With rapid progress in the banking sector towards digitalization and
increasing the range of banking services, constantly increasing comfort and expanding customer opportunities. But at the same time, the risks also increase, and, accordingly, the level of requirements for ensuring the security of the client's finances also increases.
The annual damage from financial fraud in the field of online payments is β200 billion dollars. 38% of them are the result of the theft of user personal data. How to avoid such risks? Antifraud systems help in this.
A modern anti-fraud system is a mechanism that allows, first of all, to understand the behavior of each client in all banking channels and track it in real time. It can detect both cyber threats and financial fraud.
It should be noted that defense often lags behind attack, so the goal of a good anti-fraud system is to reduce this lag to zero and ensure timely detection and response to emerging threats.
To date, the banking sector is gradually updating the fleet of outdated anti-fraud systems with newer ones, which are created using new and improved approaches, methods and technologies, such as:
- work with large data arrays;
- machine learning;
- Artificial Intelligence;
- long-term behavioral biometrics
- and others.
Thanks to this, new generation antifraud systems show a significant increase in
efficiency without requiring significant additional resources.
The use of machine learning and artificial intelligence, financial information
cybersecurity think tanks reduces the need for a large staff
highly qualified specialists and makes it possible to significantly increase the speed and
accuracy of event analysis.
In conjunction with the use of long-term behavioral biometrics - to identify βzero-day attacksβ and minimize the number of false positives. The anti-fraud system should provide a multi-level approach to ensuring transaction security (end device - session - channel - multi-channel protection - use of data from external SOCs). Security should not end with user authentication and transaction integrity checks.
A high-quality modern anti-fraud system allows you not to disturb the client when it is not necessary, for example, by sending him a one-time password to confirm the entrance to his personal account. This improves his experience in using bank services and, accordingly, provides partial self-sufficiency, while significantly increasing the level of trust. It should be noted that the anti-fraud system is a critical resource, since stopping its operation can either lead to a stop in the business process, or, if the system does not work correctly, increase the risk of financial losses. Therefore, when choosing a system, one should pay attention to the reliability of operation, data storage security, fault tolerance, and system scalability.
An important aspect is also the ease of deployment of the antifraud system and its ease of use.
integration with bank information systems. At the same time, it must be understood that
integration should be the minimum necessary as it can affect the speed and
the efficiency of the system.
It is very important for the work of experts that the system has a user-friendly interface and makes it possible to receive the most detailed information about the event. Setting up scoring rules and actions should be easy and straightforward.
To date, there are a number of well-known solutions on the anti-fraud systems market:
ThreatMark
ThreatMark's AntiFraudSuite solution, despite its relatively young age on the anti-fraud systems market, has managed to come to the attention of Gartner. AntiFraudSuite includes the ability to detect cyber threats and financial fraud. The use of machine learning, artificial intelligence and long-term behavioral biometrics makes it possible to detect threats in real time and has a very high accuracy of responses.
NICE
The Nice Actimize solution from NICE belongs to the class of analytical platforms and allows you to detect financial fraud in real time. The system provides protection for any type of payment, including SWIFT/Wire, Faster Payments, BACS SEPA payments, ATM/debit transactions, mass payments, invoice payments, P2P/postal payments and various forms of internal transfers.
RSA
RSA Transaction Monitoring and Adaptive Authentication by RSA is in the class
analytical platforms. The system allows you to detect fraud attempts in real time and monitors transactions after the user logs into the system, which allows you to protect yourself from attacks such as MITM (Man in the Middle) and MITB (Man in the Browser).
SAS
SAS Fraud and Security Intelligence (SAS FSI) is a single platform for solving the problems of preventing transactional, credit, internal and other types of financial fraud. The solution combines fine-tuning of business rules with machine learning technologies to prevent fraud while minimizing false positives. The system includes built-in integration mechanisms with online and offline data sources.
F5
F5 WebSafe is F5's financial cybersecurity solution. It detects account theft, signs of malware infection, keylogging, phishing, remote access Trojans, and MITM (Man in the Middle), MITB (Man in the Browser), and MITP (Man in the Phone) attacks. ).
IBM
IBM Trusteer Rapport from IBM is designed to protect users from credential hijacking, screen capture, malware, and phishing attacks, including MITM (Man in the Middle) and MITB (Man in the Browser) attacks. To do this, IBM Trusteer Rapport uses machine learning technologies to automatically detect and remove malware from the end device, ensuring the security of the online session.
Guardian Analytics
The Digital Banking Fraud Detection system from Guardian Analytics is an analytical platform. At the same time, Digital Banking Fraud Detection protects against attempts to capture a client's account, fraudulent transfers, phishing, and MITB (Man in the Browser) attacks in real time. For each user, a profile is created, on the basis of which anomalous behavior is recognized.
The choice of an anti-fraud system should be made first of all with an understanding of your needs: it should be an analytical platform for detecting financial fraud, a solution for protecting cyber threats, or a comprehensive solution that provides both. A number of solutions can be integrated with each other, but often a single system that allows us to solve the tasks we face will be as effective as possible.
Author: Artemy Kabantsov,
Source: habr.com