By handling large sums of money, banks attract the attention of criminals. Fraudsters are becoming more and more creative, they create “financial bubbles”, organize phishing to steal user data, and send SMS messages. Accordingly, financial institutions must be proactive and adopt new technologies to protect themselves and their customers.
Banks have traditionally been at the forefront of using information technology to manage their activities and build an effective system of relationships with clients. Financial organizations pay increased attention to protecting information and fighting fraudsters. But attackers are constantly complicating their schemes and trying to confuse banks and their clients.
Crime puzzles
Modern criminals have mastered a variety of techniques that can be used to illegally obtain funds from banks and their clients. Thus, attempts to obtain a loan using forged or stolen documents remain a relevant and quite widespread phenomenon in most organizations.
Among the illegal schemes that have become widespread in recent years, one can highlight the work of so-called “black brokers” who use several different methods of work. Firstly, they provide comprehensive services to third-party “clients” for forging documents, creating a “legend” to obtain a loan, and ensuring successful phone calls. In this case, it is possible to use a long-established scheme for cashing out goods taken on credit - all the poles and subway cars are covered with the corresponding “offers” . Secondly, “tourists” are active: scammers travel mainly to small settlements and collect documents for subsequent processing of loans. Thirdly, bank credit specialists sometimes collude with criminals, both to study the financial institution’s customer assessment policies and to quickly “push” the right client.
Recently, “financial bubbles” have become increasingly common in the market. “These organizations open a business by attracting banks to lend to their clients,” explains Alexey Manerkin, head of operational analysis and anti-fraud at Home Credit Bank . – First, good clients who do not arouse suspicion come to the bank. But then loans begin to be issued to people of low social level with a pre-prepared “legend”. At first, loans are repaid regularly, but at the expense of funds received later. At some point, this pyramid collapses, the organizers of the “financial bubble” go into hiding, and the bank receives huge losses.” The specialist sees the main task of banks to identify such pyramids in the early stages.
Technology and Social Engineering
Fraud using information technology continues to pose a major threat to banks and their clients . This is, first of all, skimming - the theft of plastic card data using a special reading device, a skimmer, which is attached to an ATM. Attackers can copy all the information from the card: the holder’s name, number, expiration date, CVV and CVC code. And using a mini-camera or an ATM keypad overlay , they can find out the card's PIN code . At the same time, you can become a victim of fraudsters not only when using an ATM, but also in the process of paying for purchases at public points. Thus, unscrupulous cashiers, waiters and hotel administrators can use portable skimmers or special devices attached to the POS terminal.
Anvar Khairetdinov , head of the anti-fraud policy development department at Citibank, says that fraudsters quite often buy goods and services on the Internet using stolen cards, so banks have recently been paying increased attention to the security of Internet banking and mobile banking systems.
Phishing , a type of fraud aimed at stealing user data, including bank card details, has also been on the list of main threats for several years now . Using social engineering methods, criminals try to find out the necessary information by calling clients, via SMS or email . Increasingly, there are cases when fraudsters create fake pages of credit institutions: by following the “left” link, the client may not suspect anything and leave his data on them.
Banking front
Naturally, the ingenuity of fraudsters should not go unanswered by banks if they want to maintain their financial stability and good reputation .
The main methods of combating fraud can be divided into organizational and technical. Organizational ones usually include staff training , writing job descriptions and monitoring their implementation. “Despite the fact that we live in the age of information technology, in which technical innovations can solve most problems, neglecting this particular group of control methods usually brings the greatest losses. A well-trained employee at a bank branch or an attentive cashier when accepting plastic cards will save more money than the most modern IT system,” notes Vladimir Teplygin , leading software developer at Sinimex .
Technical means include a whole set of software systems that allow you to automatically or semi-automatically recognize an attempt to commit fraud . “The IT landscapes of banks include both global protection systems that cover all possible channels through which external or internal fraud is possible, as well as specialized systems tailored to solve specific problems,” continues Vladimir Teplygin . — The advantages of the first type of security measures include greater coverage of information necessary for processing, which will make it more likely to identify a fraudster who operates through the maximum number of bank channels. Specialized systems are usually able to “catch” specific cases.”
