As financial crime has skyrocketed during the pandemic, financial institutions have had to change the way they chase fraudsters. Although machine learning can increase their agility in fraud detection, there is more to do in terms of cooperation, panelists at a Sibos session said.
Financial crime and fraud detection have been the centre of discussions on the first two days of Sibos 2021. VIXIO reported yesterday how industry experts hoped to use machine learning, empowered by the data-rich ISO 20022 message format, in their fight against money laundering, shifting its approach from detecting a suspicious payment to preventing it.
At the "Fighting fraud: AI, ML, and the power of data" session, experts went further, exploring how use of machine learning could speed up fraud detection, while helping improve the overall customer experience.
Fraudsters have become more sophisticated and are adapting very quickly to the ever-changing environment.
COVID-19 restrictions, in particular, have created a series of new opportunities for scammers to defraud customers, including business email compromise, but fraudsters were also quick to react to new regulations, Mary Rosendahl, managing director at Bank of America, pointed out.
One of the fastest growing fraud areas is Authorised Push Payment (APP) fraud, which includes business email compromise, whereby fraudsters trick people into sending a payment to a bank account they own. For example, this could involve the scammer posing as the beneficiary of a genuine invoice you need to pay. According to data from UK Finance in the UK, reported losses to bank transfer fraud increased by 71 percent during the first half of 2021, exceeding the amount of money stolen through card fraud for the first time.
The UK’s confirmation of payee (CoP) scheme was intended to help reduce payment misdirection by asking the payer to confirm the named person on the account to which they are sending. Although this is not a silver bullet, in that sometimes the named business is different to the name on the account, it could help significantly reduce this type of fraud.
According to Nadya Hijazi, global head of digital at HSBC, while “the adoption of CoP is spreading, fraudsters have switched quickly to new types of frauds”.
“The most important lesson learned from the pandemic is the fact that fraudsters adjust their tactics and techniques very quickly, and the financial industry has to show the same level of agility to fight criminals”, Zoe Hillenmeyer, head of business development at Amazon Web Services added.
Traditional rule-based systems are not only frigid, but they are too slow to adapt to the new types of fraud. In order to set up or update rules, there has to be a number of prior attacks that reveal a pattern. Machine learning, however, can spot trends and patterns much faster than individuals, Hijazi noted.
According to Hillenmaker, there are positive signs that financial services and business are beginning to make practical use of machine learning to help in both fraud detection and improving the customer experience: “The last three years there has been a real shift from experimentation into mainstream production at scale globally.”
Regulation has also played a big role in building the business case for machine learning. According to Hijazi, “one of the big problems with business email compromise was the customer was taking the losses. It did not create the right ROI (return on investment) for the financial institution to invest.” Regulators in the UK are driving the business case to invest in new technologies and approaches by passing the losses onto the bank.
Although the amount of data that artificial intelligence needs to be able to spot patterns has shrunk significantly over the years, Hijazi underscored the importance of cooperation between financial institutions.
Reluctance to share data between banks has held back fraud detection and allows fraudsters to use the same pattern for new victims. “We are stronger together”, said Hijazi, noting cooperation between industry players and data sharing would enable better fraud detection.
“Imagine if we could anonymise data the same way as we do in the sanctions database… that we could use across the big e-commerce players and the banks.” Such a database, coupled with a real-time API, could catch fraudsters at the point of making the instruction, she said.