How do anti-fraud systems detect financial fraud, is it necessary to protect channels other than RBS from fraud, and are machine learning-based tools capable of resisting social engineering? We brought some of the leading information security experts on AM Live to talk about the selection and implementation of anti-fraud systems.
Introduction
The economic feasibility of introducing antifraud systems, as a rule, is not questioned. Anti-fraud tools in the financial sector can significantly reduce the damage to banks and their clients from illegal transactions. However, if the effectiveness of such solutions in the fight against malware is quite high, then the identification of illegitimate actions based on social engineering is fraught with certain difficulties.
We invited representatives of companies offering anti-fraud solutions to the studio Anti-Malware.ru to talk about how to choose and implement a system of protection against fraudulent activities as part of the AM Live broadcast, as well as discuss whether there are means to combat dialers, "Bank security officials" and other similar cybercriminals.
For a deeper understanding of the topic, we recommend that you read our overview of anti-bank fraud systems. We also suggest reading an article about the national standard of the Russian Federation GOST R 57580.1-2017 "Security of financial (banking) transactions" and recommendations for choosing an anti-fraud.
Discussion participants:
- Igor Katkov, Head of Anti-Fraud Division, BI.ZONE.
- Pavel Krylov, Head of Online Fraud Counteraction, Group-IB.
- Vasily Fedorchenko, CEO of Web Antifraud.
- Alexander Saksaganskiy, director of business development at ITD Group.
What is antifraud and who needs it
First of all, the moderator invited the conference participants to explain to the audience what antifraud is, and also to tell what this class of systems is and why it appeared.
Igor Katkov:
Pavel Krylov:
Vasily Fedorchenko:
Alexander Saksaganskiy:
Experts noted that transactional analysis in the current realities has become less effective: scammers act in such a way that from the point of view of financial transactions, everything looks typical (or there are so many atypical transactions that they are difficult to process at the transactional level). At the same time, the more signs of fraud are available to the system - both transactional and non-transactional - the more effectively this fraud can be countered.
Talking about the main cyber threats in the financial sector, the speakers noted that attacks based on social engineering methods were most developed in Russia. In this area, there are so-called “dialers” who represent themselves as bank employees or other officials. Some of these schemes, especially those related to the withdrawal of cash by the victim and depositing it into an account in another bank, are especially difficult to detect by security systems. Phishing is in second place, but the use of banking Trojans in our country has practically disappeared, although cybercriminals are actively using this type of attacks abroad.
According to experts, one of the important factors contributing to the development of financial fraud is the low level of technical literacy of the population. The guests of the studio once again noted the importance of educational work - not only from the state, but also from manufacturers of information security systems. Speakers argued that a few years ago, anti-fraud organizations in the banking sector missed the trend of social engineering crime. At that time, it seemed that attacks would develop primarily technologically, but it turned out to be easier and cheaper for attackers to focus their efforts on dialing and other similar schemes.
What are anti-fraud systems?
Anti-fraud systems now use a variety of tools to detect fraudulent activities. Among them - device identification, remote access detection, identification of linked accounts and robotic attacks. Various channels through which an attack can be carried out are controlled - remote banking, card payments, internal transactions. Behavioral analysis tools are used to effectively detect social engineering attacks.
One of the important aspects of anti-fraud is the detection of remote access to the user's device. At the same time, experts noted that often a fraudster connects to the RBS system not in order to directly execute a transaction, but in order to find out the second identification factor and perform a card transfer. To detect such attacks, it is necessary to protect all possible channels with anti-fraud.
Arguing about which anti-fraud system is better to choose - a third-party solution, its own development or open source, the guests of the studio expressed the opinion that self-written systems focused on protecting individual channels (as a rule, they are created on the basis of open source) have the right to life. however, there are practically no facts of switching to them from commercial, cross-channel solutions. At the same time, the reverse process is in full swing. The experts noted that commercial solutions, as a rule, can receive information about fraudsters from other products of the same vendor, which improves the quality of detection. In addition, specialized developers have the ability to perform global profiling — the comparison of data from different users of their systems.
To find out the opinion of viewers of the live broadcast on the issue of choosing an anti-fraud system, we asked them how they counteract fraud. As it turned out, 29% of our respondents bought the system from an independent vendor. Another 24% wrote their own solution, and 14% preferred a commercial product from a business system manufacturer. 9% of survey participants have implemented an open source solution. 24% of respondents do not use antifraud, but simply accept risks.
How do you deal with fraud in your bank?
An equally important issue that our experts drew attention to is the ability to use incident data from one client of the system to prevent similar incidents from other customers. It turned out that 35% of viewers of the AM Live online conference are not ready to provide fraud data for the general good. Another 39% admit the opportunity to share information on ordinary cases and ordinary clients. 26% of respondents are ready to fully transfer data on cases of financial fraud to the system developer.
Are you ready to share information on what happened to the fraud?
Antifraud can be supplied to the customer both as a license (on-premise) and through a service model. In the latter case, the vendor provides the subscriber with cross-channel protection using their technologies. The cost of such a service depends on the amount of data to be processed, as well as on the accuracy and quality of detection. In some cases, the customer may accept the risk that individual attacks will not be detected in exchange for lower costs. Speed of response may be an additional factor.
According to experts, the anti-fraud system can be licensed by the number of protected accounts (session model) or by the number of controlled payments (transactional model). The list of channels that the system protects can act as a secondary license metric. In general, the price of an anti-fraud solution depends on the load on the vendor's resources that customers create. Therefore, even when using the session model, the protected accounts can be ranked depending on their activity.
