- Fraud
The fraud fight gets faster
- Brian Keefe of NICE Actimize joined the BAI Banking Strategies podcast to share his best ideas to leverage fraud-detection technology and real-time interdiction.
Share
It’s more important than ever to build nimble defenses against fraud. That’s especially true as banks accommodate real-time payment systems, including FedNow, and as regulations demand tougher detection and the recovery of funds lost to fraud.
Brian Keefe, senior presales consultant from NICE Actimize, joined the BAI Banking Strategies podcast to share his best ideas to leverage fraud-detection technology and real-time interdiction so that banks and credit unions, regardless of size, might react even before losses are felt.
A few takeaways from the conversation:
TRANSCRIPT:
Banks can, and as regulations dictate, must get faster detecting fraud before losses are incurred. In fact, fraud response must be able to match the speed of the real-time payment systems increasingly in use, which is to say they must be nearly instantaneous. Brian, welcome to the BAI Banking Strategies podcast.
Thank you for having me.
Well, it’s that time of year for a checkup on financial habits, we see that all around even for our personal exposure to fraud risks. Many of us, or perhaps the young adults in our life or relatives in their golden years, all transact often and may not know just how vulnerable to fraud we might be without proper safeguards.
Certainly, our industry knows that its customers and increasingly regulators demand evidence and protection that is faster and smarter. But Brian, you’re starting a new year, optimistic that our industry is getting more responsive or at least understanding more fully the anti-fraud technology investments can be budget dollars well spent. Curious to kick off our conversation. What’s fueling your optimism?
Believe it or not, 2024 out with the old in with the new, and I think my initial optimism and confidence stems from a variety of factors that the credit unions, community banks, regional banks are revisiting or initially considering the topic of fraud prevention and payment protection.
In particular, you look at perhaps the results of previous fraud loss they might’ve had or heard of over the news or from friends at other institutions may be one reasoning why or reevaluating their current procedures and processes to accommodate the new faster payment opportunities that FedNow and the other RTP services offer an institution.
Or maybe it’s after these serious considerations and reviews of the regulatory guidelines and scrutiny that they need to adhere to in order to survive in what we consider the sweeping industry transformation and proactively safeguarding their customers from an accelerated and ambiguous risk.
While real-time detection is significant, I think with the complex fraud solutions that are out there today, I think that is going to be an area that not only in the detection side, but as we talk about the real-time interdiction side, I think all those factors considers gives me a warm feeling that I think the institutions today are taking the right approach in order to combat the fraud that this real-time payment processing offers.
And Brian, let’s dig into interdiction a little bit more. You talked specifically about real-time interdiction. Can you explain what that is and why it’s so important?
Sure. I know our audience is probably familiar with the interdiction capabilities or the meaning of interdiction, which is typically the action of intercepting or preventing the movement of prohibited commodities. And I think the action of interdiction is naturally thought of as a manual process or action.
Again, during my days at DEA, interdiction for me was physically putting my hands on and confiscating the drugs or legal proceeds. And our friends in the financial world, when I work with the bank in New York City, it was equated to denying or processing of a payment with the click of a mouse. That’s traditional, out with the old in with the new, as I said. That is no longer a viable process.
The approach itself doesn’t consider the technological advances that have been made within that instant payment and processing world. So you would need, institutions require or should have in place some sort of an automated, real-time process to match the speed of the transactions that they’re processing within their own institution.
Transactions in the real-time payment space move that fast in real-time, money’s moving as quick as it takes you to hit the save button on a Word document you’ve been working on all day or the time it takes you to click from one email to the next. As we know, once those transactions occur and the funds are transferred, there’s little, if anything, we can do to claw back those funds if later discovered these transactions are fraudulent.
So the speed of the business is needed is to be able to correspond the technology in real-time to reduce those occurrences and safeguard the innocent parties involved. Where real-time interdiction comes in, being able to work in conjunction, in real-time with those payments itself, ensuring that the parties involved, whether it be the receiving part as usually it is not an nefarious actor perhaps from an account takeover or some other fraudulent scheme that’s out there today.
And Brian, can you talk a bit more about why because of greater vulnerability to sizable loss is interdiction so crucial to the small and mid-sized banks?
Yeah, we look at institutions and they’re excited about the introduction of the FedNow or the RTP services that are available, the rewards an institution may gain by offering those real-time payments, but it doesn’t come without some reservation, without some penalties.
The increases I think we see is certainly the increase in the customer base, the ability to expand their footprint or also to expand into new offerings. The deficiencies within an institution’s fraud monitoring or detection and specifically interdiction capabilities could be catastrophic in nature, these losses certainly impact smaller and mid-sized institutions more profoundly than the larger and global banks because they just don’t have the capital needed to absorb those losses, especially if they’re unable to regain those lost funds fully or even partially within their books.
