By analyzing the behavior of staff, customer and the transaction itself, banks can spot and stop not only known fraud types but also new frauds, writes Joël Winteregg
It takes on average 16 months to detect a fraud perpetrated by a member of staff. The average loss per case is $130,000. More than one-in-five involve sums of more than $1m.These 2020 stats from the Association of Certified Fraud Examiners make stark reading. They cover 2,504 real cases of internal fraud in 125 countries that amounted to more than $3.6bn in losses. And there’s more bad news.
Internal audits, controls and management reviews spotted only 28 percent of that internal fraud, indicating that traditional fraud-mitigation controls and processes are pretty ineffective. This is because employees, particularly those who work in IT or have the highest levels of access to IT systems – such as systems and database administrators – are well placed to commit or facilitate fraud, and cover it up.
Put these figures into a global context – and keep in mind that 70 percent of all fraud is internal – and it’s clear this is a big and growing problem across all channels.
Furthermore, where once internal fraud was predominantly seen in emerging markets, today banks across Europe are increasingly falling victim. This may be down to changing employment patterns and the fact that a position in a European bank is no longer a job for life as more processes and operations are outsourced and automated, thus eroding loyalty.
The fraudsters come in all shapes and sizes, work solo and together. Customer-facing staff tend to operate frauds alone; back-office fraud tends to be by collusion, where at least two people facilitate the fraud and cover their tracks.
For example, a relationship manager can exploit his or her knowledge of internal limits – and of the customer – to take small sums regularly without causing alarm. They can even temporarily transfer cash from other accounts to boost depleted balances at times of inspection. In the back office, one employee might submit a fraudulent transaction and another validate it – the two working together to bypass controls set up to detect criminal activity.
Key to the fraudsters’ success is their knowledge of how to play the system. Such frauds are subtle, carefully planned and well executed, making them very hard to spot. This is the opportunity.
You may also be interested in watching our webinar recording on "Fighting internal banking fraud with machine learning: Benefits and practical examples"
Now for the good news. When machine learning and artificial intelligence software is used to capture the three major factors determining the veracity of a transaction – customer behavior, that of staff and the transaction itself – there is nowhere for the fraudsters to hide. Working with a bank on real historical data going back five years, NetGuardians’ fraud-mitigation software was able to correctly spot 100 percent of the known cases of internal fraud and discover new ones.
It works like this. The machine-learning algorithms build up a picture of acceptable behavior and transactions for an account by looking at multiple variables such as destination, amount, timing, device used, browser and more. These variables cover not only the customer, but also the staff at the bank and the transactions themselves. When a variable is spotted that is anomalous, an alert is raised.
In this way, a relationship manager taking small sums from a customer’s account can be spotted because the action does not fit with the customer’s own pattern of behavior.
The outcomes are impressive. Not only does the software catch 100 percent of the fraud cases and detect new fraud types, but there are up to 83 percent fewer false alerts (a red flag for a bone fide transaction), cutting fraud-management time by up to 93 percent.
When used in conjunction with fraud-mitigation best practices such as two-person validation, passwords, staff training and education about warning signs, banks achieve a very high level of security.
Losses to internal fraud cost billions every year and can wreck tremendous reputational damage. Today, it is avoidable. Indeed, more and more banks are turning to NetGuardians’ fraud-mitigation software to help them stamp it out.
