We interviewed two experts on the future of finiancial crime and the steps they're taking
Financial crime continues to be one of the biggest challenges facing banks and financial institutions, and with some estimates putting the cost to the global economy at over $2trn each year, it's critical that all parties come come together to mitigate the impact and protect their customers.
Tim Ayling is currently the Vice-President EMEA at buguroo. With over 20 years' experience in the cybersecurity and anti-fraud industry, Ayling began his career in technical support, and moved on to System Engineering.
Wendy Jephson is Head of Behavioral Science for Market Technology Risk and Surveillance Solutions at Nasdaq, and leads a unique multi-disciplinary team that combines expertise in technology, behavioral science, advanced analytics, and capital markets to solve some of the biggest challenges in financial services.
Here, they discusses which new technologies could make all the difference ahead of their panel at FinovateEurope in February 2020.
Tim Ayling: There are many reasons why this is the case, but they all come down to the fact that there is money to be made. As long as the bad guys continue to make profits from trying to steal money, they will continue to do so. On top of that, the rate of prosecution is so low that it´s almost a risk-free crime. How can a bank which is based in the UK successfully prosecute a fraudster based in Albania? It’s virtually impossible.
The key is to make it as hard – and expensive – as possible for the criminals to perpetrate their crimes, so there is no business case for them to try.
TA: Interestingly, there are reports that suggest the most common use of AI in banking is in anti-fraud and cyber security, so there is already a lot of new tech getting used in this arena. The same could be said with biometrics, especially with technology such as TouchID on smartphones.
Wendy Jephson: New technologies continue to help us combat financial crime. However, just as in any physical engineering challenge, shiny new tools and technologies are only valuable if they help with the task at hand.
WJ: It's important to understand the task at hand to be able to select the right tool for the job. Sometimes that tool is a tried and tested one, but its application to the problem can be novel and deliver results no one has seen before, meaning how we use new and old technologies continue to be as important. Our ability to look at the problems in financial services with a new lens because we have access to datasets that weren’t previously available and the compute power to investigate it, makes this an exciting time to be in FinTech and RegTech in particular.
TA: There are some issues. For example, physical biometrics create friction in the customer journey and hence do not help with customer experience. Furthermore, a physical biometric is a one-off authentication. Once the consumer has authenticated using a fingerprint (for example), they are in, and a simple session hijack will not be prevented. Behavioural biometrics is far more effective across an entire session, from log on to log off. This technology looks for changes in end user physical behaviour throughout the session, and will flag up any user impersonation immediately.
TA: I wish I could give a simple answer to this, but there isn´t one. It has long been said that the best approach is to have several layers of security, and this advice is still the best.
As I mentioned earlier, a company needs to make it as expensive as possible for the criminal so it no longer makes business sense for them to keep trying; a multi-layer approach does just that. Organisations taking this approach will lessen their exposure to attacks, forcing cybercriminals to seek out new targets.
TA: buguroo spends considerable time assessing and understanding the issues associated with fraud, and we’ve learnt that fraud occurs through one of two mechanisms – user manipulation or user impersonation.
With this in mind, we firstly make sure that our banking customers can create unique profiles for each and every one of their consumers, making it possible for them to spot anomalies. However, to create unique profiles, you cannot rely on a single data input. Instead, we utilise a vast quantity of data points including analysis of the user’s device and network, as well as behavioural biometrics; how you swipe your phone, use your mouse, tap the keyboard, etc. Once a bank has created these profiles, they become far more effective at spotting differences between legitimate and suspicious behavior.
Secondly, we create a baseline for the bank´s website or mobile app, allowing us to spot anomalies there too. For example, if a customer activates a web injection, we will see that there is a difference from the standard website baseline. From here, we can alert the bank or even deploy countermeasures.
The truth is that, when fraud is being perpetrated, there will always be an anomaly somewhere – whether that´s a piece of malware, or a user being manipulated. We focus on spotting that anomaly.
Berlin | Feb 11-13
1 day - 6 industry stages
200+ speakers
Find out more >>
TA: That´s almost impossible to answer with any accuracy. We are always looking at what is next, and much of our roadmap is led by customer requirements as well as by emerging techniques being developed by the fraudsters.
However, it's fair to say that information is key to protecting consumers – that means using a high volume of high-quality data that can be contextualised to enhance decisions. It's a safe assumption to make that we will continue to improve this.
WJ: My first career was as a lawyer in the pharmaceutical industry for a company developing and producing medicines for the treatment of mental health diseases amongst others. This sparked my interest in understanding how our brains operate both optimally and sub-optimally to direct our behaviour or ‘what we do’. Understanding our human decision-making processes and how we might support that has since then been a long-term learning journey for me.
In the financial sector, complex decisions are not only made continuously, but thanks to our regulatory system and the nature of the information rich markets, these decisions are captured in data-trails. Having retrained as an evidence-based business psychologist, access to data is essential in my profession. We need to measure that behavioural phenomena actually exist and can be reliably measured, before designing potential interventions. Those interventions also need to be rigorously tested to ensure they have the effects designed for and have minimal unintended consequences. The various technological tools that are becoming more sophisticated obviously help in doing this.
WJ: Nasdaq uses a combination of behavioural science methodology, subject matter expertise, technology skills and data analytics to help clients and compliance departments detect fraudulent behaviour, manage risk and regulatory compliance. The combination is essential to a successful holistic surveillance offering and critical to efficient and effective organizational compliance with an increasingly intricate global regulatory environment.
The behavioural science methodology in particular enables us to capture the challenges our clients are facing and we are able to elicit expert knowledge from seasoned practitioners in the field to reveal the nuanced complexity of investigatory and oversight roles. This level of preliminary analysis is key to rethinking how problems can be solved and is often skipped over in the rush to solutionise by many tech firms.
TA: Absolutely, it is essential. We are a cog in a wheel, though we like to think we are a gold-plated cog! There are a number of other software vendors and intelligence companies that we work with.
An example of this is in the transaction monitoring space, where we can inject our data and information into their products to ensure far more accurate and contextual decisions.
WJ: The FCA’s global initiatives on AML always spring to mind as a world-class example of getting the industry together to collaborate. In regtech, you want multiple perspectives from different parts of the industry and different professional disciplines in order to identify the best solutions to your challenges. Having teams from diverse backgrounds, allows you to approach challenges from different angles and analyse potential risks, outcomes and benefits from many perspectives. This is why diversity works.
Collaboration by challenging and revising can produce outcomes that are more robust for all when working to ensure the integrity of the markets. The great thing about working in regtech is that the clients we work with are willing to collaborate on these challenges and have an ambition to raise the industry standard all round.
WJ: The sheer amount of data generated by firms in financial services and the requirements to monitor all activity means that regtech is on the rise and the only feasible option. Technology can help with certain kinds of activities that people generally are not as good at – like processing vast quantities of data at speed. The challenge with tech in this space is to ensure a good equilibrium between supportive technologies that delivers useful information to the user whilst still supporting human intelligence. The key is to achieve human:machine collaborative working – something we in the behavioural sciences team are focused on.