Previously, experts in the studio drew attention to the importance of a cross-channel approach to fraud protection. In this regard, we asked the viewers of the live broadcast a question: what channel, product or service do they plan to connect to the anti-fraud? The majority of respondents (57%) are going to first of all connect various front-end systems, such as online banking, fast payment system and others. 7% of survey participants plan to protect credit processes and investment products. There were no people willing to install anti-fraud on RCO and back-office channels among our viewers, and 29% of respondents are focused on protecting the perimeter and do not pay attention to fraud yet.
What channel, product, service do you plan to connect to antifraud?
Antifraud functionality
Speaking about the tools that the anti-fraud system uses to detect fraudulent transactions, the experts at the studio noted that in addition to verifying payments, specialized products actively use the analysis of user behavior. So, for example, acting at the direction of another person, the victim changes the style of filling out forms and navigating through menu items. Tracking this behavior, you can mark the session as high-risk and conduct additional verification of its legitimacy.
Answering the presenter's question, the speakers expressed their concerns about biometric technologies as a means of additional user authentication. Such tools are tied to a specific device and will not work if the client tries to log in from a computer without a camera or fingerprint reader. In addition, biometric authentication in modern gadgets is still relatively unreliable and can be bypassed by intruders.
Speech antifraud systems already exist and have been developed, as well as tools that, based on facial expressions and eye movements, are capable of detecting non-standard user behavior. The data from them can be used in conjunction with other indicators, but they cannot play a key role in deciding on fraud.
From the point of view of live viewers, one of the most demanded functions of antifraud systems is the detection of suspicious transactions. This opinion is shared by 40% of survey participants. Only 7% of respondents are interested in behavioral analysis, while reputation analysis and comparison of user system fingerprints did not receive votes at all. The most popular option was “Everything is interesting” - it was chosen by 46% of the respondents. Another 7% of AM Live viewers found it difficult to answer.
Which anti-fraud features are you most interested in?
The moderator of the discussion asked the guests of the studio a question: what analytical tools are used by financial fraud counteraction systems? AM Live experts said that one of the key methods of anti-fraud work is the role-based approach, when the decision to block a transaction is made based on a certain set of features prescribed in the rules. A number of systems also use machine learning based on tagged incident data. As a result of constant training, artificial intelligence becomes able to detect potentially illegitimate transactions and increase the risk of fraud for them. In addition, AI can be used to detect abnormal behavioral factors.
Meanwhile, the speakers noted, the verdict made by the machine learning-based system is generally less transparent than the decision made using other, simpler algorithms. At the same time, artificial intelligence has proven itself well in the field of reducing the number of false positives, which allows a financial institution to reduce the cost of protecting against fraud. The experts pointed out that the use of machine learning requires significant preparatory work from the vendor and the customer to process the data on which the system will be trained.
Given the acute shortage of anti-fraud specialists, a reasonable question arises about working with clients using a service model. Not all guests of our studio are ready to use this approach. As the experts noted, one of the bottlenecks of the service model is the issue of connecting to the system. In fact, the problems of finding the necessary data and transferring it to the anti-fraud will be the same both for an on-premise solution and for a cloud system. Distrust in matters of transferring data to external storages, which is traditional for the banking sector, also works against the service model.
Cybercriminals are making efforts to neutralize anti-fraud systems. Our experts noticed that one of the attack options could be DDoS against the data transmission channel collected by the system. The vendor can share responsibility in this matter with the customer, since financial institutions usually have established protection against this type of malicious activity. The result of the anti-fraud system is very important for the key business processes of the customer, therefore, the issue of its protection against hacks and malicious or accidental changes in rules should be given special attention.
Key trends in the domestic market of anti-fraud systems
In the final part of the conference, Alexey Sizov invited experts to give a small forecast and highlight the main trends in the mainstream of which the antifraud market will develop in Russia.
According to Igor Katkov, the attack vector may shift to new settlement tools that will appear in the coming years. These can be various electronic currencies verified by the regulator. The task of information security specialists is not to overlook the trend and create tools to protect this channel.
Vasily Fedorchenko believes that social engineering attacks will become more complex. To prevent them, antifraud systems will move along the path of developing behavioral analysis functionality.
As Alexander Saksaganskiy noted, in the future it is possible to increase the number of additional signals, which will ultimately improve the quality of the antifraud. One of the main sources of such data will be signals from telecommunication networks collected by telecom operators. The expert also predicts the integration of information flows associated with the movement of funds, which will lead to an increase in the quality of detection of illegal activity.
Pavel Krylov expressed the opinion that one should not expect a decrease in the activity based on the methods of social engineering. The expert sees the solution to the problem in combining the efforts of various financial organizations and exchanging information between them.
The results of the next edition of the AM Live online conference were also summed up by the viewers of the live broadcast. In the course of our survey, 27% of respondents said that experts helped them make sure that they chose the right anti-fraud system. The same number of respondents are interested in this topic and are ready to test tools for protection against financial fraud. 9% of survey participants plan to replace the current anti-fraud system with a new one, and 19% of our viewers consider anti-fraud an interesting, but still redundant means of protection for themselves. Another 9% of respondents are of the opinion that the participants in the discussion were unconvincing. The same number of respondents did not understand what was discussed at the conference.
What is your opinion on the post-ether banking anti-fraud system?
Conclusions
Anti-fraud systems are not only essential for ensuring the security of financial transactions, but can also act as a provider of information for other business processes of the bank. Modern anti-fraud tools are capable of both controlling remote banking and direct card payments, and effectively combating internal threats of a financial institution. The biggest challenge for developers of such solutions now is to identify attacks based on social engineering methods. For this, behavioral analysis is increasingly being used, as well as machine learning.
The AM Live project continues - in order not to miss live broadcasts and meetings with leading experts of the domestic market, subscribe to our YouTube channel and activate notifications of new publications. See you live!
(c) https://www.anti-malware.ru/analytics/Technology_Analysis/Choosing-an-anti-fraud
