Fraud detection on SWIFT without the need to configure any rule
NetGuardians’ machine-learning fraud-mitigation software allows banks to monitor SWIFT messages to spot new and existing fraud types in real time, helping them meet SWIFT CSP requirements, writes DIETER LÜSCHER
Bank heists used to involve guns, dynamite and a bag for the swag. Not anymore. Today, thieves are getting away with millions using just zeros and ones; they are hacking their way in. Among the biggest and most sophisticated was the successful theft of $81m from the Central Bank of Bangladesh in 2016, using the SWIFT network and local infrastructure. Since then there have been plenty more hacks over the banking networks, helping lift the expected cost of cybercrime globally to $6bn by 2021*.
Such a high cost adds considerable risk to the banking sector, and could one day cost a bank its business. In response, SWIFT has drawn up the SWIFT Customer Security Program (CSP), a set of security controls that must be implemented by all SWIFT members to try to mitigate that risk. To be compliant, financial institutions must prevent and detect fraud in commercial relationships, and continuously share information and collaborate to prepare better for future cyber-attacks.
But the SWIFT CSP mandatory controls are related to the first line of defense and cannot possibly cope with high-profile and high-cost cyber-heists. What is also needed is advanced transaction monitoring related to SWIFT messages.
This type of advanced monitoring is provided by NetGuardians’ Fraud Detection for SWIFT messages. It enables financial institutions to identify and stop fraudulent transaction messages before they are released to the SWIFT network, in real time. NetGuardians’ machine-learning and augmented-intelligence technology solution automatically learns from SWIFT messages and captures unusual message parameters ultimately to suspend and send an alert for suspicious transactions.
The NetGuardians’ solution is built upon a holistic approach to fraud prevention, addressing all the relevant variable parameters including:
- Time-frame (e.g. unusual time of day, unusual frequency)
- Unusual payment instructions
- Unusual payment value (e.g. amount bigger than usual)
- Unusual or new relationships (e.g. new beneficiary payment to a new country unused by the financial institution)
The result is real-time prevention. The solution detects abnormal or suspicious SWIFT messages in real time, while flexible action settings provide alert-only, block, release or reject options. In addition, pre-configured AI risk models are continuously monitoring financial messages for suspicious activities (anomaly detection from a financial perspective).
While many fraud-mitigation solutions can detect only known frauds, NetGuardians’ Fraud Detection for SWIFT messages is powered by machine-learning technology so that it can spot new fraud types. This technology enables the software to continuously learn about instruction-party behavior. Due to the focus on behavioral anomalies, new cyber-fraud threats are detected without needing to reconfigure the system.
Our machine-learning-based solution learns about instruction-party patterns over time and identifies only high-risk messages, such as new counterparties, currencies and unusual payment times. This results in a significant reduction in false positives and fraud investigation times.
Implementation with existing financial messaging systems is quick and seamless; indeed for some digital banking platforms or SWIFT gateways it is close to plug and play.
Finally, institutions using NetGuardians’ Fraud Prevention for SWIFT become part of our growing global community that shares its vast knowledge of fighting fraud. Regular seminars and conferences allow members to swap experiences and share best practice, helping them to increase their protection against the fraudsters.
Institutions implementing NetGuardians’ Fraud Prevention for SWIFT messages kill two birds with one stone. It allows them to meet SWIFT CSP requirements and also to improve their fraud-mitigation profiles.
When the cost of non-compliance could be going out of business, the return on investment in this area is incalculable. The reality of such a solution is cheap insurance against maximum risk. And the speed of implementation will allow banks to reap the rewards fast. But, most important of all, it could be the difference between in business and out of business.
*Cyber Security Ventures, Cyber Crime Report 2016