Pablo de la Riva Nov 24, 2020 10 min read

How to Guarantee Online Banking Fraud Won’t Happen Again

How do you trust a customer you’ve never met? This is an issue banks contend with every day, as they try to detect and prevent fraud. 

Online banking fraud has become an epidemic – and as fraudsters continue to adapt and employ more and more sophisticated techniques to commit their crimes, fraud analysts are left playing catch up.One in every two companies in the world has been a victim of cyber fraud in one way or another.

Online banking fraud prevention traditionally focuses on static points in the user journey, for example, at account creation and at access layers such as login and the moment of transaction.

What happens if a fraudster has already infiltrated a bank’s system and is operating undetected from within?

According to a recent report by RSA, more than 30 percent of online banking fraud is carried out from accounts supposedly belonging to legitimate customers.


The battle which is consistently the hardest to fight is against those fraudsters who are already on the inside.



In order to comprehensively detect and prevent fraud and then block it from happening again, the battle needs to be fought dynamically throughout user sessions, as well as throughout the entire system: identifying fraudsters, investigating and understanding their operational behavior, and then stopping the criminal activity at its source.

Finding fraudsters and the compromised accounts linked to them is extremely important if fraud is going to be cut off at its root. But once the fraudsters have been discovered, fraud analysts at individual banks need to be able to bar their digital door against them, and guarantee those same criminals – and anyone connected with them – can’t gain access to the bank’s system in the future.

 

fraudster-hunter-policy-manager-blog-04

Fraudster Hunter’s Policy Manager

In order to successfully block fraud at its source, the focus has to be on locating the fraudsters themselves.

Revelock´s platform generates a unique digital profile – or Bionic ID – for every user who accesses a bank’s online system by analyzing thousands of parameters relating to each user’s behavioral biometrics, from the way in which they type their name to the angle at which they move the mouse or hold their phone, as well as contextual information such as geolocation, device profiling and malware records.


Revelock’s unique capability, Fraudster Hunter, performs link analysis powered by these Bionic IDs to recognize the real user behind the user profile.



The tool identifies and investigates fraudster activity and visualizes the connections between components to discover the accounts being used to commit fraud or those at high risk of being used to commit fraud.

This is where things get innovative.

Once a fraudster or any kind of fraudulent activity has been found, the bank’s analysts can utilize fraudster identifiers or behavior links to create a bespoke rule, which automatically flags up the same type of fraud or person in the future.

These individual rules utilize dozens of Bionic ID attributes to detect fraudster activity, before automatically triggering a predefined action which can range from stepping up authentication to terminating the transaction altogether, depending on the level of risk.

For example, once a fraud team has uncovered a fraudster and blocked them from logging in or carrying out a transaction, they can then create a bespoke rule surrounding this same user.

The next time the fraudster tries to log in to the bank’s online system, the rule will detect a match, essentially recognizing them before automatically blocking them from logging in or carrying out a transaction.

 

fraudster-hunter-policy-manager-blog-03

Rule-based fraud prevention campaigns

What’s more, these rules can be stored and then combined to create personalized, rule-based fraud prevention campaigns, that are built to address any combined set of attacks the fraud team deems necessary – ranging from phishing to RATs to new account fraud. In the example above, rules can be combined to ensure the fraudster is effectively blacklisted and can never access accounts in the bank’s system.

Furthermore, link analyses delivered by Fraudster Hunter mean that if the fraudster is acting as part of an organized fraud ring, anyone connected to them can be blocked as part of the same campaign, automatically revealing and blocking fraudsters and potentially freezing entire networks of mule accounts.

Enabled rules and campaigns actively scan all mobile and online transactions for matches with predefined fraudster identifiers and activity in real-time.

 

fraudster-hunter-policy-manager-ban2
Key benefits of Policy Manager

The introduction of Policy Manager, which is now a standard feature included with Fraudster Hunter, allows fraud teams to drastically increase their efficiency and fraud detection rates.

The customizable nature of the capability allows fraud analysts to personalize the deployment of AI in their fight against online fraud, which means the solution is like adding another member to the team. Only this teammate has a photographic memory, and can identify fraud and then recognize it again every time it occurs.

Teams now have an increased flexibility to respond to emerging fraud attacks, reducing losses caused by fraud without having to increase fraud team size.

Above all, the campaign-based solution is fast, it’s flexible, and it’s scalable; irreversibly eliminating fraud throughout banks’ systems and at all points in the user journey through continuous authentication.

It allows financial services to swiftly respond to threats and stop new fraud schemes without affecting legitimate customers and therefore maintaining customer trust and safety.

With the addition of Policy Manager, Fraudster Hunter now delivers the ability to comprehensively:

1)      identify fraudsters

2)      learn and understand how they operate

3)      create automated defenses to stop them from committing fraud at the bank in the future.

avatar

Pablo de la Riva

Pablo de la Riva founded his first company when he was 21 years old – a security consulting firm – and Revelock was his first software startup experience. He has been working in the anti-fraud sector for almost 15 years, first as a cyber-security analyst, then as a team leader, later as CTO with almost 200 people reporting to him and now as CEO.