One of this year’s critical missions for financial institutions will be to ensure that their systems are battle-ready for open banking, which is expected to fling open wide the doors to a new onslaught from fraudsters.
Thanks to the European Payments Directive (PSD2), which came into effect in January, permitted third parties will be able to demand information from banks about their customers with the aim of offering services and financial products directly. These changes won’t be limited to Europe; many other jurisdictions are expected to follow suit with their own open-banking programs.
While open banking is good news for customers in terms of choice and competition, the changes will expose banks to more attempted fraud. It will present fraudsters with more opportunities to gain access to customer details and therefore access to customer bank accounts and funds.
The big worry for banks is that third parties are not required to have the same rigorous security protecting data, nor do they have sole responsible for how any data leakage or theft might play out. Instead, responsibility for any fraud resulting from data misuse will be shared with the banks. Fortunately, the right tools and controls are already available to help financial institutions mitigate the increased risks. Stepping up anti-fraud defenses will be a major theme for 2018 and beyond as banks seek to protect their customers and thwart criminals.
Open banking is facilitated by APIs, so securing activity stemming from such sources will be a key focus for banks. One way of shoring up defenses is to install systems that check that account activity is genuine, rather than just check the account access itself. Artificial intelligence can be applied to learn how customers use bank services. This focus on customer journeys makes it easier to detect unusual behavior or activity. It can also provide a better defense against fraud than the recognition of correct passwords, for example, which can be stolen, guessed or circumvented.
Another significant trend will see banks tighten their controls on e-banking fraud. Although today mobile internet navigation is more widely used than computer navigation, banks have not done enough to counter the low level of security typically found on mobile devices. They need to add an additional layer of security specifically for mobile devices based on the EMEI number, which is unique to each one, to address specific risks such as SIM-switching.
We also expect to see a rise in scam attacks exploiting AI technology. Where traditional scams aimed to steal a customer ID to access existing accounts or open new ones, we predict that the coming 12 months will see scamming on an industrial scale, as fraudsters use robots to launch attacks.
The scope for such nefarious activity is again significantly increased as a result of open banking and – again – the key to preventing them will be to monitor customer journeys inside the bank. Real-time prevention will be key.
To catch fraudsters at their game, banks will also have to deploy AI to ensure that their security protocols learn from attempted attacks – both internal and external – and develop better anti-fraud protection from the data they gather.
A genuine customer will have a habitual way of making transactions. It is highly unlikely that fraudsters will be able to replicate these journeys. Our advanced monitoring systems ensure that any anomalous behavior is spotted in real time, checked and suspicious transactions stopped immediately before the money has left the account, let alone the country.
Traditional rules-based security engines require some 60,000 rules for each fraud case. Putting these together takes time and resources, with many banks tending to update the rules periodically – perhaps monthly – to address changes in fraud patterns. In between times, banks are vulnerable to criminals’ new tricks. AI anti-fraud software, on the other hand, can react quickly, developing new rules to address threats as they emerge.
Finally, we will see more banks automate basic security checks, freeing up resources and manpower to undertake more complex analysis and less repetitive, low-value tasks.
Just as banks’ defenses will evolve in the fight against cyber fraud, so they will be useful to demonstrate compliance with anti-money laundering and counter-terrorist financing regulations. The stakes are only getting higher as regulators impose stiff fines on any breaches of compliance or negligence in cases of fraud. The pressure on banks to do all they can to mitigate the risk is unlikely to diminish any time soon.
While fraudsters might be celebrating the arrival of open banking, they are likely to be disappointed. More and more banks are fortifying their defenses with our tools, implementing effective and efficient deterrents to thwart criminals in 2018.