Often holding millions of dollars in assets, banks, credit unions and other financial institutions have large targets on their backs. However, bank thieves have largely moved beyond the days of robbing branches at gunpoint. Instead, criminals use a range of digital tools and resources to impersonate customers and hack into accounts.
“Fraudsters are getting much more advanced in their approaches,” says Ryan Leblond, manager of fraud prevention and investigations for ESL Federal Credit Union in Rochester, New York. While it can be challenging for banks and credit unions to keep up with criminals’ evolving tactics, technology is also on the institutions’ side.
Robust options now exist to ferret out potential fraud and protect customer accounts. Algorithms, artificial intelligence and biometrics have saved millions of dollars while ensuring account holders maintain convenient access to their funds.
People-Centric Systems Pose New Challenges
In the days before cloud applications, it was easier to protect data. A firewall or similar system could be adequate to keep information safe from most threats. Today, it’s different.
“As companies migrate their critical workloads and storage to the cloud, protections offered from the data center dissolve as the perimeter disappears,” says Steve Tcherchian, chief information security officer and chief product officer for XyPro, a security solutions provider.
With millions of people now accessing data from the cloud, security measures have had to adapt. Not only does a system have to keep its information safe from outside attack, but it also has to ensure all those people using it are who they say they are. These people-centric systems pose a special challenge for financial institutions.
“We want to be sure we provide education to call center staff,” Leblond says. Workers need to properly verify a person’s identity before discussing any sensitive account data. To make that easier, financial institutions are deploying new technology to flag problematic transactions or attempts at account access.
Algorithms and AI Working Together
The earliest automated fraud detection systems relied on algorithms to identify potential problems. For instance, unusual transactions or spending behavior can trigger an alert requiring a customer to verify the account activity.
However, an algorithm alone can’t adjust itself. If a customer visits a foreign country every month and confirms that every purchase made there is legitimate, the algorithm will continue to flag those transactions until it has been modified to account for this customer behavior. That’s where artificial intelligence, or machine learning, comes into play.
Rather than waiting for a person to adjust an algorithm, AI can tweak the model as new data are gathered. Over time, the system can start making predictions based on past purchases. For instance, a large purchase overseas can pass through the system unchecked if it fits with a customer’s previous purchasing behavior.
“We have not begun to scratch the surface of the capabilities of machine learning and artificial intelligence to combat security threats,” Tcherchian says.
Biometrics in Banking
Traditionally, financial institutions have used passwords and PINs to protect account data. In recent years, two-factor authentication has been encouraged to ensure the person logging in can verify their identity using a code sent via text, phone call or email. However, none of these may be as secure as using biometric data.
“I’ve come to the conclusion that biometrics is the only sure way to prevent fraud,” says Brett Beranek, vice president and general manager of security and biometrics at Nuance Communications, which provides conversational artificial intelligence services.
To be most effective, biometrics should be stored within an institution’s system, not on a user’s device. Otherwise, security provisions can be easily bypassed or altered if the device is compromised.
As an example of the effectiveness of biometrics, Beranek points to the use of voice biometrics to verify the identity of those contacting call centers. HSBC UK credits the use of its VoiceID security measure as preventing nearly $550 million in fraud in 2019. VoiceID uses technology from Nuance Communications, and Beranek says the company has seen a significant decrease in call center fraud activity at other institutions as well. “The banks that were using voice (biometrics) managed to virtually eliminate fraud through that channel,” he says.
In addition to voice biometrics, financial institutions can use language and behavior biometrics to help determine if someone using an online chat function or banking app is the account holder.
Getting Help From Customers
While automated systems are doing the bulk of the work to detect fraud, financial institutions are hoping customers will help in the effort as well. That means opting into security measures, such as two-factor authentication and biometrics, when available. It also involves being smart about phishing scams and not clicking on links in unsolicited emails.
“Technology can only get so sophisticated,” Leblond says. As a result, member education is part of the security mitigation approach at ESL Federal Credit Union. The institution works to inform members of potential scams and how to respond should they receive an unfamiliar email from the credit union, see a transaction they didn’t authorize or encounter other questionable scenarios.
Bank thieves are upping their game all the time. But with a little help from customers and high-tech solutions, banks are hoping to keep pace and keep people’s money safe.