History of Fraud Detection
Antifraud systems were evolving insensibly all over the world: detected incidents drove the process.
Initially the funds had been stolen from individuals’ bank accounts. But then in the period of years 2008-2010 huge number of thefts came to legal entities. The fraudsters copied the files containing electronic digital signature.
In 2014-2015 the banks were attacked by serious trojan «Lurk».
The need for antifraud system was transferred from ”no loss in bank” to ”on-line cross-channel solution”.
Social Engineering or «attack per a human» is a combination of psychological and sociological methods and techniques for steeling personal data.
Social Engineering is № 1 in COVID-19 pandemic period:
More effectual phone calls
Waspish manner of talk
More psychological pressure
More sophisticated instruments of phishing
Social engineering: General Scheme
“Pretexting” is the fraudster’s attack in which the intruder introduces himself like fake person and finds out the confidential info by prepared scenario.
Fake personality is created
Known data is used from public resources
Requests become more persistent
Detection and Fraud Prevention
Detection and Prevention of the most complex Fraud without impacting customer experience by analyzing device, behavioral, and transaction data in real-time.
Session and transaction monitoring
Data on client and device
Data on transactions’ activity
Details on devices: model, type, identification, language, IMSI, IMEI…
Remote control (TeamViewer …), presence of the active call…
Clients’ data screening ("Know Your Customer” concept)
Combination of‘model-based’ and ‘rule-based’ concepts
«rule-based»: risk assessment based on the known attack schemes
«model-based»: risk assessment with applying self-learning systems, automatically adopted to the new attacks
Social Engineering: Phishing
Phishing like “fishing” - is such kind of Internet Fraud when intruder tries to get personal data of the customer.
Fraudster is using“carelessness” of the customer
Fraudsters use holiday sales period to register hundreds of fake domain of popular brand shops.
By using these clone-sites, the fraudsters can get access to the bank credentials of the customer, empty his bank accounts or get money for the fake goods.
Internal Fraud: Employee Control
Third party presence
Detection of the ”closed” cam
Detection of screen photography
Enforcement by third parties
Absence of employee on video
As a result of control and authentication:
Behavior profiling and detection of anomalies
Detection of anomalies during finance operations
Fraudsters attack bonus and loyalty systems
Some techniques that Fraudsters use:
Vulnerabilities in information systems
”Phishing” as a method to get users’ credentials
Internal Fraud with bonus systems & loyalty cards
Bonus transfer to the friends
Applying clients bonuses for paying other people's purchases
Bonus assessment to fake customers
Incorrect or illegal bonus transfer to other accounts
Bonus cashing out by employees
Clients’ Fraud with bonus systems & loyalty cards
Buying the goods with bonus assessment and return with bonuses spent
Write-offs of the same bonuses from different distant channels at the same time
Attempts to get bonuses for activity in charts and social media
Loyalty program Fraud, General Method of Detection
In case of fraud prevention, promptly receive information about о customer/operator’s actions in distant channels including:
Assessments, buying, returns/cancellations of transactions, shares
Details on device and geo location of operation
Data on client, operator, trade office or partner
In case of abnormal actions of Operator/Customer, issue notifications and create incident response. For example:
Abnormal manipulations with bonuses by operators, customers, partners
Unauthorized bonus withdrawal
Theft of Identity for bonus applying
Return of the goods with bonuses (previously placed or used)
GENERAL ANTIFRAUD SYSTEM PURPOSE
Reducing losses associated with fraudulent activities on behalf of Clients names;
Result: Reduced losses
Maintaining reputation and reducing image risks, increasing trust for using different service channels;
Result: Increasing number of clients and volume of operations
Reducing the cost of preventing and investigating fraudulent activities through effective detection of fraudulent payments
Result: Reduced losses
Copyrights for this article belong to our vendor Fuzzy Logic Labs