As fraud losses continue to rise in Asia, behavioral biometrics presents an innovative addition to fraud prevention strategies, however it cannot be solely relied upon for complete coverage, writes Thomas Heegaard and Daniel Zhou.
In Singapore alone, the top 10 scams cost banks USD227.8 million in the first half of 2022, up 60 percent year-on-year. In the Philippines, where half the population uses digital banks, scams and fraud hit P1 billion in 2021 while Vietnam has the highest rate of online fraud per capita in Southeast Asia at 0.89 cases per 1,000 people.
Part of the reason why online fraud is so prevalent across the region is that the population has embraced digital banking. Indeed, according to a study by Mastercard, 88 percent of consumers in APAC used technologies such as digital wallets, QR codes, buy-now-pay-later and cryptocurrencies in the year to August 2022.
But with fraud on the rise, consumer confidence in doing business online is falling. A recent report in Techwire Asia revealed 56 percent of consumers in Singapore don’t feel online transactions are secure.
Part of the problem for banks and others trying to stop fraud is the constant evolution of the fraudsters’ methods. For example, authorized push payment (APP) fraud – where the account owner is duped into making a payment via a dating, investment or other scam – was comparatively rare in Asia a few years ago. Today two of its territories, Hong Kong and Singapore, feature among those with the highest incidences. One woman was ruined after she authorized fraudulent payments of more than USD3 million to scammers in Singapore.
These trends make it all the more important that banks and other financial institutions strengthen their fraud prevention by using multiple layers of defense, including artificial intelligence, machine learning, and monitoring of payment transactions across all channels in real-time .
This is an important message, as many banks in the region have adopted fraud mitigation software that relies on monitoring actions with biometrics software, which is good. But the inexorable rise of fraud clearly proves that biometrics alone are not enough.
|
Discover our payment fraud prevention solution 
|
The strengths and weaknesses of biometricsBiometric fraud mitigation looks at the actions of the user of the computer – how the mouse moves, click speed, and how fast the keys are pushed, for example. These metrics are excellent at spotting guided movement, perhaps when the account holder has a fraudster talking to them on a phone telling them what to do. Mis-clicks, when the user makes a mistake on the keyboard, can give away the user’s mood and whether they are stressed. This is an indication of possible criminal behavior. And if a form – perhaps for a loan or new bank account – is filled in using a lot of copy and paste, the user may be using stolen credentials to make multiple applications. Biometrics can also identify inputs operated by a malware. In practice, all this makes biometrics great at knowing when mule accounts are created to launder money and spotting fraudulent loan applications. But fraudulent payment transactions, particularly APP fraud, is much harder to be spotted in this way. For instance, investment or love scams may not involve guided input with the victims over the phone. Using social engineering techniques over a period of time, fraudsters convince the victims to make fraudulent payments. Similarly, internal fraud, where employees are involved in fraud cannot be detected and prevented. For truly secure banking and the highest customer protection, banks must adopt a more comprehensive approach. Ideally, this involves monitoring transactions across all channels, finding ways of spotting unusual payments and stopping them before they are completed. |
Monitoring customer behavior and payment transactions across all banking channels
Financial crime prevention software from NetGuardians uses AI and ML to learn about customers’ behavior. It builds profiles of “normal” spending. When a transaction is initiated that falls outside this normal spending behavior, an alert is triggered, blocking the payment before the cash has left the account.
The beauty of this method of fraud monitoring is that the profiles evolve over time, adapting to changing behavior. This means it issues very accurate alerts, keeping friction to a minimum and helping to cut operating costs.
Banks using NetGuardians software typically see a detection rate of up to 99 percent, with alert rates as low as 1 in 10,000 transactions. This helps them cut 75 percent from operating costs. False alerts can fall by 85 percent. In the Philippines, NetGuardians software recently enabled a bank to spot an employee trying to steal USD58,000 from dormant accounts. In Singapore, it stopped a fraudulent transaction of USD37,000 at a bank after a customer had clicked on a malicious link in an email that allowed the fraudsters access to their account. In Malaysia, it prompted one bank to foil an attempted APP fraud by a fraudster looking to net EUR18,000 by posing as a Microsoft employee.
Regulations in Asia are changing
Across Asia to date, APP fraud is increasing across the region. Banks are under pressure to act to protect their customers. Regulators are monitoring the situation closely and in some countries they are stepping in to make digital banking safer.
In June last year, MAS announced new measures including: a requirement for additional customer confirmation; a S$5,000 default transaction limit on online funds; the provision of emergency kill switches for customers to immediately freeze accounts they think have been compromised; rapid account freezing and fund-recovery operations; and better fraud surveillance to spot a broader range of scams.
Given the increasing losses and more possible regulation, it makes sense for banks to be on the front foot and do all they can to protect themselves from existing and evolving fraud threats.
When the two fraud prevention approaches are used together, banks cover off criminal behavior and fraudulent transactions – stopping criminals before they’ve been able to steal funds or launder the proceeds of their activities, as well as protecting customers’ money.
When fraudsters succeed, they undermine banks’ reputations, cause grief to the victims and can land the banks with big losses and fines. Customers such as those in Singapore who no longer feel secure with their banks, may move their money elsewhere. Installing multiple layers of defense against fraud will increase security significantly.
And should more regulators move to force banks to successfully spot and stop fraudulent transactions, they will be well placed to comply. In the meantime, they will be offering their customers the best possible protection and preventing the type of scams that lost one woman USD3m.
Thomas Heegaard is Lead Solution Architect at NetGuardians.
Daniel Zhou is Presales Manager APAC at NetGuardians.
You may also be interested in our internal banking fraud prevention solution:
