Guardian Analytics: Omni-channel Banking and Fraud


Financial institutions (FIs) are under unprecedented pressure from market competitiveness and rising customer expectations. As a result, these institutions need to be able to offer new and faster products and services across a range of channels and payment types. Getting new offerings to market quickly, however, can increase fraud risk and most fraud prevention systems are not capable of detecting escalating attacks as fraudsters merge their activity across channels and payment types. To meet the need to accelerate new product and service delivery while continuing to keep customers and the organization protected against fraud risk, FIs must do something different.

Millennials (i.e., consumers born between 1980 and 1994) are driving FIs to rethink the products and services offered to attract and retain clients. Millennials represent a huge opportunity for financial institutions, but that also comes with business risk. What makes the millennial generation unique is that they are tech- and mobile-native and, as such, are quick adopters when it comes to new technology and services. They also tend to have lower levels of loyalty to specific providers or brands than previous generations.

Millennials expect to be able to bank anytime, anywhere, from any device. They adapt to change easily, in fact welcoming it and seeking out new ways of doing things. Few millennials have checkbooks, and they are driven by on-the-go convenience, preferring services such as P2P payments from their smartphone. They pay bills online and make retail purchases using mobile wallets and near-field readers instead of credit cards. To make inroads with the millennial generation, FIs must get to and stay on the leading edge to retain their increasingly profitable millennial customers.

Many FIs are stepping up, creating the easy, intuitive, low-friction banking experience that millennials demand. And while millennials may be the driving force behind many new banking products and services, other account holders are quickly seeing the benefits and are becoming equally at risk of leaving an FI if it is unable to keep up with competitors, whether banks, fintechs or technology companies such as Google and Apple.

All of these modern payments capabilities introduce risk, and security is just as important to millennials as it is to everyone else. Fraudsters are known to quickly exploit new services, before security systems have caught up. Even third-party fintech services can hurt traditional FIs from a fraud perspective, as many of them are tied to checking accounts. So, when a PayPal account, for example, is compromised and money is stolen from the bank account to which it is connected, the FI and their customer is certainly impacted.

Fraudsters continue to improve the sophistication and complexity of their attacks. In fact, fraudsters may know more about account holders than their financial institutions do. They are building complete dossiers on victims, studying banking procedures and continually creating new exploitative schemes. They are using faster payments services to, for example, take over digital accounts. As more consumers are accessing their accounts and making payments through an online mechanism, there is more incentive for fraudsters to direct their efforts at cracking into and taking over these accounts; sending payments to people, such as “mules” or vendors on behalf of the fraudster.

With the increasing use of mobile banking, more consumers are using remote deposit capture (RDC) as well. This too has become a way for fraudsters to exploit traditional bank accounts. Remote deposit capture fraud can involve the fraudster illicitly gaining access to bank accounts and depositing fraudulent checks into those accounts. The fraudster then uses the compromised digital banking services to transfer funds or make payments to benefit the fraudster before the scam is uncovered.

It’s come to the point where FIs can no longer trust that someone requesting a funds transfer or logging into an online banking account is who they say they are. Social engineering techniques also mean that FIs can’t trust that their legitimate customers aren’t being manipulated by clever schemes. Fraudsters are also very nimble. As soon as FIs figure out how to prevent one type of attack, fraudsters simply create new ones.

Another evolution of fraud technique is the move to omnichannel attacks where fraudsters mix and match channels as needed to get information, initiate attacks, and complete fraudulent transactions. Many FIs still use standalone solutions from different technology providers that monitor one channel or payment type exclusively. These one-channel solutions create data silos that fail to link together significant data to detect omnichannel attacks.

The following examples capture some of the challenges presented by omnichannel fraud attacks. The individual activity taking place in a particular channel may not appear to be inherently risky. It’s only when the activities are taken together that a clear, high-risk pattern emerges:

  1. The fraudster contacts the call center using the dossier they’ve compiled on the victim to authenticate with the agent. Then they explain that they’ve been having trouble logging into online banking and ask the agent to reset the password. Now, armed with the new password the fraudster logs in and uses the online payments features, such as bill pay or external transfer, to send money to themselves or a mule account they control.
  2. A fraudster compromises a business online banking account and updates authentication settings, such as the email address or phone number, used to confirm payment requests. Then they submit a wire request through an offline channel, such as the call center or branch. When the FI uses the recently updated contact information to confirm the wire transfer, the fraudster authorizes their own request.
  3. The fraudster uses online banking to view check images with the account holder’s address and even their driver’s license information, if added to the check. They then create fraudulent checks, sign them with a good copy of the legitimate signature, if they have seen that on the check images, and uses mobile remote deposit capture (RDC) to deposit them in their own account.
  4. A fraudster accesses online banking using compromised credentials to update the customer’s profile so that account verification messages are directed to the fraudster’s smartphone or email address. A short time later, the fraudster uses a fraudulent or compromised debit card in a card-present transaction. When the FI notices an unusual location for the debit card purchase, they may reach out to the account holder to confirm the transaction. But due to the updated profile, they reach the fraudster instead, who confirms that all is OK.

