Connect with us

Interviews

Overcoming the threat of voice fraud in the financial industry

Published

on

Introduction

The level of fraud hitting the financial industry is a serious crisis. According to UK Finance, in the first half of 2021 more than £750m of bank customers’ funds were lost to fraud, an increase of more than 20% over the same period in 2020.

We spoke to Nikolay Gaubitch, Director of Research EMEA at Pindrop, about possible causes for the increasing volume of fraud – and what can be done about it.

 

Q1: Reported banking fraud skyrocketed in 2021. What is causing this alarming trend?

There are a few different trends at play here. First of all, fraudsters are increasingly able to pass security measures and access accounts thanks to the huge volume of personal records being stolen on a daily basis. More than five billion individual personal records are believed to have been breached in 2021 alone.

With that much data floating around, it’s never been easier for fraudsters to acquire login credentials and other personal information to bypass security measures. Financial account information is sold as a commodity on the dark web – for example, Pindrop’s recent Voice Intelligence and Security Report discovered that complete sets of financial data can easily be bought for less than £50.

In addition, criminal gangs have become more organised and more adept at targeting less secure areas of the financial ecosystem to overcome or bypass strict security measures. In particular, the voice channels relied upon by financial organisations for customer service can be highly vulnerable to fraudsters seeking to access customer accounts.

 

Q2: Why are fraudsters targeting the voice channel?

The voice channel is seen by fraudsters as a more accessible alternative to online platforms that have been bolstered by stronger security measures. Telephony can be exploited to provide direct access to customer accounts without the technical skills and resources required for breaching online platforms.

Caller verification is usually handled by knowledge-based authentication (KBA), a series of questions that usually involve a mixture of personal information and passwords or PIN codes. This process can be overcome by a combination of stolen information and a strong social engineering playbook, with criminals bluffing their way past any knowledge gaps. As stolen personal data has become more freely available on the dark web, KBAs have become less and less effective.

In fact, KBAs have become so ineffective that Pindrop research indicates fraudsters now have an easier time passing them than legitimate callers do. A Pindrop case study with a national contact centre found that 92 percent of fraudsters were able to pass KBAs, compared to just 46 percent of legitimate callers.

Fraudsters can also harvest or verify already stolen data by exploiting automated IVR systems or cross-referencing with other accounts.

As the financial industry offers the most direct access to a lucrative payday from fraudsters, the voice channels for banks and other financial firms are a primary target for these tactics. Our research showed that an estimated one in 1175 calls handled on behalf of banking and finance organisations was fraudulent in 2021.


Q3: Why has the voice channel been more difficult to secure than online platforms?

Securing the voice channel has historically been limited by technology due to the format and the real-time nature of the telephony channel. With limited technological options for securing and ensuring authentication in the past, fortunately solutions have now become available in the last few years.

A key consideration has been that it has been difficult to implement more effective measures without causing significant disruption for legitimate callers. For example, layers of verification such as multifactor authentication (MFA) that are common in online platforms would be too slow and unwieldy during a live call.

 

Q4: Why is the balance between authentication and accessibility so important?

Striking the right balance between effective authentication and a positive user experience is a challenge for most communication channels. However, it is particularly critical for voice.

The human aspect of voice is one of its strongest assets, providing customers with the chance to engage directly and in-depth with a trained support agent.

Financial firms risk backlash from their customers if they make voice access too difficult with strict authentication methods. Recent research by the Call Centre Management Association (CCMA) found that just over a quarter (27 percent) of all respondents had stopped doing business with at least one organisation because of authentication issues.

 

Q5: How can the voice channel be secured against fraud?

One of the most promising developments in securing the voice channel is the application of AI and machine learning technology. The technology can be used to rapidly detect fraudsters through

multiple data points such as their voice, device, and call metadata. This means imposters can be outed no matter how much stolen data they have, and regardless of how slick their social engineering skills are.

Crucially, this process should be entirely passive, taking place in the background with no additional burden or friction for legitimate callers. The real-time analytical power of AI and machine learning can also be applied to authentication to create a more efficient and seamless process.

Pindrop’s technology has delivered proven results for callers and call-handlers alike. In one example, the US-based United Community Bank (UCB) was able to handle 14 percent more calls thanks to the time saved in cutting down lengthy authentication processes. As a result of this efficiency, the average time spent on hold decreased by one minute and 11 seconds and the number of abandoned calls dropped by seven percent. Post-call satisfaction surveys saw a five percent increase in customer satisfaction.

