The Covid-19 pandemic has seen an exponential increase in the number of people working from home, along with a seismic shift towards digital banking and spending, and fraudsters are ready and waiting to exploit vulnerabilities as they appear.
According to analysis from Experian and the National Hunter Fraud Prevention Service, financial fraud attempts rose by a staggering 33 per cent during the UK’s first lockdown. Meanwhile in the US, the FBI’s Internet Crime Complaint Center received almost as many fraud reports in one month as it had in the whole of the previous year.
At the same time, financial institutions were faced with pressure to enhance their Anti-Money Laundering (AML) and Counter Terrorist Financing approaches. Country regulators and global bodies such as BASEL have been raising the bar in terms of what they expect from financial services organisations, and new regulations such as the AML Act 2020 in the US will increase penalties and responsibilities.
“All of this has only added to the pressure facing financial institutions, who were already struggling to stem the flow of financial crime,” explains Rupert Nicolay, Microsoft’s worldwide financial services industry solutions lead. “Keeping pace with the sophistication and sheer number of incoming attacks is a huge challenge. Bad actors are able to operate in networks and share intelligence in a way that it is difficult for financial institutions to do. They are also able to change their modus operandi quickly – sometimes more quickly than banks can respond. Not only this, but the process of digitising processes that were not previously online – often referred to as the last 20 per cent – has the propensity to open the door to financial crime.”
Against this backdrop, it should come as no surprise that the cost of preventing and detecting financial crime has escalated significantly. According to LexisNexis, the projected total cost of financial crime compliance across the globe amounted to $180.9 billion in 2019, a number that rose by 33 per cent as the Covid-19 ¬pandemic took hold.
“As well as creating a mountain of work for financial crime operations and case workers, banks have been looking to cautiously replace legacy financial crime technologies – some which many are amongst the oldest systems in the bank – and to address the siloed nature of the financial crime operations to enhance insights into emerging patterns and to improve productivity,” Nicolay says.
This requires a much smarter approach, and far more intelligent systems – especially at a time when customer experience is front and centre. “Banks are keenly aware that additional financial crime controls can negatively impact customer experience,” Nicolay says. “A lot of the careful investment being made will take this into account. Investment is also significant to address risk and to respond to regulatory pressure. Like other ‘net new’ investments, much of this – from a technology perspective – is directed toward cloud-based solutions.”
Another key part of the investment has been into artificial intelligence (AI). “Over the past three years, AI has had a noticeable impact on improving financial crime detection and on enhancing case worker productivity,” Nicolay says. “Automatically matching together more data and looking for anomalous behaviour is helping banks and insurers do better at identifying transactions or claims that are fraudulent or that require authorities to be notified.”
It’s exactly here that solutions from Microsoft and its global partner community are having a huge impact.
Microsoft’s cloud platform, for example, enables the ingestion, matching and profiling of customer, transaction and other extended data to support more accurate and faster crime detection. Implementing a cloud-based solution offers a great opportunity to streamline operations by converging bank processes supporting real-time fraud detection and near real-time retrospective transaction monitoring. This not only enhances productivity, but can also result in the development of more complete shared insights into bad actor patterns.
“This is supported by independent software vendor solutions which bring ready-made detection algorithms useful for transaction monitoring and fraud detection,” Nicolay explains. “Customers may also choose to define their own detection algorithms.”
Microsoft is also at the forefront of enabling the analysis of system data useful for cyber and fraud detection. “Azure Sentinel supports the ingestion of identity, mobile and web application, core banking, perimeter and other logs with the ability to construct your own machine learning models for anomalous behaviour and new pattern detections,” Nicolay says. “And then there’s the Microsoft Power Platform, which is useful in automating post-detection actions – both by enabling human based processes and workflows, or by automating system-based actions.”
Financial services organisations operating across the globe are already realising the benefits of these solutions. Take Moneris, for example, which supports the payment processing needs for 350,000 merchant locations across Canada. To take a proactive stance against fraud, Moneris needed to expand its ability to reason over vast amounts of data for in-depth analysis. By moving to the Microsoft Azure cloud and leveraging AI, the company has realised a 450 per cent increase in its ability to view and assess incidents, with a resulting 10 per cent reduction in fraudulent customer and merchant activities.