The most popular anti-fraud systems in banks are software solutions that analyze the parameters of card authorizations, AML (Anti Money Laundering) systems aimed at combating money laundering, as well as complexes that allow analyzing the actions of their own employees for internal fraud .
The set of steps to combat fraud is determined by the internal policy of the bank, the features of the products that the bank provides to its clients, the service channels used (branches, Internet banking , mobile banking, telephone), as well as - and no less - the budget that the bank allocates for protective activity. “In this case, we are talking mainly about monitoring and analyzing transactions on plastic cards, working to ensure the security of ATMs , checking clients when applying for a credit product (for example, according to credit bureaus) using internal and external databases, ensuring safe work on the Internet -bank and mobile bank,” explains Anvar Khairetdinov .
For example, at Citibank , according to the expert, as part of the fight against fraud, methods of protection against fraud are constantly being improved, new technologies are being introduced that prevent the theft of funds from customer accounts, and customers are also notified of actions on their accounts. Thus, from January 1, 2014, in the context of the new law on the national payment system, the bank introduced free SMS for all expense transactions. Many financial organizations have intensified educational and explanatory work with clients: training is provided on the correct and safe use of banking products, and special information messages are sent out. In addition, it has become a rule of good manners for banks to post on their websites information about types of fraud, where you can also learn how to act for those who have become their victims.
From biometrics to social media
In the fight against fraud associated with forgery of documents, the use of biometric technologies for personal identification by banks using customer photographs has proven itself to be effective. “In this case, it is possible to identify attempts by one person to obtain loans under different documents,” says Alexey Manerkin. – The technologies used by Home Credit Bank allow you to create narrow segments for searching in the database of accumulated photographs. This makes it increasingly difficult for fraudsters to get lost in the crowd of clients.”
Alexey Manerkin emphasized that the main tool in the fight against attackers is the organization’s methodology and its own technological developments, in particular, a “smart” system of cross-checks against the client base, promptly replenished stop lists, a high-precision biometric system, and scoring cards.
As representatives of banks note , when working with the riskiest groups of loans, a comprehensive check by the underwriting service is most effective. Within its framework, telephone calls are made , various external services are connected to collect information on the client and its subsequent reconciliation. For example, you can highlight the Fraud Prevention Service (FPS) from the Equifax Credit Services bureau , which contains more than 136 million credit histories and allows you to identify fraudulent attempts to obtain loans. In addition to the services of credit bureaus, publicly available information from government agencies (Federal Tax Service , Federal Bailiff Service , etc.) plays an important role. Among the relatively new directions adopted by banks is the use of mapping services (for example, Yandex Maps, 2GIS), monitoring of social networks.
An example of an effective fight against credit fraud at the Experian Anti-Fraud Day 2013 conference was given by representatives of UniCredit Bank . With the help of the Hunter service from the United Credit Bureau (UCB), a criminal scheme in Moscow and St. Petersburg was identified and investigated , in which fraudsters provided fake 2-NDFL certificates and work books. Thanks to Hunter, it was possible to connect more than 150 customer applications from 17 organizations with intersections based on work book numbers. In general, according to OKB partner banks, the direct effect of connecting to the service is to reduce the risk of financial losses from “bad” debts by as much as 20–30%.
Vladimir Teplygin advises banks to pay attention to the defining characteristics of various anti-fraud systems. Firstly, this is accuracy, that is, the percentage of correctly identified cases. Secondly, this is the percentage of false positives, because if the system very often notifies in vain, then this entails an increase in costs when using it.
It is worth considering that there is no universal solution that will ensure complete protection of the bank from fraudsters. It is important to maintain a barrier at each section of the security system that is adequate to the current level of threats , and, if possible, act preventively.
