How One Bank Flattened Fraud

Argo.pngProtecting the bank and its customers — through cybersecurity measures, identity verification, fraud detection and the like — is vital in ensuring a financial institution’s safety and soundness, as well as its reputation in the marketplace. These investments typically represent significant cost centers, but fraud prevention tools can be an exception to the rule if they’re able to pay for themselves by preventing losses.

The idea is, when you put in a fraud system — and this is where some folks lose it — you want to make sure to catch more fraud than the system costs,” says Ronald Zimmerman, vice president in the operations department at $32.2 billion IBERIABANK Corp., based in Lafayette, Louisiana. “You always have to make sure that the cost doesn’t supersede your savings.”

Zimmerman implemented ARGO OASIS about a year ago. OASIS, which stands for Optimized Assessment of Suspicious Items, uses neural networks and image analytics to detect and prevent fraud. Modeled after the human brain, neural networks are a form of artificial intelligence designed to recognize patterns, making it well suited to identify check alterations, forgeries and other forms of transaction fraud. The solution then provides bank employees with detailed information to enable them to further investigate the activity.

Bank Director’s 2020 Risk Survey found that just 8% of executives and directors report that their bank uses AI technology to improve compliance. One-third are exploring these types of solutions.

IBERIA brought in OASIS to identify fraud in its “two-signature accounts” — customer accounts that require two signatures on a high-dollar check. “We have a queue set up in OASIS to monitor these checks as they come in through clearing. If a signature is missing or is in question, OASIS flags it for review,” Zimmerman says.

One thing about the technology that sets it apart is its check stock validation tool. “You have an overlay button where you can place a questioned check on top of a good check, and you have a little slide bar [so you] can see the small differences,” he says.

That tool alone has helped the bank stop roughly $300,000 in check fraud over the first eight months of use — meaning ARGO has already paid for itself. “We’ve caught a ton of fraud through this product,” says Zimmerman.

And $300,000 is a conservative estimate of the bank’s savings, Zimmerman says, because fraudsters have learned not to target his bank. “Check fraud flattened out, because the fraudsters have probably moved on, knowing that we’ve covered up a hole that was there before.”

ARGO OASIS was recognized as the Best Solution for Protecting the Bank at the 2020 Best of FinXTech Awards in May. ALTR, a blockchain-based security solution, and IDology, which uses big data for identity verification and fraud detection, were also finalists in the category.

Importantly, ARGO helps IBERIA stop fraud efficiently. A task that used to occupy three full-time employees’ time now takes two employees just a couple of hours.

IBERIA will soon merge with Memphis, Tennessee-based First Horizon National Corp. to form a $75 billion company. The deal was driven in part by the pursuit of scale.

Generating efficiencies is essential to better compete with big banks, said First Horizon CEO Bryan Jordan in a 2017 presentation. “We’ve got to be invested in technologies in such a way that we’re at or above table stakes,” he said. “The trick for us will be to … create efficiency in other parts of the business to create money that we can invest in leading-edge technologies and processes that really allow us to be competitive.”

Leveraging AI to reduce compliance busywork is a great place to start.

Filling Fraud Detection Gaps

Investment in fraud detection can be a competitive advantage, especially as real-time payments initiatives create new opportunities—and threats—for financial institutions. Luis Rojas of Bottomline Technologies explains where and how to address gaps in fraud detection, and how bank boards should examine the true costs of fraud.

Outlooks for Payments Fraud

  • How Banks Should Address Fraud Gaps
  • Dealing with Legacy Systems
  • What Boards Need to Understand

Winning the War on Cybercrime: The Four Keys to Holistic Fraud Prevention

8-19-13-Trusteer.pngCybercriminals are stepping up their attacks on financial institutions by gaining control of customer devices with sophisticated malicious software installed on a computer or mobile device to secretly read online credentials. The criminals then conduct real-time credential theft and take over accounts. Current technologies are simply not capable of identifying and preventing these attacks and are overloading bank fraud prevention operation teams with unnecessary false positive alerts. In the latest real-time account takeover scheme, cybercriminals use malware to steal user credentials at login, block users from logging into online banking, use the credentials in real time to log into victims’ accounts, and also steal any secondary authentication requests the bank receives from the user to bypass the bank’s security and gain full access to accounts.

The main reason cybercriminals continue to succeed is that they are using highly evasive advanced financial malware for a wide variety of attacks that are very difficult to detect. Cybercriminals are acutely aware of the technologies deployed by most financial institutions and simply design attacks to circumvent these controls. Bypassing them remains relatively straightforward because the controls are isolated rather than integrated with each other.

The Four Keys to Holistic Fraud Prevention

A holistic platform to prevent fraud must be built on four key elements that ensure sustainable prevention of cybercrime in light of the rapidly evolving threat environment.

Comprehensive Coverage
A comprehensive fraud prevention platform is required to protect an organization from fraud attempts across all possible access devices and all attack methods.

Real-Time Intelligence
An intelligent fraud prevention platform correlates data from multiple sources including malware infection, phishing incidents, and device identification, to conclusively detect and prevent attacks.

Adaptable Controls
A fraud prevention platform should adapt to changes in fraud attacks by rapidly deploying countermeasures without overloading your internal resources.

Transparent Protection
A transparent fraud prevention platform does not burden customers with complex authentication protocols or long delays in processing while transaction alerts are sorted out.