In another example, the First National Bank of Omaha (FNBO) was able to improve account takeover (ATO) detection  by 59 percent. Total losses from ATO reportedly went down by 16 percent, and overall average loss decreased by 47 percent after implementing Pindrop technology.

Business

Q&A: Improving biometric systems using AI-based spoofing

Published

on

By

Abdarahmane Wone, Software Engineer at Fime

As adoption of biometric authentication increases, so does the need to ensure that biometric systems are resistant to attacks. Presentation attacks, such as spoofing, which aim to “spoof” a biometric verification or identification procedure, can compromise biometric authentication. Fime is exploring how to transform genuine biometric images into synthetic spoofs and evaluate the robustness of biometric systems in detecting presentation attacks.

Stéphanie Pietri (SP), Communications Director at Fime, speaks to Abdarahmane Wone (AW), Software Engineer, about Fime’s new research paper to discuss the potential impact that digitally synthesized fingerprint spoofs can have on anti-spoofing systems.

SP: What is an anti-spoof test?

AW: Presentation attacks, when an attacker attempts to trick a biometric system, are one of the key security challenges facing biometric systems. It is critical that the presentation attack detection (PAD) technology in a biometric system is thoroughly tested, as this is what ensures the security of the system. Presentation attack detection testing is usually done by creating presentation attack instruments (PAIs) and performing active spoof attempts to determine whether a biometric system will authenticate a credential that is not genuine. This requires significant skill and time investment from testing labs.

SP: What did Fime do?

AW: To learn more about biometric systems’ ability to resist presentation attacks, Fime conducted research to determine whether digitally synthesized images are as good as real spoofs. AI and deep learning were used to transform genuine fingerprint images into spoof images similar to the ones made from the spoof materials commonly used in anti-spoofing tests. We did this in order to simulate the standard testing process.

We used a multi-domain style transfer model taking data from LivDet, an international competition of presentation attack and fingerprint liveness detection. Data from five different materials were used: Ecoflex, gelatin, latex, modasil, and wood glue. The data set was composed of a training set and a testing set, each containing 2000 images (1000 genuine images and 200 of each spoof material for each set). We extracted and randomly cropped multiple 224×224 patches from each image and injected them into the system to see if they were detected as spoofs under the NIST Fingerprint Image Quality (NFIQ) algorithm.

By using this kind of method, the testing process is sped up and a larger number of spoof materials are covered than it would be possible to physically fabricate in a given time.

SP: What was the impact of the digitally synthesized spoofs on the system?

To assess the validity of the digitally synthesized fingerprint spoofs, the NIST Fingerprint Image Quality (NFIQ) algorithm, which provides an overall score on a scale of 0 to 100, was used. This is based on the usability and features of an image. We used this algorithm to determine whether the quality of the presentation attack instruments was similar to that of the synthetic presentation attack images.

For each material, we found that there is a similarity between the distribution of the genuine images and synthetic images.

SP: What does this mean for the future of biometrics?

Fime has developed a method that can be used to evaluate biometric systems’ ability to resist fingerprint spoofs. This can help vendors to develop their fingerprint recognition products, in particular training algorithms to resist presentation attacks. Payment schemes can also use the research to implement new testing methodologies for these products. These findings will ultimately help laboratories to make cost and time savings, helping secure products launch more efficiently.

Continue Reading

Interviews

Matt Cox, Managing Director and General Manager, EMEA, FICO, answers questions on fraud from Finance Derivative

Published

on

By

What are the biggest fraud concerns for FICO’s customers?

Scams are definitely high on the list. There is a continued surge in Authorised Push Payment (APP) scams, advanced social engineering, and pandemic-related fraud.

The level of sophistication present in scams seems to grow at a daily rate and that is always one of our biggest concerns – staying ahead of the criminals. A coordinated approach to managing the authentication of customers will be a strong starting point for any organization, so that they can adapt and adjust as the market changes. To address current fraud concerns, banks need to take this into consideration. There are specific machine learning models designed to detect scam-related activity, and banks should explore those.

How have scams changed since the pandemic started?

Investment and crypto scams saw a big spike and there was a swift rise in vaccine-related scams with an emergence of a black market for the sale of fake vaccine passports. There is certainly a good level of public awareness of scams, but according to our consumer fraud survey, only 6% of customers said they were most concerned about being tricked into sending payments to a fraudster — as compared with 26% who were most concerned with having their stolen identity used to open an account, which is much less likely. This relaxed attitude in combination with increasingly realistic and creative social engineering and impersonation schemes, is part of the reason why fraudsters continue to succeed in scamming customers.