It’s also with the regulatory changes, the ever-changing regulatory changes as we see within that space is now the FIs that are involved in these fraudulent transactions bear most, if not all of the financial responsibility, also requiring timely return of those funds or dispute as those funds. And we had a bigger window in timeline of those, that particular action that needed to take place. So those regulatory requirements are certainly bringing in a more stringent and more culpable for the institutions. And again, we go back to the sizeable losses, could be catastrophic, not just financially, but reputationally for an institution as well.
Yeah, definitely important to think about both sides of that coin, the tangible losses from a monetary standpoint, but reputation is huge as well, especially with trust being so important as people decide who they’re going to bank with. So really good point there. Brian, you mentioned FedNow a couple of times.
Certainly as part of our discussion it makes sense to check in on FedNow. We’re several months into this new mechanism to help speed up payments. What is the FedNow connection to changing the fraud landscape? You touched on a couple of things. Anything else you would add? And how is it leveling the playing field for small and mid-sized banks and credit unions?
Yeah, I know we’ve talked about this before and it’s been all over the news and publications where FedNow, the introduction of that into the smaller mid-market banks has certainly opened the doors, granting them access to areas and opportunities that were beyond their reach before.
We see a substantial increase, and again, the new customer that a institution acquires based on that introduction of the FedNow capabilities, access to new markets where perhaps the old mechanisms and the old methods were not able to extend them into these new markets. As well as meeting the expectations or exceeding those safety expectations of the customers themselves.
So I think it allows them and will continue to allow them to expand their footprint within the business world, the P to P’s, we call them in a variety of other areas, and we see now not only with being able to engage in the employee wages and distribution capabilities, but loan repayments and crucial for business to business, supplier payments and refunds.
There’s a lot of different information within the FedNow network that makes it more sustainable and more viable and more accurate to both the receiving and the center’s end. And I could go into a variety of other areas that the emerging markets that FedNow allows tax refunds, remittance to friends, as we know when you go out to dinner, you want to be able to pay your friend for picking up the tab.
So the journey into these emerging markets is certainly dependent upon the existing FI’s infrastructure to ensure that they can properly support the FedNow services so they can successfully monetize all of the FedNow offerings that we see today, or we know that there’s new developments in the future to expand how FedNow is utilized, but that is certainly a few areas I think that the institutions can capitalize on today.
Very helpful. Brian, your team has written about how a multi-layered approach to fraud detection is crucial against social engineering-based scams and fraud types that exploit that real-time payment piece that you’ve talked about, that immediate and irrevocable nature. What does a multi-layered approach look like for smaller and mid-sized banks and credit unions?
Certainly. We look at and we understand it from, as we said, the multi-layer approach because a linear approach and a one-focused approach is definitely not going to cut it for today’s world with how real-time payments and FedNow are evolving within the financial institution. So I think some of the key components we look at in order for an institution to have what we call an advanced fraud detection solution that enables the real-time interdiction is the availability of data.
And by data I mean not transactional data, but contextual data as well from a variety of sources, whether it be the customer behavior, transactional history, or even device information, because all that information needs to be utilized and assessed within a particular solution to make it viable. Looking at patterns of intelligence to be able to discern between legitimate transactional behavior and those that may not be quite up to par within an institution’s day-to-day workings in the transactions.
As we talk about real-time monitoring, we look at real-time transactions. We need a capability that would be able to monitor that in real-time and evolve against those risks and patterns that are ever-evolving, because we know that once fraudsters are defeated in one area, they’re easy to go back to another mechanism or another fault within our own daily workings or that of the institution that we’re working with.
Behavior-based is another piece where you want to look at individual behavior of your customers to ensure that it is monitoring and detecting based on the unique signature within your institution, not say a rules-based where it looks at the whole population of transactions within your institution, but those individual because each person on this call knows out in the audience and in the world have a unique banking behavior.
And you need to have a system that’s able to take that in and assess each individual data point within that particular transaction to ensure that it is the person who they say they are. Slight differences in deviations in the behavior are okay, such as maybe a change in location or a change in device, but a system needs to be able to pick up on those nuances and report them to the proper users so they can take real-time action on them.
Last but not least, I think is the ability for a system and the approach to continually learn on those behaviors so it can adapt again to the new real-time threats that evolve out there each and every day.
And let’s talk a little bit about budgets, certainly it can be hard at an organization to fight for that budget. People know this is an important area, but any advice that you would offer for right sizing fraud technology and skillfully using those budgets so that fraud fighting systems might grow and adjust as the bank grows?
Certainly. So it’s always tough when we have conversations with clients of whether implementing a new system or switching off of an old system that maybe has less capabilities than they need within the new real-time space. So I think that’s one area that the hurdle for institutions to understand the return on investment, because we know that as we talked about, one significant loss could cripple an institution.
So to turn that around and bring a particular solution in that not only is going to help them in capability wise in detecting these particular real-time payment fraud schemes, but it’s hopefully going to reduce a lot of the manual processes they have today, which we see as certainly ineffective in investigating those real-time transactions within an institution itself.
