Fraud detection in banking with IdCloud risk management

What is fraud detection in banking?

Banks and financial institutions (FIs) use fraud detection in banking technologies and strategies to reduce the risks of fraud to their business. These risks include the financial costs of fraud as well as the reputational damage that it causes. Such firms are the most targeted by fraudsters because of their potential to provide speedy access to and transfer of funds.

As a result banks and FIs are constantly evaluating how to stay one step ahead of fraudsters by strengthening their fraud detection in banking tools and implementing prevention solutions to protect their assets, systems and customers. This can be quite a challenge with systems needing to be robust while remaining user friendly for genuine customers.

Banks take two broad approaches to combatting fraud: fraud detection and fraud prevention. They tend to adopt fraud detection strategies to identify attempts by fraudsters to access an account and use fraud prevention tools to stop attempts by fraudsters to access accounts. While slightly different technologies and strategies are used, detection and prevention tools are deployed hand in hand.
 

The challenge for banks – detect fraud and provide a frictionless customer experience

More and more consumers are turning to digital banking and they expect to be able to onboard and access FIs and seamlessly manage their finances on any connected device.

At the same time, FIs are facing a dramatic increase in sophisticated and complex cyber attacks. 

Fraudsters and hackers are continually challenging the security measures that FIs have put in place to protect their sensitive customer data.

For example, according to UK Finance’s 2020 report ‘Fraud – The Facts’, even though FIs in the UK do a pretty good job and prevent about 60% of all attempted fraud, fraud still poses a significant threat and causes big losses. In fact, losses from mobile banking fraud in the UK have increased rapidly and grew by 92% in 2019 alone.

This trend means that risk management strategies and authentication policies have to adapt and become more automated to cope with the increasing number of connections, the creativity of fraudsters plus all the new regulations.

FIs need to use multiple techniques to monitor each risk, each act of fraud and each cyber attack, but implementing these can be a real challenge and involve dealing with several vendors. 

Discover more about the challenge of fraud detection in banking, Forbes, 2 February 2022

Four steps to prevent fraud in banking

 Gemalto IdCloud risk management services are used for identity affirmation and risk-based authentication (RBA) and harness the power of four layers of intelligence.

Each layer transparently analyses user and environment activities from different perspectives to identify high risks before any harm is done.

Together, they create a dynamic profile of each event, giving you the confidence that you are identifying ‘good’ consumers based on their online interactions.

Four steps to prevent fraud in banking: 

• 1- The Device intelligence :

  This allows you to identify recurring devices accurately, detect high-risk networks and locations and spot device anomalies that indicate fraudulent activity.
   

• 2-  Behavioural biometrics 

  This looks at inherent user behaviour and analyses how someone types, moves their mouse or holds their device to create an individual profile.

  This profile is used for future sessions to detect account takeover or social engineering fraud. Typing patterns usually differ when a fraudster coaches a victim to make a transaction.

  During onboarding, it can even be used to compare each individual with a population profile to detect fraudulent users or distinguish between humans and bots.
  .

• 3-  Behavioural analytics

  This analyses user habits at individual and population levels to detect unusual behaviour.

  For instance, it checks what time of day users access bank services, from which locations and using which devices, and flags up out-of-the-ordinary transactions.
   

• 4-  Trust consortium

  This evaluates billions of events to help you know who to trust, even if they are new to you.

  It gathers anonymised and encrypted insights from online events across our clients. A warning will be issued if an IP or device ID is linked to past fraud.

The result?

These intelligence layers create a dynamic profile of each event that protects customers and businesses and allows fraud detection in banking.

By combining RBA with strong customer authentication (SCA), you enhance the user experience (UX) and security for all digital banking use cases.

See how US neobank used risk management to stop application fraud in banking

Enhanced onboarding with risk management

By adding identity affirmation, you can strengthen your identity proofing process security.

It applies risk management technologies to analyse the environment and user behaviour to detect suspicious activities. 

Although the main aim is to prevent ID fraud during digital onboarding, identity affirmation can also lower total cost of ownership by avoiding additional checks and abandoning high-risk enrolments at an early stage.

The best way to combat new account fraud is with a holistic, multi-layered approach to security.

Using risk management technologies and learning to recognise your standard user’s normal online interactions compared with known legitimate customer behaviour and known fraudster behaviour, it is possible to weed out criminals in real-time.

Read more about our services for digital onboarding.

Enhanced access with risk management

By adding smart risk management services to the access phase, the risk level of every single customer transaction is analysed, and a recommendation on the most appropriate authentication method is given.

This helps FIs to make the right choice to minimise risk and prevent account takeover fraud: allow the transaction, block the transaction or challenge the customer with a step-up authentication.

In this way, they can define an RBA policy based on customer segmentation, customer preference, use cases and their own parameters.

All running unobtrusively in the background to provide the best end-user experience.

Read more about our digital banking access services.

Comply with the latest security regulations

Gemalto IdCloud’s risk management services are the perfect answer to the new security requirements of regulations such as PSD2 and FFIEC. It offers real-time monitoring of the authentication and transaction process risk, as required by PSD2’s regulatory technical standards (RTSs) .

 
Complex security policies can be defined, based on the level of risk, the type of transaction and the user profile, as recommended by FFIEC. It also helps you meet the requirement for stronger fraud prevention to fight the increasing number of cyber-attacks and growing levels of fraud.

Data privacy regulations such as GDPR in Europe and CCPA in the US are becoming ever more stringent. These can be a real compliance challenge if data has to be processed by several different vendors for risk assessment..

Gemalto IdCloud has been designed for GDPR and CCPA compliance.

More resources

• Thales Gemalto IdCloud
• Thales Gemalto IdCloud for Onboarding
• Thales Gemalto IdCloud for Access and SCA
• Understand the PSD2 regulation