(c) Andrey Arsentiev
Banks have traditionally been at the forefront of using information technology to manage their activities and build an effective system of relationships with clients. Financial organizations pay increased attention to protecting information and fighting fraudsters. But attackers are constantly complicating their schemes and trying to confuse banks and their clients.
Crime puzzles
Modern criminals have mastered a variety of techniques that can be used to illegally obtain funds from banks and their clients. Thus, attempts to obtain a loan using forged or stolen documents remain a relevant and quite widespread phenomenon in most organizations.
Among the illegal schemes that have become widespread in recent years, one can highlight the work of so-called “black brokers” who use several different methods of work. Firstly, they provide comprehensive services to third-party “clients” for forging documents, creating a “legend” to obtain a loan, and ensuring successful phone calls. In this case, it is possible to use a long-established scheme for cashing out goods taken on credit - all the poles and subway cars are covered with the corresponding “offers” . Secondly, “tourists” are active: scammers travel mainly to small settlements and collect documents for subsequent processing of loans. Thirdly, bank credit specialists sometimes collude with criminals, both to study the financial institution’s customer assessment policies and to quickly “push” the right client.
Recently, “financial bubbles” have become increasingly common in the market. “These organizations open a business by attracting banks to lend to their clients,” explains Alexey Manerkin, head of operational analysis and anti-fraud at Home Credit Bank . – First, good clients who do not arouse suspicion come to the bank. But then loans begin to be issued to people of low social level with a pre-prepared “legend”. At first, loans are repaid regularly, but at the expense of funds received later. At some point, this pyramid collapses, the organizers of the “financial bubble” go into hiding, and the bank receives huge losses.” The specialist sees the main task of banks to identify such pyramids in the early stages.
Technology and Social Engineering
Fraud using information technology continues to pose a major threat to banks and their clients . This is, first of all, skimming - the theft of plastic card data using a special reading device, a skimmer, which is attached to an ATM. Attackers can copy all the information from the card: the holder’s name, number, expiration date, CVV and CVC code. And using a mini-camera or an ATM keypad overlay , they can find out the card's PIN code . At the same time, you can become a victim of fraudsters not only when using an ATM, but also in the process of paying for purchases at public points. Thus, unscrupulous cashiers, waiters and hotel administrators can use portable skimmers or special devices attached to the POS terminal.
Anvar Khairetdinov , head of the anti-fraud policy development department at Citibank, says that fraudsters quite often buy goods and services on the Internet using stolen cards, so banks have recently been paying increased attention to the security of Internet banking and mobile banking systems.
Phishing , a type of fraud aimed at stealing user data, including bank card details, has also been on the list of main threats for several years now . Using social engineering methods, criminals try to find out the necessary information by calling clients, via SMS or email . Increasingly, there are cases when fraudsters create fake pages of credit institutions: by following the “left” link, the client may not suspect anything and leave his data on them.
Banking front
Naturally, the ingenuity of fraudsters should not go unanswered by banks if they want to maintain their financial stability and good reputation .
The main methods of combating fraud can be divided into organizational and technical. Organizational ones usually include staff training , writing job descriptions and monitoring their implementation. “Despite the fact that we live in the age of information technology, in which technical innovations can solve most problems, neglecting this particular group of control methods usually brings the greatest losses. A well-trained employee at a bank branch or an attentive cashier when accepting plastic cards will save more money than the most modern IT system,” notes Vladimir Teplygin , leading software developer at Sinimex .
Technical means include a whole set of software systems that allow you to automatically or semi-automatically recognize an attempt to commit fraud . “The IT landscapes of banks include both global protection systems that cover all possible channels through which external or internal fraud is possible, as well as specialized systems tailored to solve specific problems,” continues Vladimir Teplygin . — The advantages of the first type of security measures include greater coverage of information necessary for processing, which will make it more likely to identify a fraudster who operates through the maximum number of bank channels. Specialized systems are usually able to “catch” specific cases.”