Looking at the going to a cloud, we say as we want to cloudify a lot of our solutions and an institution looks at that because it not only reduces the overhead they have within their own house, but it allows them to bring in and adapt changes to those solutions so that if new technology is developed with the institution or with the solution they have, it’s readily available and usually deployed very quickly compared to say an onsite deployment.
So we look at things such as that, a variety of other areas, incorporating in AI, machine learning. I know we can certainly get into that deeper in our conversations, but I think those are some of the main areas that an institution really needs to look at when they’re trying to right size or become compliant if they were lax on the regulatory side on previous occasions.
And certainly our topic today isn’t just about building out technology for technology’s sake, regulations demand real-time risk and security protections. So it’s not a nice to have for banks. It’s definitely a must have today. Would love to get your perspective of what you’re seeing, Brian, in terms of the current regulatory landscape as it relates to fraud.
Certainly. We hear again each and every day with our customers needing a solution that is going to not only stop these particular nefarious acts in real time, but also give them that ability to report on this to regulators that they meet or exceed the expectations that the regulatory body has put out there.
Because there is a lot of scrutiny, even when you want to roll out an RTP system or the FedNow, there’s a lot of due diligence that’s involved with ensuring that the institution that wants to roll it out is up to par, technology wise, process wise, procedure wise, to ensure that they’re reducing the risk of fraud occurring under their roof.
And this includes the reduce in the disputes and reimbursement timelines, not even including the liability an institution would have if these fraudulent acts were to somehow occur under their roof. The substantial losses now are on the shoulders of the institutions and not on the impacted customers. So that’s a large area. Again, we look at increase in penalties that are avoidable in these events if they had a particular solution in place.
And I think along with that, the continued and increased regulatory review that the government puts an institution under once a fraudulent act perhaps occurs, and that impacts the FI, impacts their reputation in surrounding areas and certainly digs into their bottom line where they need to again, assess the deficiencies in their product or their solution or their processes they may have in place.
So the regulatory body and the scrutiny they’re putting under these FIs is appropriate for the type of transactions they’re offering, the real-time transactions, whether it be FedNow or RTP services to ensure that we are safeguarded as the customer.
One final question. You talked about AI. Certainly there’s a lot being reported on and people talking about artificial intelligence and certainly some people, and understandably, they fear that the main focus of AI is snatching jobs, but given the need to be increasingly digitally competitive and with the scope and speed of fraud risk, certainly staying ahead of bad actors seems well beyond what humans alone might be able to handle.
So Brian, to close out our conversation, can you talk about how you’re seeing people leverage AI to help with fraud detection and prevention? Where do you see that going?
Yeah, you bring up a good point. We hear a lot of this again during our conversations with clients or potential clients or even in the general area of AI replacing humans. Humans will never be replaceable. AI is just going to assist them in their processes and make their processes more effective in how things are analyzed, things are dispositioned within their institution.
AI and machine learning in real-time fraud prevention solutions have become almost synonymous with the seamless banking experiences that we expect each and every day, effective protection for the consumer and against the fraud schemes and typologies that we see out there today. AI and machine learning, we look at and we understand it as on our side behavior where it’s utilizing those particular data points that are certainly so vast and voluminous for one individual to be able to analyze on a single customer, let alone institutional-wide.
So bringing that intelligence in, that aid for the investigator to look at those particular nuances of particular data points, because as we bring in and we utilize the real-time payment processing, it’s not just happening on our computer or in brick and mortar, it’s happening on your phone, on your smartwatch.
So there’s a lot of areas that an institution needs to recognize and analyze in a real-time format. So the AI is assisting them in that approach to calculate the real-time risk scores, as we call them, in detecting those data points that meet or exceed a particular boundary. So all those risk factors across all the digital and payment channels need to be considered in real time.
So in order to do that, AI and machine learning assist them in that fraud detection and prevention area. So you need to ensure that that is integrated in a solution that you decide on. Again, with that, it’s not just helping with the detection, it’s helping in the processing and the decisioning of those, whether it be reducing the amount of false positives and allowing lesser friction between legitimate payments with your customers.
It’s also helping with the decisioning where it would understand the parameters you had set within your institution of what is viable and what is an acceptable risk level for a particular alert, say within an institution. Again, minimizing those false positives. Also, we’re bringing in and we see new technologies on the AI front and machine learning to assist in work item completion, whether it be navigators within there or assisting you in exposing those particular alerts within your institution that may need further review or further tweaking.
So, it runs a gambit of how AI is utilized. But to close that, I certainly stress that AI is not a replacement. It is just an aid for the investigators or the analysts or the institution as a whole to be able to more effectively stay within those real payment channels while offering the protection that each of us deserves.
Brian Keefe, senior pre-sales consultant at NICE Actimize. Many thanks again for joining us on the BAI Banking Strategies podcast.
Thank you very much.
Become a member to unlock exclusive content, connect with industry experts, and gain access to valuable resources. If your employer is an institutional member, activate your ProSight membership benefits with a simple email address.
