The only way banks will prevent phishing attacks is to use cutting-edge technology to build customer profiles so accurate that they can detect fraudsters impersonating them, write Joël Winteregg and Tat Wee Koh.
At the end of last year, a group of fraudsters helped themselves to a bumper early Christmas present – at the expense of more than 450 customers at Singapore’s OCBC Bank.
The scammers used phishing techniques to obtain customers’ personal details to net at least S$8.5 million (US$6.33 million) – in the month of December alone.
Phishing attacks involve fraudsters using emails and phone calls to obtain personal information, including passwords for computers and bank accounts, for their own profit.
The response by the Singapore financial watchdog to the OCBC attacks has been swift. It reiterated the responsibility that banks have to protect customers and urged them to tighten up their efforts at combatting fraud. It also hinted strongly that further measures will come into force soon.
In a written statement the Monetary Authority of Singapore said it “expects all financial institutions to have in place robust measures to prevent and detect scams as well as [have] effective incident handling and customer services in the event of a scam. The growing threat of online phishing scams calls for immediate steps to strengthen controls, while longer-term preventive measures are being evaluated for implementation.”
Download our latest white paper: The Top Banking Fraud Types to Watch in 2022.
Among measures the watchdog urges banks to adapt are the removal of clickable links in emails and SMS messages sent to retail customers; a default setting of $100 or less for notification of a fund transfer; a 12-hour delay before activation of a new soft token on a mobile device; email or mobile notifications whenever the bank receives a request to change a customer’s mobile or email address; and dedicated and well-resourced customer assistance teams.
While we don’t yet know the preventive measures being evaluated, we do know that although all the above are great in theory, they will not stop fraudsters.
This is because fraudsters are persistent. They will always try to find new ways to elicit the information they need to steal from the public – they see it as a game of cat and mouse. What the authorities, banks and the public need are anti-fraud solutions that don’t play their game, that cut off the opportunity for criminals to access and transfer funds illicitly.
At NetGuardians, we have developed fraud-mitigation software that protects banks from this new pandemic of fraud. The software gets to know the customer so well that any anomalous activity triggers an alert that can be used to suspend the transaction – with a very high degree of accuracy. Indeed, banks using our software see a fall of up to 85 percent in false alerts.
Our artificial intelligence and machine learning software allows banks to create profiles that map the behavior of their customers, even as it evolves over time. Transactions are assessed against the profile and those that don’t fit a customer’s usual spending patterns can be stopped. Parameters that feed into the AI models include habitual payment amounts, the location of spending, beneficiaries, currency, browser, timing, screen resolution, e-banking language and more. Furthermore, it is possible to group profiles so that mass scams like the one that hit OCBC’s customers in December can be spotted and stopped before any damage has been done.
Reviewing transactions in this way – rather than trying to implement new controls for each new fraud– finds more fraud and maintains or even enhances the customer experience. The solution’s accuracy and the fact that customers are only contacted when there is a genuine risk builds confidence. As a result, the customer is more likely to feel reassured that the bank is on top of things.
For too long, fraudsters have been able to win at this terrible game. NetGuardians fraud prevention puts an end to that. It changes the rules – in the banks’ favor.
We cannot second guess what the MAS will do in the wake of these latest attacks. But what we do know is that criminal gangs are talented at finding new ways to get the customer details they need to commit fraud. We also know that NetGuardians’ fraud-prevention software stops them in their tracks. It’s time banks turned to solutions we know work before it’s too late.
Joël Winteregg is co-founder and chief executive of NetGuardians
Tat Wee Koh is regional sales director APAC of NetGuardians