Financial institutions that adopt such a holistic solution acquire highly accurate fraud detection that entails negligible customer involvement. When it does involve customers, it is only because the bank has conclusively determined there was attempted fraud, malware or phishing. Additionally, the bank’s fraud prevention capabilities should meet the critical regulatory requirements delineated in the Federal Financial Institutions Examination Council Authentication Guidance Supplement.

Fighting the war on cybercrime will not get easier for financial institutions. Cybercriminals use a divide-and-conquer approach by relying on poor communication about fraudulent activity between financial institutions as well as poor communication between fraud prevention systems that exist in silos. Traditional fraud prevention technologies help reduce fraud but are easily defeated by advanced cyber fraud techniques. To date, advanced financial malware has bypassed virtually every authentication method. Malware also has bypassed risk engines that detect anomalies by learning behaviors and transaction patterns to conduct fraud within tolerable statistical limits.

To win the war on cybercrime, institutions must wage their battles on the front lines—at the customer endpoint. This is where malware and phishing initiate the chain of events that eventually leads to fraud. Breaking the first link of the chain keeps fraud from ever entering the system where it can be overlooked by risk engine analytics or bypass authentication methods. Focusing fraud prevention efforts on the customer endpoint affords the highest likelihood of preventing cyber fraud. This protection, however, cannot be accomplished by simple customer education. The attack sophistication requires banks deploy equally advanced protection technologies, including customer endpoint malware detection.

A holistic fraud prevention platform focuses on preventing fraud at the customer endpoint. Just as important, it incorporates the four key elements that ensure maximum effectiveness with minimal disruption, today and into the future. As cybercrime threats evolve, so does the fraud prevention platform, quickly and seamlessly.

The Bank’s Liability for Cyber Theft on Commercial Accounts

3-12-13_Graves_Bartle_Marcus__Garrett.pngThe amount of financial loss that cybercrime inflicts on banks and their customers is staggering.  In the case of Patco Construction Company v. People’s United Bank (formerly Ocean Bank), fraudsters correctly supplied Patco’s answers to security questions and made six fraudulent withdrawals that totaled about $588,000.  When the U.S.  Court of Appeals in Boston last year found the bank’s security procedures didn’t meet the standard for commercially reasonable, the bank was forced to reimburse the company’s losses from the theft.

The take away from this and other similar rulings is that bank security procedures matter — to customers, to the brand and to the bottom line.  Banks can take steps to dramatically reduce the amount of financial loss to customer accounts and avoid or mitigate the risk of footing the bill for commercial account takeovers.

Here are five steps that banks can take to avoid having commercial account takeovers damage their bottom line:

Implement Commercially Reasonable Security Procedures

The Uniform Commercial Code (UCC) requires that banks have “commercially reasonable security procedures” to protect commercial customer accounts. Without these procedures, banks could most certainly be left holding the bag in the event of an account takeover.

To qualify as “commercially reasonable,” the bank’s security procedures should fall in line with procedures used by similar customers and banks, adhere to customer instructions, and take into account the circumstances and banking patterns of each commercial customer.

When a financial loss leads to litigation, the court will ultimately decide whether a bank’s security procedures are commercially reasonable.  Banks that can respond with current and ironclad procedures will be in the best position to protect against liability.

Train Employees to Follow Security Procedures

In the case of Patco Construction Company, the court faulted the bank because it did not follow its own security procedures.  The bank’s security system had flagged six transactions as unusually high-risk, but the bank failed to monitor the transactions or notify the customers before completing the transactions.  Unattended procedures, no matter how “reasonable,” do little good.

Train your employees on the bank’s procedures and demand strict adherence.  Employees on the front line of transactions are in the best position to impact this potential liability.

Perform Annual Review of Customer Agreements

A key pivot point on the question of liability is the content and nature of the bank’s customer agreements.

Customer agreements are often used as evidence of the security procedures agreed to by banks and their commercial account holders, and the agreements can be helpful to prove that the bank kept its side of the bargain. In certain circumstances, banks may shift the risk of loss for unauthorized payment orders to commercial customers if there was an agreement that payment orders would be verified using a particular security procedure.  This increased protection is available if the bank proves that it accepted the payment order in good faith and in compliance with the specified security procedure.

Schedule an annual review of your customer agreements and update them before you offer a new service or change your security procedures.  While not always protecting you against liability, customer agreements play a key role.

Develop and Test an Incident Response Plan

Without a plan, a bank’s chances of capping the loss and favorably positioning itself are slim.  An incident response plan equips employees with knowledge of whom to call and what to do when they suspect fraud.

The contents of an incident response plan should be tailored to the individual bank.  The format must be user-friendly, so that employees can easily follow the instructions in a stressful situation. The plan should include steps such as notification of the bank’s fraud department, designated management, and the customer, shutting down an online session, reversing payment orders, and invalidating online credentials that have become jeopardized.

Just as fire drills are practiced, so, too, should a bank exercise its employees’ understanding of the response plan. Time is of the essence in limiting loss and the bank’s reaction to the occurrence will be replayed in great detail. 

Promptly Conduct an Investigation of the Fraud

A prompt investigation is necessary to determine the cause of the security breach.  An investigation should include a customer interview by a trained bank employee and, to the extent it is accessible and permitted, a forensic examination of the customer’s computer.  The bank should contact its security provider to find out if the system was functioning properly at the time of loss.  Obtain documents from your security provider that show the customer’s online account activity, the IP address that initiated the fraudulent transfer, and whether the perpetrator used the customer’s credentials.

Prepare, plan, practice and perform.  Your bottom line is at stake.