The most popular anti-fraud systems in banks are software solutions that analyze the parameters of card authorizations, AML (Anti Money Laundering) systems aimed at combating money laundering, as well as complexes that allow analyzing the actions of their own employees for internal fraud .
The set of steps to combat fraud is determined by the internal policy of the bank, the features of the products that the bank provides to its clients, the service channels used (branches, Internet banking , mobile banking, telephone), as well as - and no less - the budget that the bank allocates for protective activity. “In this case, we are talking mainly about monitoring and analyzing transactions on plastic cards, working to ensure the security of ATMs , checking clients when applying for a credit product (for example, according to credit bureaus) using internal and external databases, ensuring safe work on the Internet -bank and mobile bank,” explains Anvar Khairetdinov .
For example, at Citibank , according to the expert, as part of the fight against fraud, methods of protection against fraud are constantly being improved, new technologies are being introduced that prevent the theft of funds from customer accounts, and customers are also notified of actions on their accounts. Thus, from January 1, 2014, in the context of the new law on the national payment system, the bank introduced free SMS for all expense transactions. Many financial organizations have intensified educational and explanatory work with clients: training is provided on the correct and safe use of banking products, and special information messages are sent out. In addition, it has become a rule of good manners for banks to post on their websites information about types of fraud, where you can also learn how to act for those who have become their victims.
From biometrics to social media
In the fight against fraud associated with forgery of documents, the use of biometric technologies for personal identification by banks using customer photographs has proven itself to be effective. “In this case, it is possible to identify attempts by one person to obtain loans under different documents,” says Alexey Manerkin. – The technologies used by Home Credit Bank allow you to create narrow segments for searching in the database of accumulated photographs. This makes it increasingly difficult for fraudsters to get lost in the crowd of clients.”
Alexey Manerkin emphasized that the main tool in the fight against attackers is the organization’s methodology and its own technological developments, in particular, a “smart” system of cross-checks against the client base, promptly replenished stop lists, a high-precision biometric system, and scoring cards.
As representatives of banks note , when working with the riskiest groups of loans, a comprehensive check by the underwriting service is most effective. Within its framework, telephone calls are made , various external services are connected to collect information on the client and its subsequent reconciliation. For example, you can highlight the Fraud Prevention Service (FPS) from the Equifax Credit Services bureau , which contains more than 136 million credit histories and allows you to identify fraudulent attempts to obtain loans. In addition to the services of credit bureaus, publicly available information from government agencies (Federal Tax Service , Federal Bailiff Service , etc.) plays an important role. Among the relatively new directions adopted by banks is the use of mapping services (for example, Yandex Maps, 2GIS), monitoring of social networks.
An example of an effective fight against credit fraud at the Experian Anti-Fraud Day 2013 conference was given by representatives of UniCredit Bank . With the help of the Hunter service from the United Credit Bureau (UCB), a criminal scheme in Moscow and St. Petersburg was identified and investigated , in which fraudsters provided fake 2-NDFL certificates and work books. Thanks to Hunter, it was possible to connect more than 150 customer applications from 17 organizations with intersections based on work book numbers. In general, according to OKB partner banks, the direct effect of connecting to the service is to reduce the risk of financial losses from “bad” debts by as much as 20–30%.
Vladimir Teplygin advises banks to pay attention to the defining characteristics of various anti-fraud systems. Firstly, this is accuracy, that is, the percentage of correctly identified cases. Secondly, this is the percentage of false positives, because if the system very often notifies in vain, then this entails an increase in costs when using it.
It is worth considering that there is no universal solution that will ensure complete protection of the bank from fraudsters. It is important to maintain a barrier at each section of the security system that is adequate to the current level of threats , and, if possible, act preventively.
(c) Andrey Arsentiev
Как снизить риск потерь от мошенничества в банках на 20–30% - CNews
Оперируя большими денежными суммами, банки привлекают внимание преступников. Мошенники становятся все более...
www.cnews.ru
