Finance

BOT ATTACKS IN THE FINANCE SECTOR: FRAUDSTERS ARE USING AI TOO

Published

3 years ago

August 28, 2020

admin

By: John Briar, COO and co-founder, BotRx

The use of Artificial Intelligence (AI) and automated processes in the finance industry is growing. From using AI-enabled chatbots to communicate with customers, to using Robotic Process Automation to eliminate tedious tasks in payroll and accounts receivable, financial organisations are making the most of this up-to-the-minute technology. Indeed, a report by McKinsey found that current technologies can fully automate 42% of finance activities and mostly automate a further 19%. As progress continues to be made in automated technology, this number is only likely to increase.

The problem is that cybercriminals are also using AI. With AI tools at their fingertips, fraudsters are developing and deploying sophisticated automated attacks, namely in the form of malicious bots. These bad bots masquerade as legitimate users to conduct malicious activities against financial organisations, such as stealing Personally Identifiable Information for illicit activities like fraudulent credit card applications and account takeover. This trend has only increased during the coronavirus pandemic, as cyber adversaries look to take advantage of the disruption caused by the outbreak. Indeed, financial fraud increased 33% during lockdown, according to Experian.

John Briar

AI-enabled fraudsters are on the loose

Fraudsters are becoming increasingly reliant on automated bots, and using credential stuffing as one of their favourite tricks. Credential stuffing attacks work by taking advantage of the fact that people tend to have poor cyber hygiene and reuse the same usernames and passwords across all of their different online accounts. Cybercriminals then launch automated bots to complete repeated password-guessing attempts to log into secure user accounts on hundreds of different websites.

After the fraudsters have sifted through millions, sometimes billions, of login credentials, and have found a login match for a specific website, they normally sell these verified credential pairs to other cybercriminals that launch follow-on attacks. Once they have access to the account, cybercriminals begin committing a variety of fraudulent activities.

Account takeover fraud is a common endgame for bad actors, and almost always begins with credential stuffing. This attack allows fraudsters to access an individual’s account. Once inside, they can conduct unauthorised activity, and depending on the attack, even change login and personal information. KPMG found a 57% increase in UK financial account takeover cases last year, with account takeovers even making the news, like Marriott’s March 2020 data breach where login credentials of two Marriott employees were used to access guest information, affecting over five million guest accounts.

It’s time to fight back

Financial institutions must look to better protect themselves and their customers from these automated bot attacks. There are numerous solutions out there, though organisations must take note of the strengths and weaknesses of each one. The biggest challenge for financial organisations is being able to combat the dynamic nature of automated bot attacks, which fraudsters change on such a regular basis that it’s difficult to predict attack behaviours and recognise signatures.

Indeed, the hardest part of stopping bot attacks is that bots can very easily outmanoeuvre static network infrastructures. Currently, most solutions don’t have a dynamic nature. Firewalls and Intrusion Prevention Systems for example, are ineffectual because they cannot detect changing attack patterns. Web Application Firewalls on the other hand struggle to pick up attacks that mimic normal behaviours, which is exactly what these automated bots do. Threat intelligence, which gathers intelligence on new threats only after an attack has happened, also aren’t bulletproof as they allow early attacks to go undetected.

AI and Machine Learning (ML) based solutions are a better match for automated bot attacks, as they are playing fraudsters at their own game. However, even the most sophisticated AI and ML solutions can be outsmarted by fraudsters who take the time to gather intelligence so that they can plan a future attack. Because AI systems rely on the information they’re fed, they require manual intervention to classify if the anomalies identified in the traffic patterns are real or false events.

Then there are new solutions like Moving Target Defense (MTD), which has recently surfaced as malicious bots’ new foe. Coined by the US Department of Homeland Security, MTD is unique because it is a proactive approach to stopping malicious bot attacks, unlike traditional detect-block solutions. It works by making the attributes of a financial institution’s network dynamic rather than static, obfuscating the attack surface. This reduces the window of opportunity for fraudsters, making it extremely difficult for them to infiltrate a network, and allows financial organisations to take back control of their IT infrastructure by always being on the front foot.

A proactive approach

Continuing to rely on the detect-block methods simply isn’t sufficient to stop malicious bot attacks. While each of the above defence methods have their merits, financial organisations shouldn’t rely on any one of them alone, as the growing number of automated attacks will always be looking to take advantage of static infrastructure and other weaknesses.

