Pablo de la Riva May 11, 2020 9 min read

How do you identify the fraudster behind an online banking scam?

Fraudsters are innovative and tireless in their efforts to steal funds and evade detection. They will exploit advances in technology such as Faster Payments and even love to shamelessly use an uncertain and fearful situation such as the current global Covid-19 pandemic to their advantage, employing the coronavirus as a method to swindle innocent people out of their money.

This means that anti-fraud solutions must continuously evolve in order to keep up with them. What’s more, a comprehensive and desirable anti-fraud solution must maintain the frictionless experience promoted by technological advances such as Faster Payments, whilst protecting the bank and its users from fraud before it has happened – namely by staying one step ahead of fraudsters.

Traditional anti-fraud solutions only focus on blocking cyberattacks that have already been identified as threats. Learning the modus operandi of criminals – and then modifying anti-fraud solutions to counteract their latest techniques – is time-consuming, technically complex and therefore expensive, so many banks do not see it as a cost-effective way to prevent fraud. As a result, fraudsters have a large window of opportunity in which to perpetrate their crimes as banks react to stop individual attacks.

The only way to beat a fraudster is by staying one step ahead of them, predicting fraud before it even happens. How do you do this, whilst fighting against a constantly evolving adversary? You have to profile and then identify them, and buguroo’s most innovative capability of its bugFraud solution, Fraudster Hunter, shows you how. 


The tool employs behavioral biometrics to find fraudsters

There are thousands of parameters relating to a user’s identity that can be analyzed in order to determine whether a user is who they say they are.

The most relevant set of parameters that can be used for authentication is behavioral biometrics, as it is almost impossible to stole and repeat our behavior.

Banks can analyze behavioral biometrics to recognize unique characteristics such as how quickly a user typically types, or the way in which they move the cursor, and whether they normally do so via a mouse, touchpad, or trackball.

By utilizing Machine Learning and Deep learning such parameters can be used to dynamically create a unique profile for each user.

In the same way that profiles of legitimate banking customers can be built, Fraudster Hunter enables banks to do the same for cybercriminals and thereby pinpoint the illegitimate users hidden amongst the legitimate customers.

By capturing the cyber-DNA of fraudsters and comparing their banking sessions to the biometrics and contextual information they have already gathered, they are better positioned to proactively prevent fraud at any point in its timeline – including before it has even occurred.



Real-life detective work

Furthermore, Fraudster Hunter can be used by banks to conduct their own forensic investigation to learn the extent to which fraudsters have infiltrated their organization.

This Link Analysis solution can map all the users, creating a visual graph of the relations between their behaviors, devices, networks and sessions. Analysts can then use this information to see what other transactions or sessions they have been involved in.

As the analyst continues to expand this graph, it opens up a treasure trove of information to the bank – and, for one buguroo customer, has helped uncover a complex network of around 200 inter-connected mule accounts used for money laundering, and furthermore the bank analysts were able to pass on to authorities all identifiable information they had on the fraudsters at large.

This information is also vital in helping to predict and prevent similar fraud campaigns in the future.


What types of fraud can this detect?

As Fraudster Hunter focuses on the fraudsters and fraudulent sessions and accounts themselves, it is effective at dynamically counteracting all types of fraud, before, during, and after fraud has occurred. For example, other types of fraud it can protect against are:

  • New Account Fraud: contextual checks, using data from multiple sources, are particularly effective at spotting New Account Fraud (theft from accounts that are under 90 days old), when the bank is still gathering biometric information, and learning the user’s modus operandi
  • Account Takeover: as the user’s behavior is being analyzed throughout their entire online session, and being continuously compared against both their typical behavior in the past and the typical modus operandi of fraudsters, it can identify even the smallest of anomalies in real-time, enabling banks to actively detect if a fraudster has gain control of an account  that belongs to a genuine customer.
  • Synthetic Identity Fraud: as Fraudster Hunter builds unique user profiles and maps the links between fraudulent user behavior, devices, networks and accounts, banks will be able to discover where fraudulent accounts and devices are being accessed by the same person, even if they have set up the accounts under different names.
  • Banking Malware: This functionality is enabling the bank to visually track and identify all linked infected sessions and users all the way back to the first infected account. Through this method the bank is able to pinpoint the customer accounts which are the sources of fraudulent malware campaigns, and are being used to test and spread malware throughout the entire infrastructure.
  • Money Mules and Fraud Rings Identification: Money mules are the mechanism used by Fraudsters to store illicit funds in the bank accounts before transferring to other accounts, helping to create distance from the fund origin. A mule account is either set up as a Synthetic Identity Fraud or belongs to a legitimate customer who has allowed criminals to use their account in exchange for cash. Fraudsters and Fraud Rings often use money mules to hide the dirty money after committing specific types of fraud.

Pablo de la Riva

Pablo de la Riva founded his first company when he was 21 years old – a security consulting firm – and Revelock was his first software startup experience. He has been working in the anti-fraud sector for almost 15 years, first as a cyber-security analyst, then as a team leader, later as CTO with almost 200 people reporting to him and now as CEO.