How to Catch a Thief. Trends & Technologies in the Fight Against Fraud. Rohan Langley SAS

Transcription

1 How to Catch a Thief Trends & Technologies in the Fight Against Fraud Rohan Langley SAS

2 Global Drivers & Challenges: The Changing Fraud Landscape Fixing Fraud: A Fraud Solution A Real World Example: Online Banking Fraud

3 Global Drivers & Challenges The Changing Fraud Landscape

4 Fraud is a global problem Typical organisations lose 5% of revenues to fraud each year Source: Association of Certified Fraud Examiners Estimated to be a global loss of more than $3.5 trillion Industries most commonly targeted Banking & Financial Services Government and Public Administration Manufacturing Sector

5 Tough challenges for organisations Standard Chartered to pay $340m settlement over Iran investigation RBS and HSBC among banks fined 2.6bn for forex rigging BNP Paribas to pay $9bn to settle sanctions violations Cyber thieves have cost US companies and their banks more than $15 billion in the past five years, the FDIC found in a recent study. Financial Times, 2012 HSBC to pay $1.9bn in US money laundering penalties VAT fraud costing Europe 50bn a year Carousel scam escalates out of control as governments are accused of denial Tax evasion losses are estimated at $3.1 trillion for 145 countries in the world which represent 98% of the world GDP between them. The Tax Justice Network Global trade in phantom cargoes swindles banks of 500m Organisations are faced with tough challenges to focus on reducing losses AND ensure a smooth customer journey AND take effective, timely action.

6 Today s frauds are Increasingly sophisticated Higher velocity/faster Cross industry Multi channel Advanced technologies Social with pressures on staff

7 Current fraud systems are struggling to cope Siloed by line of business - no sharing of data Act on event or customer Rules and predictive models alone have limitations Few proactive steps taken to combat cross channel fraud Evidence insufficient to act upon Investigation time consuming

8 Fixing Fraud A Fraud Solution

9 Avivah Litan, VP Gartner How to detect staff behaving badly Fixing "Security and fraud Fraud risk exposure is increasing as organizations are threatened at multiple points of vulnerability. Companies are re-evaluating how they tackle security since a fragmented approach is consistently leaving organizations at greater risk of attack. A more holistic approach to security ensures all layers of protection function together.

10 Protection across the enterprise

11 Make better use of your data Network Entity Event

12 Hybrid analytics

13 Hybrid analytics SAS Fraud Framework The fraud threat landscape

14 Visualise empower the business user Visual scenario configuration Ad-hoc, in memory reporting and exploration Concise and efficient investigation

15 A Real World Example Online Banking Fraud

16 Online Banking Fraud Phishing It usually starts through Phishing. Spear Phishing is where the attack is tailored specifically for you. Politicians, business people and other wealthy or eminent people are likely targets of Spear Phishing. The term can also describe attacks tailored for the customers of one particular bank. Social Engineering ( a trustworthy voice on a phone ) can also be used to extract information from you and convince you to accept an .

17 Money Mules Money Mules are New accounts specifically opened for exiting stolen funds. Sometimes created using fake identification. Sometimes ordinary customers co-opted by criminal gangs in return for commission. By recruiting many different mules, fraudsters can split transactions into smaller parts, often circumventing fraud rules. Mule recruitment became very popular in the aftermath of the financial crisis, recruitment scams are particularly effective on people in financial distress. - An example of a mule recruitment scam

18 Man in the Browser Attack It all starts with an or a link to download a piece of malicious software Once a customer s computer or smartphone is compromised, it can harvest passwords and deliver fake bank websites and text messages to the customer. Often coordinated to hit many customers at the same time. Passwords 2FA PIN Bank SMS Criminal takes over real session Money transferred to mule account at same bank Criminal Customer Customer contracts Malware Customer commences Online Banking session Customer keeps using fake session

19 Using the Hybrid Approach SNA (example): Links to mule account such as a shared mobile number Predictive modelling (example): Model based on variables such payment amount and balance Anomaly detection (example): The client is accessing their account from a new channel Database Searches (example): Looking for matches across the Blacklists Database Searches (example): Looking for matches across the Black-lists Business rule (example): Transaction above $xx to a new beneficiary Text mining (example): Transaction narrative showing suspicious payments

20 Questions & Answers

21 For further information