“Azure offered us the ability to incorporate this solution one step at a time and increase our capacity as we grow,” said Ben Salvador-Watts, Moneris’ director of data platforms in a Microsoft case study. “We were able to operate faster immediately and have the flexibility to iterate and refine our approach to AI as new possibilities present themselves.”
Microsoft is also working directly with banks by providing extended data to support their fraud decisioning. It teamed up with Capital One, for example, to innovate on the way transaction data is shared between e-commerce merchants like Microsoft and acquirers, which helps to boost acceptance rates for valid transactions and to reduce fraud.
“By improving the way transaction data is shared between Capital One and merchants that use Microsoft Dynamics 365 Fraud Protection, we can reduce false-positives and improve fraud protection. That translates to lower fraud costs, increased acceptance rates, and a better customer experience,” explains Brenda Bown, general manager of Microsoft Business Applications in a blog post.
And this is just the start. Nicolay expects greater collaboration between banks and other parties in the future. “One example of this will be through the rise of privacy enhancing technologies (PETs), which will see the sharing of Know Your Customer (KYC) insights and transaction validity between financial institutions in a market,” he explains.
Sharing data in this way would allow institutions to better detect fraud, offer customers more personalised advice, and proactively identify the accumulation of systemic risks. While these benefits have traditionally been at odds with institutions’ obligations to keep their customers’ data private and their own information confidential, PETs have the potential to alter these dynamics, allowing for the analysis and the sharing of insights, but without requiring the sharing of the underlying data itself.
“PETs have the potential to fundamentally redefine the dynamics of data-sharing by eliminating – or greatly reducing – the risks historically associated with collaboration,” explain the authors of a World Economic Forum paper that champions the use of PETs. “As these technologies mature, they will demand a re-examination of mothballed data-sharing projects and the exploration of previously unimaginable opportunities.”
Microsoft is already leading the way in the area of applied PETs. “We were one of the first to market with trusted execution environments using our Azure Confidential Compute service,” Nicolay says. “This technology isolates and protects data in use to keep it from being accessed by a third party. Meanwhile, we have launched a number of free and open-source homomorphic encryption libraries that allow computations to be performed directly on encrypted data. Partners are already leveraging these to build cross-jurisdiction KYC solutions.”
In addition to all this, Microsoft Research has launched the easy secure multi-party computation (EzPC) project that supports making secure multi-party computation easier to implement and has also taken part in regulator tech sprints focused on secure data sharing organised by the UK’s Financial Conduct Authority.
“PETs have the potential to really transform the financial services industry – and Microsoft is playing a significant role in enabling the technology,” Nicolay concludes. “I’m really excited about what this means for the future. I strongly believe that everything that has happened over the last 12 months has acted as a catalyst for modernisation and investment in financial crime solutions. As a result, we will be able to continue the fight against financial crime in a much more effective way.”
We asked a selection of key Microsoft partners about the solutions that are enabling financial services organisations to combat the seemingly inexorable growth in digitally enabled crime. Below are extracts from their responses, which you can read in full from page 88 of the digital edition of the Spring 2020 issue of The Record.
Ayelet Biger-Levin, vice president of market strategy at BioCatch, says: “Behavioural biometrics help financial institutions close the blind spots for many common fraud detection tools that rely on device, location or network attributes.”
Danny Jenkins, CEO of ThreatLocker, says: “It’s critical you lock down your environment and only permit what is required. Limit what your applications can do. ThreatLocker Ringfencing makes this easy and effective.”
Alyssa Putzer, marketing communications specialist for Metafile Information Systems, says: “Document management and paperless automation tools like MetaViewer can help companies create a defense against digitally enabled crime.”
Valentin Neiconi, North America risk manager at Adyen, says: “We believe that by leveraging data across a global omnichannel platform, we’re able to combat electronic payments fraud in all sales verticals, including e-commerce, instore and in-app.”
Patrick Hall, applied innovations practice lead at Maureen Data Systems, says: “Our solution easily integrates with KYC, anti-money laundering regulations, watchlist vendors, and provides tools for data scientists to create state-of-the-art machine learning models to prevent suspicious transactions.”
Jules Martin, vice president of ecosystem and alliances at Mimecast, says: “At your organisation’s perimeter, within it and beyond it, we monitor cyber deception during its preparation, execution and exploitation phases, arming you with an integrated approach and enabling you to be more effective at counter deception.”
This article was originally published in the Spring 2021 issue of The Record. To get future issues delivered directly to your inbox, sign up for a free subscription.
Share this story