NetGuardians’ latest online panel discussion on fraud and financial crime served up some tasty morsels for financial institutions looking to better protect themselves from fraud and identify money-laundering accounts.
To beat the fraudsters and money launderers, banks need more co-operation, education, automation, industrialization… and to think and behave more like ice-cream makers, according to the panelists taking part in NetGuardians’ March panel discussion on the evolving fraud landscape.Ice-cream production might not be the first thing to come to mind when thinking about stopping financial crime, but it did perfectly illustrate the need to follow process if we are to minimize the fraud opportunity – more of which later.
Latest fraud trends
Representatives from more than 60 organizations across Europe, Asia, the Middle East, Africa and the US joined the online panel discussion moderated by NetGuardians’ head of product management Roy Belchamber. They listened to experts in financial crime prevention and mitigation discuss the latest crime trends and how best to protect banks and their customers. All agreed that crime was booming thanks to the use by the criminals of ever-more sophisticated techniques to scam us out of our money.
Authorized push payment (APP) fraud, where the client is duped into making a payment to a fraudster, is probably of most concern right now. Thomas Hoarau, head of fraud risk and investigation at Swiss private bank Pictet, said 90 percent of the work he and his team do right now stems from a client being duped.
This trend can be attributed to the increasingly sophisticated technology and methods used by fraudsters. Deep-fake voices, for example, that even parents can’t tell apart from their own children, are relatively easy to make when criminals use software-as-a-service and access voices from social media such as TikTok and YouTube. “If a fraudster can dupe parents, just imagine what they can do to a banker,” said Hoarau.
Increasingly sophisticated techniques
But it’s not just the technology used by fraudsters that is making it harder to separate genuine transactions from fraudulent ones. Not so long ago, poor grammar, clunky language or just unlikely scenarios made phishing and APP scams easier to spot. Today, the whole hit is often so much better planned and executed.
Hoarau related the story of fraudsters who hacked the email account of the captain of a racing yacht. Impersonating the captain, they sent fake expense claims for bogus crew members to the fiduciary company managing the bank account used to pay the charges of the yacht. Fake expense claims even coincided with the timing of real-life races and legitimate charges. “They copied exactly the activity on the account. It was very convincing,” he said.
With the increase in fraud attacks comes an increase in money laundering. Criminals are behaving in ways that are harder to detect, including keeping the money in the country where the crime happened rather than moving it abroad.
Co-operation, education and automation are key
Such sophistication – and tenacity – demands banks do more to protect their customers, particularly as today’s chillier economic climate tempts more people into criminal activity. This is where co-operation, automation, industrialization and education can play a valuable part.
The panel strongly agreed that the more banks co-operate, sharing information where possible, the more effective they will be at fighting fraud and financial crime. Of course, such efforts must comply with data-privacy laws, but it is possible to strip data down to the relevant information, including destination IBAN, and still have valuable intelligence to share on a platform.
Marlène Meli, a consultant in financial crime prevention, drew a parallel with cryptocurrency trading, where the system is fully transparent about a transaction journey but maintains privacy about whom it involves. “If we can find a way to combine this in traditional finance we could take a big step forward,” she said.
On education, more can be done to raise customers’ awareness of the scams and also of the penalties, especially for being a money mule. Roman Bonbinkov, information security and risk analyst at Swissquote, said banks should repeatedly stress to clients that they will never ask for their personal details and suggested they put warnings on their websites to educate clients about how phishing scams work and how to protect themselves. This could be in the form of frequently asked questions. He also suggested they tell clients when they are subject to an attack so they can increase their vigilance. These sorts of messages could be communicated via their portals or even Twitter.
Meli said education also touched on the culture within a bank. “It’s a question of promoting the right culture of ethical and respectful behavior at work and how you approach customers. Whether it’s a small new customer or a high-net-worth individual, the bank staff must treat them with the same level of respect. It’s a philosophical approach on how to treat people. And it comes from the top.” This boils down to listening carefully, understanding the customers’ needs and knowing the right processes to follow to minimize risk.
On automation, Marc Kilcher, director risk, regulations and compliance at KPMG Geneva, was clear: while banks are finally automating more of their operations, there is still a lot of internal resistance. “There’s a tendency to consider it’s only humans who can spot frauds. But now it’s quite easy to fool compliance managers. This has got to make banks turn to automation and the automatic screening of transactions,” he said.
Lessons from ice-cream makers
Hand-in-hand with this, he believes, we will witness an ‘industrialization’ of banking, where processes become fully integrated into every aspect of the industry.
“Particularly in private banking, we’re missing the maturity [of other industries] where processes are industrialized,” he said. “In the food industry, regulations and processes are far ahead of banks. People follow the processes and comply or are sanctioned. In banking, there’s huge room for improvement…
“Take ice cream. When you’re making and selling ice cream there’s a chain of processes that has to be followed every time to ensure quality and safety. We must do the same for banking services. Too often, standards are below what is expected and needed. If we can raise them to the level of the food industry, we could minimize fraud events.”
The final word went to NetGuardians’ own fraud fighter Sandy Lavorel, who summed up the problem and the solution. “We are only going to see more digital payments, offering a bigger attack vector to criminals. We need to co-operate, share information, and increase awareness. Together, we can fight fraud.”
You can watch the recording of this panel discussion below.
Learn more about NetGuardians’ co-operative fighting approach by visiting our Community Scoring & Intelligence page.