How Asian banks are fighting fraud with big data and analytics (Part 1)

Revenue and reputation are at stake.

Banks are scrambling to set up advanced systems in the hopes of thwarting, detecting and reducing the damage of fraudulent activities.

Earlier this year, when hackers stole $81 million from the Bangladesh Bank by breaching its systems and also fooling the Federal Reserve Bank of New York, Asian banks unmasked one of its scariest enemies: Financial fraud.

“There’s one recurring characteristic for bank robberies of modern days – they’re shifting from the physical realm to the cyber environment, where a huge amount of information resides,” says Alex Tay, director, identity and data protection, ASEAN region at Gemalto.

“As a hacker, if you’re adroit enough, you can manipulate computer algorithms or software to conduct illegitimate money transactions,” he adds.
While the Bangladesh Bank heist filled headlines, there are numerous smaller attempts at online and mobile fraud that Asian banks are grappling with on a daily basis.

Tay cites the Nilson Report 2015 which reveals that in Asia-pacific, card-not-present (CNP) fraud, including online and mobile transactions, accounted for more than 70% of all fraud-induced losses in that year due to rapid growth in CNP sales.

Fraud is a growing concern for Asian banks as they stand to lose a lot of money from and the trust of customers, which many banks have painstakingly built over decades.

“With the banking industry rapidly pacing towards digitalization, banks are increasingly facing the issue of fraud that is not only resulting in revenue loss but also causing reputational damages to the financial institutions,” says Stanimira Koleva, chief operating officer, Asia Pacific & Japan at Software AG.

“In the day-to-day scenarios, banks usually have only few seconds to detect and stop potential fraudulent transactions. Having to process millions of customer transactions daily, banks in Asia are facing a major challenge of detecting fraud across multiple channels,” adds Koleva.

Mounting complexity and volume
Asian banks are finding it harder to cope with fraud because the data they are handling have become increasingly more complex and unstructured, says Tai Thanh Vo, practice manager, professional services at Asia ACL.

“The traditional techniques of using sampling methodology, periodic reviews or excel-based analysis are no longer sufficient to keep up with the sheer amount data that reside in multiple systems and across various locations,” says Vo.

Many Asian banks continue to employ these traditional techniques of fraud prevention and detection, but Vo insists that they cannot produce the real-time information that customers need and demand. Nor can they provide sufficient coverage or assurance of material risk areas and processes to regulators and other stakeholders. This is where real-time analytics and systems focusing on big data can step in to do the critical work that traditional techniques simply cannot.

“The huge amount of data requires an automated approach that enables organisations to analyse, continuously monitor, timely report potential fraud issues for further investigation,” says Vo.

“The value of data analytics in helping organisations to rationalise and simplify ‘big data’ into bite-size and useful information, for instance, in the form of early warnings, risk indicators, risk scorecards and other fraud detection mechanisms,” adds Vo.

Real-time big data and analytics
Tay argues that big data is an irreversible trend in modern enterprises, with Asian banks in particular generating a huge amount of data, so he says it is their duty to find ways on how to “make sense of such data, manage them, and protect them from ill-intentioned individuals who wish to steal them.”

For Andrew Davies, vice president, global market strategy, financial & risk management solutions at Fiserv, Asian banks should focus on customer payment data because it can be hotbed of crucial information about ongoing and impending fraud.

“Customer payment data is vital when it comes to detecting fraud patterns, including the frequency of transactions, time of day, velocity and size of the payments typically made, as well as through which payment channels the customer is routing payments,” says Davies.

“If a particular transaction falls outside what is deemed a normal behaviour pattern, alerts can be generated and forwarded to fraud analysts in real-time for further investigation,” says Davies.

It is also unavoidable for Asian banks to invest heavily in new systems and technology beyond credit card fraud detection, or risk falling prey to the new breed of online thieves.

“Using analytics to fight fraud is not new in financial industries,” says Tim Liu, chief technology officer at Hillstone Networks. “Banks have, for a long time, analyzed credit card usage data, looking for patterns of usage behavior in order to detect and flag anomalies.”

“With ecommerce, mobile transactions and payments becoming increasing prevalent, and cybercriminals are finding new ways to game the system for monetary gains. Therefore, new fraud detection systems will need to be developed for different transactions and on different levels,” says Liu.

Liu explains that in helping Asian banks fight fraud, they now track not only a user’s transaction and history data, but also important parameters such as social identity, the target device used, and compute environment. Tapping the services of partner technology companies is also crucial because banks no longer have the in-house capabilities to push out measures in response to threats detected by big data and analytics.

“By implementing big data and analytics technologies, banks and financial institutions have a bird’s eye view and enhanced visibility of their networks,” says Liu. “Organisations can be more effective at identifying attack patterns, but they are not sophisticated enough to convert their threat correlation analytics into actionable events, such as creating dynamic policies to quarantine a suspicious internal host, or creating firewall policies to block access to a destination IP and specific applications.”

Already, many institutions in the region are already using excellent scanning tools with features such as intelligent self-learning, says Alex Kwiatkowski, senior marketing strategist – banking & digital channels at Misys, although some still have large rooms for improvement in their fraud detection systems. The crush of Asian banks upgrading their fraud scanning tools comes as more incidents like the Bangladesh Bank heist occur and the potential revenue risk escalates.

“Adding advanced analytical capabilities will bring a whole new level of insight and foresight to identify suspicious behaviour at the earliest possible stage in proceedings, thereby reducing risk exposure and the associated revenue leakage,” says Kwiatkowski.