Omnichannel fraud prevention must take a customer-centric approach. This involves merging all activities for each account holder in any channel to create a 360-degree view of that customer’s behavior, and then analyzing the blended data to look for suspicious or high-risk activity in the context of all of what the account holder has done, both recently and historically.

FIs need to understand customers’ behavior and the risk it introduces across channels and transactions, at any point in time. Historical context paints a detailed picture of how this account holder uniquely behaves, across channels, making fraudulent activity stand out in contrast. An omnichannel fraud prevention solution accepts data from any and all channels or payment systems, connects activities by the account holder, and analyzes new activity in one channel against concurrent activity in other channels, and historical patterns in all channels. Analysts use the resulting risk scores to quickly focus on the highest-risk activities first.

There are two possible actions an FI might take in response to the resulting risk scores. For high risk scores they can intervene in some manner, such as contacting the account holder, triggering additional authentication, or freezing the account. Or, for low-risk activity, which will be the majority of the cases, they can process payments more quickly, even stepping down authentication, thereby improving the customer experience and decreasing the workload for fraud analysts.

Another outcome of taking a customer-centric approach is that FIs can detect early stages of a fraud attack, such as account takeover, reconnaissance activities such as viewing check images and historical account balances, and fraud staging such as changing profile information. Detecting these actions that occur well before there’s an attempt by the fraudster to move money, makes fraud prevention much easier than trying to recover the money after the fact.

Most of what account holders do is channel independent. The channel is a minor attribute of what the customer is actually doing, so using a point solution to track activity in a specific channel fails to provide a full picture of behavior and risk.

The individual fraud detection systems that many FIs have in place solutions (e.g. core, online, ATM, debit, wire, etc.) are ineffective once fraud is occurring across channels and products. Unfortunately, neither do they have the capability to improve effectiveness by working together. These point solutions come from different vendors with different or no industry standards for sharing data or connecting data about one account holder. In some cases, data is merged, normalized and loaded into a data warehouse for analysis, put that only helps identify suspicious activity days or weeks after it took place. It’s not actionable and only serves for reactive, ex post facto reporting.

Finally, whatever cross-system analysis may exist is only made more difficult every time a new vendor or system displaces an old one and rules used to normalize data are broken. The systems FIs are using need to do more than just aggregate the data or provide alerts on a single facet of customer behavior. They need to aggregate it into a holistic understanding of where the customer is, what he or she is doing, if it’s really them or an impostor, and the associated overall risk.

Behavior-based solutions, on the other hand, focus on account holder behavior, not on specific fraud schemes. Behavior-based fraud detection builds individual behavioral models of each account holder, and then compares all new activity to this established norm, and calculates a risk score that reflects the degree to which new activity is similar to, or different from, historical patterns.

Behavioral analytics can automatically monitor all account holders, without requiring them to install any software, change how they bank, or adopt new security protocols. All account holders are automatically protected. These types of solutions can also incorporate data from any channel and any payment type, as well as other internal systems and third-party sources (e.g. mule account lists) into the risk scores.

By focusing on behavior, instead of fraud schemes, these types of behavior-based fraud detection solutions are immediately effective against new schemes, including omnichannel attacks. They can detect fraud early, as soon as accounts are compromised or during initial fraud setup ― well before a transaction is attempted, when it’s still easy to intervene.

Understanding activity and risk across channels and transactions is essential to protecting account holders given how they’re banking today and how fraudsters are attacking. Using behavioral analytics will decrease fraud losses associated with the new products and services FIs are introducing to meet customer demands and to stay competitive. Behavioral analytics also streamline fraud operations with prioritized alerts and full historical context that speeds investigations, and will result in a faster, low-friction customer experience and thus improve loyalty and retention.

A final, perhaps unexpected benefit of using behavioral analytics is that it provides a holistic view of customer activity across channels, which creates an opportunity to anticipate customer needs and offer relevant, added-value new services.