Authorised push payment fraud is one of the biggest concerns in the digital payments industry. According to UK Finance, APP fraud has, for the first time, surpassed card fraud with £355 million in losses attributed to APP fraud in the first half of 2021.

What is the challenge for banks right now in dealing with APP scams?

APP scams present a unique challenge as they involve tricking the victim into sending money to the fraudster. Despite measures like Confirmation of Payee (CoP) being put in place to stop these fraudulent transactions, the victim will have the final say and can override warnings put in their way. A layered approach is needed to prevent it, multiple tiers of armor are always most effective.

Some improvements in payment technology are actually making it easier for criminals to commit APP fraud. As more consumers and businesses adopt simple ways to send money in real time the pool of potential victims increases, a trend accelerated by the COVID crisis pushing more people to use online banking. Real-time payments also lower the risk for fraudsters, as money is transferred instantly, fraudsters can move payments through multiple accounts in a process of layering to launder the proceeds of the fraud and make tracing them more difficult.

Criminals are devious and clever, and victims cannot simply be written off as gullible exceptions. As real-time payment schemes can be used to transfer large sums of money, there is a need to employ layered fraud protection across all products and channels used to manage real-time payments.

Maintaining good customer experience by not impacting too many genuine transactions is a growing concern. As banks get better at detecting scams, there is still a very high false positive rate with many genuine customers needing to be disrupted in order to find a single fraud. This is where advanced analytics and particularly a consortium approach are critical aids.

What has your research told you about how different generations think about fraud and scams and the actions they take to avoid them?

We frequently survey consumers across the world to get a sense of their attitudes towards fraud and the security measures implemented to catch it. The results are always interesting and often flag the differences in how age groups approach financial security.

For example, in our most recent survey of 1,000 UK consumers, 55% said they would switch banks if theirs was reported to be involved in a money laundering scandal. The younger age groups would be most eager to swap their financial service provider after a money laundering scandal: 64% of 18 to 24 year-olds would switch, as would 68% of 25 to 34 year-olds.

Those in the Millennials generation – aged 25-34 – appear to be the least impressed with banks’ current approaches to fraud. When asked about account takeover, 19% thought banks were not fair with customers in terms of how they resolved this. And when considering cases of customers being tricked into sending money to fraudsters, 21% of them thought measures were not fair.

How much of an issue is social engineering?

Social engineering is a vital component of a fraudster’s playbook. It is not a new approach for them but is one that can cause devasting results. Fraudsters buy compromised data (credentials, ID documents, personally identifiable information or payment details) and ultimately, they use it to manipulate victims and commit fraud. Sometimes, fraudsters don’t have all of the pieces of the puzzle together, so they often further manipulate systems and customers in order to get the full suite of assets they need to steal.

The complexity of scams and social engineering means that financial institutions have to take a layered approach to prevention and detection. For example, checking device characteristics is useful, but when combined with Confirmation of Payee, transactions analytics, customer profiling and instant messaging services for verification, this is where the layers play extremely well together. When and how fraud prevention solutions are deployed must be balanced with other factors such as customer experience and operational costs. Being dynamic and flexible is key to both creating the necessary balance and evolving at least as fast as the fraudsters can.

Identity authentication isn’t as strong in a scam event as it is in other fraud types. Nearly all fraud events start with a data compromise and with scams it’s no exception. Identifying compromised and vulnerable customers is still very inconsistent across banks, so there is a big opportunity to be more proactive in stopping the scam before it is initiated.

Many banks have incorporated consumer protection into their marketing plans but I would like to see more do it across the industry.

What are the latest scams you are seeing emerging?

Before Open Banking, criminals applied for low-risk accounts using a fake identity in order to start building up their credit file. Over time, they would move into commerce and then onto higher-value targets, hitting them hard.

We believe this approach is finding its way into the Open Banking ecosystem as a faster route to higher-value credit. Having secured low-risk bank accounts and passed the Know Your Customer requirements, criminals are attempting to access new services through Open Banking third-party providers, who offer loan approvals and various other financial and investment services.

We’ve also seen a steady rise in fake videos and audio with targeted content that manipulates and gains access to personal and finance data. As the technology becomes more sophisticated, it’s becoming the new favorite tool in financial crime. For instance, bank manager in the United Arab Emirates fell victim to a threat actor’s scam, when hackers used AI voice cloning to trick the bank manager into transferring $35 million.