It shouldn’t be surprising that, as financial institutions increase their use of automated processes, so too are cybercriminals. Financial organisations must therefore look to new solutions that will redefine the power balance between defenders and attackers. MTD is a promising approach to the equation, enabling them to protect their networks and their customers in the long-term.

Business

In-platform solutions are only a short-term enhancement, but bespoke AI is the future

Published

1 day ago

September 27, 2023

editorial

By Damien Bennett, Global Director, Principal Consultant, Incubeta

If you haven’t heard anyone talking about artificial intelligence (AI) yet, then where have you been? Conversations about AI and its advantages to society have been a key talking point over recent months, with advances being made in the generative AI race and ChatGPT opening a whole plethora of possibilities. Many have highlighted the advantages of AI, but notably it’s ability to create human-like content.

But these discussions have only scratched the surface of what AI is capable of doing. It is for far more than just essay writing, adding Eminem to your rave and photoshopping dogs into pictures.

In marketing, we have been using AI for years, for everything from analyzing customer behaviors to predicting market changes. It’s enabled us to segment customers, forecast sales and provide personalized recommendations, having a huge impact on how our industry works.

It is even, for the more savvy marketers of the world, becoming a key tool in maximizing budget efficiency – which is apt, considering over 70% of CMOs believe they lack sufficient budget to fully execute their 2023 strategy.

Now, as AI becomes more intelligent, the number of efficiencies it can unlock continues to rise. Not only can it help brands get the most out of their available resources and identify any areas of waste, but it can also help highlight new opportunities for growth and maximize the impact of your budget allocation.

The trick, however, is to veer away from the norm of using in-platform solutions with a one-size-fits-all approach and create your own, bespoke solutions that are tailored to your business needs.

Pitfalls of in-platform solutions

In-platform solutions aren’t by any means a bad thing. In fact, built-in AI tools have become increasingly popular, owing to their ease of integration, user-friendly interfaces and minimal set up requirements. They come pre-packaged with the platform, offering the user the ability to leverage AI technologies without the need for in-depth technical expertise or the upfront cost of building a solution from scratch.

However, the streamlined and accessible nature of in-platform AI solutions comes at the expense of complexity and customization. They are designed to serve a broad user base, but for the most part are built using narrow AI solutions with predefined features and workflows.

This makes them great for assisting with common AI tasks, but they lack the flexibility to tailor functionality towards unique business requirements or innovative use cases, limiting the potential efficiencies and cost savings that can be unlocked. Additionally, if a business’ competitors are using the same platform, they are probably using the same AI solution, meaning any strategic advantage gained from these will be reduced.

Bespoke AI solutions, on the other hand, may carry a higher initial investment – but can offer a significantly more attractive ROI over a short amount of time.

Why customized and adapted AI is the key

The difference between bespoke AI and in-platform solutions is similar to that between home cooked food and a microwave meal. Yes, it is more time consuming to prepare, and yes it likely carries more of an upfront cost, but the end result is going to be far more appealing and will carry more long-term value (financially… not nutritionally).

That’s because bespoke solutions, by nature, will have been tailored to address your brands specific needs and challenges. These custom-built tools allow for much greater efficiencies by streamlining workflows across different channels, automating more complex tasks, and providing deeper, more relevant insights.

The increased level of optimization can significantly improve productivity and reduce operational costs over time, offering a higher ROI. The increased flexibility of bespoke AI also allows brands to implement innovative use cases that can significantly differentiate them from their competitors.

The data analyzed can be specifically chosen to match business requirements, as can the outputs of the AI tool, providing a significant advantage when understanding and acting on the insights provided.

Additionally, these tools are, by nature, more scalable. They can be updated, upgraded and expanded as needs change, ensuring they continue delivering value as the business grows. They can also be designed to integrate with any existing IT infrastructure, from CRM systems and databases to marketing platforms and sales tools – leading to more efficient and effective decision-making.

Managing finances with AI

It’s no secret that AI in marketing automation has, and will continue to, revolutionize the way marketing is done. It has a bright, if slightly terrifying, future and can help CMOs to unlock new efficiencies, maximize the impact of their budgets and increase their ROI. And as this technology becomes more advanced, its impact will only increase.

