By Erwin Roberts
The most recent threat to online banking accounts and online fraud detection involves fraudsters using a multi-step plot that involves various interaction points with financial institutions.
Cyber-criminals commit this cross-channel fraud by first breaking into an account via the online channel to pinch important information such as account balances, check images, or signature blocks, in order to carry out wire, check and other types of offline swindles that never get related to the original breach online.
Unfortunately, the online channel’s role in these swindles is often missed. This is precisely what makes this kind of fraud so effective – and complicated to catch. Financial institutions only register the final transaction fraud, and don’t account for the original infringement, which often occurs in the online channel. Add this to the fact that consumers don’t know it is happening, and the fraudsters have a ideal opportunity to continuously get away with this misconduct.
Case in point is what happened recently to a leading financial institution that supplies service for tens of thousands of customers daily. Despite hard line efforts to look after its online environment, fraudsters pulled off a startling cross-channel fraud scheme.
Here’s how the fraud scheme occurred:
1. The fraudster called the institution’s customer service number and, with social engineering methods, reset the online account password and contact phone number.
2. The fraudster gained access to the online account, found out more about the customer’s online activities, and downloaded check images containing the customer’s signature.
3. The fraudster then called on a separate institution using the stolen information to open a new account in the victim’s name.
4. A wire transfer was authorized to empty the victimized account and credit the new account at bank #2. Because the names on the accounts were matching and the fraudster had supplied a phone number under his/her control and a official looking signature, an offline authentication of the transfer by phone, as a supportive means of identification, passed and was authorized.
5. The fraudster withdrew his loot slowly, visiting separate branches in a state other than the victim’s.
Legacy Fraud Detection Techniques Blind to Online Activity
When fraudsters utilize schemes involving multiple interactions with different touch-points across an organization, they aren’t caught because the precursor online channel violation is often overlooked.
Common industry operation registers the conclusive fraud transaction as the breach point, and case forensics employ incomplete resources to return insight that cannot discover the original breach to the online channel. When accessed only for exploration, the online channel records no “transaction” for exposure. This is precisely what makes cross-channel fraud so effective – and so hard to catch. Moreover, as what kind of fraud is our prior example to be categorized. Is such a loss wire fraud, check fraud, or simply “online account fraud”?
A next-generation method to online fraud detection and prevention is needed if we are to continue to engender customer confidence in online banking security. According to Javelin Research’s 2007 Identity Fraud Survey Report, it takes an average of 60 days for consumers to even notice that fraud has occurred. This leaves fraudsters with a insidious opportunity to commit successful cross-channel fraud crimes if financial services providers don’t take pre-emptive steps to protect both their customers and their bottom line. New best practices and back-end technologies that focus on online behavior can better isolate and prevent cross-channel fraud at the source.
Modeling Individual Account Behavior Ends Fraud at Its Source
An emergent best practice of online fraud prevention is to employ predictive models of individual customer online behavior to detect when the “customer” logging in isn’t who they say they are, even if they pass authentication. Beyond straightforward machine signature technology, user profiling technologies depend on trended analysis of behavior account by account. They start by understanding what “normal” behavior is for each individual customer – and admit that there is no single guide of “normal” behavior to write an anti-fraud rule to.
Dynamic, model-based investigation of account activity “does the math” – piecing together what by themselves may seem like frail indicators of fraud until a clear pattern emerges of online fraud detection. Behavior that deviates from what is expected becomes suspicious – the more the deviation, the more meaningful the suspicion. This comprehensive analysis allows for more granular risk scoring and better linking with offline activity patterns. A byproduct of this behavioral analysis through transaction monitoring software, also provides a rich history of online activity that aids case management and forensics.
Using these techniques, companies can identify the fraudster via the alerts to online activity outside the customer’s expected behavior. Deploying strong analytics at the source – the online channel – ensures that fraudsters’ assaults are shut down before any damage is done.
Erwin Roberts is a online banking security enthusiast who writes on the online banking security topics. Guardian Analytics is the technology leader in the fraud detection and prevention of online accounts. They provide real-time risk management solutions that protect online channels. Guardian Analytics offers an analytics-based software solution that addresses the entire risk management lifecycle. http://www.guardiananalytics.com/customersuccess/index.php
Learn How To Steal An Identity To Prevent It
By Dominic Donaldson
Identity theft is one of the fastest growing forms of organised crime and can lead to heartbreak, financial consequences and legal problems. One of the most common forms is that of assuming the identity of an individual, ordering credit cards in their name and running up the bills which puts the victim in credit default. This can take months and great expense to rectify and this article teaches the tricks of the trade to prevent this happening.
Someone cannot assume your identity unless they have access to personal details about you. One of the most common sources is from your refuse that is recycled or disposed of without shredding. You would be astonished with the intricate details you can discover from what people cast away. Old credit card bills, bank statements, insurance policies and tax information amongst many other documents can be gold for identity fraudsters.
By shredding any documents that you are recycling or discarding you can avoid or at least minimise this risk. If you see someone rummaging or loitering with intent to rummage through you are your neighbours refuse then report it to the police immediately. Do not mistake the person for a homeless person and invite him in for a wash and bowl of soup, much of the time identity fraudsters are organised criminals and potentially dangerous.
After the acquisition of certain details such as credit card numbers, passport numbers, tax registration numbers, mother’s maiden name or date/place of birth then they are in a position to gain access to certain restricted services such as internet or phone banking. They will complete a change of address form which will divert mail to a temporary of ghost address which means that they are now in control of your identity.
The first thing that usually happens is that a credit report is requested, so one way of potentially catching the process early if you have any suspicions is to contact the credit agencies and enquire when the last credit repost was issued. This might come after you have seen someone loitering around your premises, your files have been accessed at work, you have recently had a purse or wallet stole or you have recently had a break in.
If you have not been shredding your documents then fraudsters can obtain the credit report and see how much they can get out of you. With this personal information they can find out where you work or shop and obtain more records by hacking into computer systems or stealing files. After this ground work has been laid the thief has the foundation to build on and if they are good then there are very few warning signs.
Good thieves will not focus on existing cards and accounts, they will attempt to get new accounts, loans, finance, ect registered on the new address as they need the long con to build up the identity at the address. This does mean however that will need to redirect one of your current billing systems to the new address, meaning that it will not come to you. If you have missed a bill that you usually receive you should follow this up immediately and check the address they have.
After this stage things can get pretty nasty if you have a half decent credit rating . They can open accounts, credit cards, store cards, car finance, loans and basically anything within their power. Then one day, good thieves will shut up shop and walk away before any real evidence can be gathered. It can all be avoided simply by using a shredder.
Dominic Donaldson is an expert on shredding and identity theft prevention.
fraud prevention