We believe this will become a big challenge for banks in Europe and across the globe as they find themselves increasingly targeted in this way. As those deep fake technologies develop, we will see more innovation and use of a wider variety of biometric technology thrown into the mix.

Continue Reading

Magazine

Trending

Business4 hours ago

Hidden channel costs: how to find and tackle them

By Mark Wass, Strategic Sales Director, UK and North EMEA at CloudBlue     Growth for businesses will always be a...

Finance10 hours ago

Is your business ready for finance automation?

Mari-Frances Bentvelzen, Business Head and General Manager of Global SMB at SAP Concur   As managers continue to drive their...

Top 1010 hours ago

The power of a proactive customer service

By Delia Pedersoli, COO, MultiPay   2023 is shaping up to be another challenging period for B2C businesses. While the...

Business10 hours ago

Automation nation: Liberating workers from desks, data entry and the doldrums

Gert-Jan Wijman, VP of EMEA at Celigo.   Just when businesses thought the tough times were over, even more challenges...

News10 hours ago

Protean and Fino Payments Bank tie-up to expand PAN card issuance services in India

Fino Payments Bank has tied up with Protean eGov Technologies (formerly NSDL e-Governance Infrastructure Limited), a market leader in universal,...

Business18 hours ago

What is the True Cost of SMS Phishing?

Gemma Staite, Threat Analytics Lead   Cybercriminals will recycle attack strategies for as long as they are effective. In Fraud...

Technology1 day ago

Digital Asset Management (DAM) To Transform Enterprise Brand Management

Alexander Rich, Co-founder and CEO – Desygner    Rapid digital transformation fuelled by the pandemic has undoubtedly proven beneficial to...

Finance1 day ago

Cost of living: How to identify vulnerable customers

Ellie Engley is account director at REaD Group   In the current climate, the cost of living crisis is a...

Banking1 day ago

Is traditional business banking the best option for SME finance squeezes?

Airto Vienola, CEO, AREX Markets  The pressures facing business and personal finances alike have been well documented. Stories are now starting...

Business1 day ago

Breaking down communications silos to streamline the customer experience

Dave Tidwell, Head of Technical Pre-sales, DigitalWell   The pandemic has, without doubt, moved the goalposts when it comes to...

Business1 day ago

How growth can be a big challenge when a business becomes multiple entities

By Paul Sparkes, Commercial Director of award-winning accounting software developer, iplicit. Organisations don’t just grow in size – they also...

Wealth Management1 day ago

Keeping Cyber Insurance Premiums Down with Deep Observability

By Mark Coates, VP EMEA, Gigamon There is no doubt that the cyber insurance industry has experienced something of an...

Business1 day ago

When it comes to innovation, ignore your CEO and listen to your customer

 By Alex Hammond, Partner, Airwalk   At its core, the 2008 financial crisis was a result of banks incorrectly managing...

Business1 day ago

Netflix-style ransomware makes your organisation’s data the prize in a dark subscription economy

By John Davis, UK & Ireland Director, SANS Institute. Today’s subscription economy makes accessing nearly any service as easy as hitting enter....

Banking1 day ago

BANKING FOR BETTER 

By Alex Kwiatkowski, Director of Global Financial Services, SAS. From shifting market dynamics and mounting geopolitical tensions, to skyrocketing cyber threats...

Banking1 day ago

Why traditional banks need to embrace the agility of fintech competitors

Paul Higgins, EMEA Banking Lead, Mendix   Tech has long played a role in the finance space. The legacy applications running...

Technology1 day ago

SaaS Procurement’s Silver Bullet – How Automation is Changing the Game

Sven Lackinger, Co-Founder, Sastrify   Sven Lackinger is Co-Founder at Sastrify, the digital procurement platform for Software-as-a-Service products. Founded in...

News1 day ago

Tata Motors partners with IndusInd Bank to offer exclusive Electric Vehicle Dealer Financing

Key Highlights:   One-of-its kind Electric Vehicle Inventory Financing program for Tata Motors’ dealers  Limits extended towards EVs will be over...

Finance1 day ago

astrantiaPay Selects SaaScada to Enrich Swiss Landscape of Business Payments and Fill Market Gap

Swiss financial firm, astrantiaPay, to use SaaScada’s cloud-native core banking engine to simplify cross-border payments for SMEs and facilitate international...

Business2 days ago

How Big Data is Transforming Bilateral Trading

By Stuart Smith, Co-Head Business Development – Data & Risk at Acadia   Since its inception, Big Data has been...

Trending