But we already know that…and so does everyone else.

So, in order for businesses to make themselves stand out from the crowd , they must look to fully adopt the power of AI. Creating a customized and unique AI solution could be the way to set yourself apart from your competitors. A bespoke AI tool can provide brands and businesses with features unique to them and their business needs. As a result, companies will benefit from more useful data and better results to make more data-driven decisions for their business. Ultimately, this will help brands to maintain a competitive edge over their competitors, deliver ROI and most importantly optimize their budgets.

Business

Is your business suffering with Fintech FOMO?

Published

2 days ago

September 26, 2023

admin

Tom Kiddle, Chief Commercial Officer at Equals Money

It’s a challenging time for businesses of all sizes, but the past three years created storms that are particularly hard for SMEs to weather. For businesses dealing with shrinking margins, while a weakened pound is making international purchases more costly, it’s a scary time.

For many businesses this meant initially reigning in any unnecessary costs, reducing investment in anything deemed as a ‘nice to have’, and focusing on keeping the lights on. However, despite not being out of the woods in terms of economic challenges, this year many SMEs have their eyes on growth.

While some might have been buoyed by the news that the UK narrowly avoided a recession at the end of last year^[1], data shows businesses were already making investments before this news was released. In fact, UK business investment rose by 4.8% in Quarter 4 (Oct to Dec) 2022, coming in at 13.2% above where it was during the same quarter in 2021^[2].

So, where are SMEs putting their cash? As well as predictable spending on IT equipment, machinery, and transport^[3], businesses are also putting more funding than ever into technology investments – a trend that isn’t slowing down anytime soon. UK tech investment is set to grow at its fastest rate in over 15 years, both in terms of budget but also headcount^[4]

Tom Kiddle

UK businesses are clearly seeing the real opportunity that technology, in all its various forms, presents to their operations. This may also be bolstered by the fact that tech investments are potentially more cost-effective now that the government has made recent changes to R&D tax relief, which sees things like cloud computing and data included in expenditure categories^[5]. When it comes to revamping legacy systems and introducing Fintechs that offer businesses a smarter, easier, automated way of doing business, investing in technology can increasingly feel like a no brainer.

However, it’s rare that a one size fits all solution exists for businesses. What works for your competitor may not offer the same benefits to your organisation. In a world with so many risk factors, making smart investments that are aligned to your individual business goals is key.

Tom Kiddle, Chief Commercial Officer at innovative money movement solution Equals Money, explains four ways businesses can reap the rewards of smart tech investments:

1. Measurement

Can you measure the impact it will have on your business? It doesn’t have to be monetary, but if it gives you efficiency, visibility, or certainty, these can have measurable tangible impacts to your top and bottom line.

2. Insight

Does it tell you something you didn’t know before about your customers, your employees, your suppliers, and their behaviour? What could you do with that information? Often, businesses lack critical insight on their key drivers, and understanding those can open up new opportunities.

3. Action

Pretty charts and graphs make for good reading, but make sure you’re taking action with your new piece of tech. Setting accountability for action from your latest investment will drive your business to achieve a return on that investment and ensure it doesn’t sit on the shelf.

4. Adoption, adoption, adoption

Often, the latest tech trend may seem like a great investment to the motivated few, but look more broadly: if your intended internal target for your new tech fails to adopt the new practice, you won’t achieve the return promised. Also, more likely than not, you’ll frustrate both the key supporters of the new product and those you’re imposing it on.

Innovative technology, particularly in the finance space, can transform the way you do business, but avoid being lured in by solutions that don’t align to your individual needs. Good suppliers should always take the time to give an honest appraisal of whether their product is right for you and should leave you feeling empowered to devote time to what matters most – growing your business.

^[1] HR Solutions, 2022 ^[2] The Guardian, Feb 2023 ^[3] ONS, Dec 2022 ^[4] ONS, Dec 2022 ^[5] Nash Squared Digital Leadership Report, 2022 ^[6] BDO, 2023 [1] The Guardian, Feb 2023 [2] ONS, Dec 2022 [3] ONS, Dec 2022 [4] Nash Squared Digital Leadership Report, 2022 [5] BDO, 2023