Nidhi Alberti: Marc and Giselle, thanks for taking the time to chat. Tell us your thoughts on the primary fraud trends that banks and other financial institutions should really be paying attention to as they plan for next year.
Marc Trepanier: A lot has happened this year that will lead to a number of new trends in 2020 and also the continuation of existing trends. The first is user behavior analytics or UBA for continuous risk or authentication assessment. With UBA, organizations can assess user behavior; whether it’s a swipe on the phone, a wiggle of the mouse or a tap on the keyboard, making it quicker and easier to detect unusual or suspicious behavior – BioCatch is just one example of a company that is pioneering in this area.
Machine learning, which has been a big focus over the last couple of years, will continue to advance. In fact, I see supervised machine learning continuing to be the mainstay of fraud teams, though unsupervised machine learning will start to gain a foothold and become a must-have for enterprise fraud protection.
Giselle Lindley: I’d also add the trend of democratized machine learning to that, Marc. With democratized machine learning, financial crime risk managers with specific subject matter expertise are equipped with machine learning modeling tools that they can build, test and deploy quickly on their own to address specific threats. This also gives them the power to explain their choice of features, use of model scores and the actions taken to their management, auditors and regulators as required. A more democratized approach to machine learning will make it easier to show the ROI of investment – a big reason why this trend will emerge strongly.
We will also see more interest among banks for shared intelligence (features and signals vs. data) for increased accuracy of fraud detection and prevention. The concept of a centralized payments intelligence hub could be a big trend in 2020, where information around fraudulent activity can be shared between organizations. For example, if one bank gets hit by a particular fraud pattern, other banks could learn from it so as to avoid falling into the trap themselves. This just creates a win-win situation between banks and their customers. Enterprise-wide fraud management will become too narrow an approach to risk management, which will help such a centralized intelligence hub to take shape.
NA: Interesting insights! Can you talk more about the trends that took shape this year that will continue into next year?
MT: I see the rise of application fraud continuing into next year. Across the world, identity scans are largely broken, meaning that synthetic IDs and pure identity theft will continue to increase next year, especially as banks and credit grantors continue to neglect reporting these losses or lose them in credit losses.
GL: To add to Marc’s point about the rise of application fraud, I see continued attacks on central infrastructures that manage digital address books for immediate payment accounts, for example Australian PayID attacks.
MT: And let’s not forget consumer scams. Consumers across the world are now the weakest link, as fraudsters continue to manipulate them in their scams – something that is sometimes referred to as “social engineering.” This will drive an ongoing rise in authorized push payments (APP) fraud in the U.K. and across other countries. Related to consumer scams, fraudsters will look to exploit weaknesses in peer-to-peer payment platforms and immediate payments services next year and beyond.
GL: There will also be an increase in scam victims’ conversion to “mules” as customers realize they have been duped and banks refuse to reimburse losses. This will leave fraudsters with a list of victims ripe for further social engineering as they recruit fraud mules willing to have their account used to transfer stolen funds if there is a promise that they can get back some of the funds they have lost. In the same vein, banks will face increasing pressure to protect vulnerable customers from such attacks by identifying threats and proactively protecting against them. This is a highly specialized task that requires accurate demographic profiling and assessment of customers’ financial information in an ongoing manner.
Visibility is crucial here, as Indicators of fraud can appear anywhere, from transactions and customer interactions to attempts at biometric authentication and geo-location. It’s therefore important that banks can see risks across all channels, dismantling the silos that can lead to fraud threats being missed and for a potential fraud vector to emerge. With the emergence of the Public Cloud banks can balance their physical and virtual (or legacy and modern) solutions, finding fast and flexible ways to transform without disrupting core services. This will help banks to bring their data sources together in a meaningful, useful way, without creating problems for the delivery of existing services. For this reason, expect to see public cloud deployment of enterprise fraud detection as a growing trend in 2020.
MT: Good ol’ card-not-present (CNP) fraud will continue its ravages into next year, too. Until 3D Secure 2.0 is in place and the SCA push in Europe is complete, eCommerce will continue to be fertile ground for fraudsters. In the U.S., I think this will stay on the list for at least two more years, given the market’s slower rate of change.
NA: Technology is obviously evolving quickly in response to a number of these trends – what would you say will be the big technology losers in 2020?
MT: Canned reporting is too slow and uninsightful, and I think this will definitely lose out next year. The big whiff this year was evidently the whole PSD2/SCA deadline that was missed by nearly everyone. It will be interesting to see how 2020 pushes the fraud bubble once SCA is in place and 3DS 2.0 is launched.
Want to improve customer service and reduce fraud? Download our guide: The Six-Step Guide to Leveraging Machine Learning for Payments Intelligence