role in identifying, preventing, and reporting fraud schemes by promoting greater collaboration and collaboration among their internal anti-money laundering (AML), business, fraud prevention, and cybersecurity units.”

The IBM IBV study of 500 financial services executives “The most effective banks have realized the interrelationships among cybersecurity, counter fraud, and Anti-Money Laundering, and are beginning to consolidate related operations, technology, and information.” 53% of these executives ranked the top security need as the ability to link criminal activities across divisions and product channels. 

Making it easy to adapt on demand: integrate any new source, try new predictors, use new models

At IBM, we have married cognitive technology, data from different sources, and a user-friendly approach to protect some of the largest payments portfolios in the world. Through a combination of IBM Safer Payments, our cross-channel, behavioral-based fraud prevention solution, and IBM Trusteer, our digital identity and new account fraud platform, we provide a full set of functions to detect cyber and fraud patterns involving any payment type across both online and offline channels throughout the entire customer lifecycle.

Please join me at Think 2019 to discuss the cycle of crime connecting the theft of personal data to the theft and laundering of money in “Cybersecurity and Fraud Protection: Two Sides of the Same Coin.” You’ll hear how criminals think… and how financial institutions and fintechs can outflank them.

More IBM RegTech Innovations stories

Why shell companies are so risky (and hard to spot)

Shell companies and the hidden threat of entity risk While not inherently illegal, shell companies have been getting a lot attention recently for the role they play in illegal activity. This makes sense, as two of the legitimate uses of shell companies are the ability to shield owners from litigation and as a vehicle for […]

Continue reading

Why QIIB trusts IBM Safer Payments for cross-channel fraud prevention

Fraud prevention is about who you can trust. For financial institutions, it’s about understanding the relative risk of a customer, a merchant and/or a transaction, as well as hundreds of different factors including location, amount, device, etc. But for customers, both actual fraud attacks as well as incorrectly blocked legitimate transactions represent a breach of […]

Continue reading