Don't Overlook the Online Channel: Combating Cross-Channel Fraud at the Cause

The most recent threat to online banking accounts and online fraud detection involves fraudsters using a multi-step plot that involves various interaction points with financial institutions.

Cyber-criminals commit this cross-channel fraud by first breaching an account via the online channel to pilfer precious information such as account balances, check images, or signature blocks, in order to commit wire, check and other types of offline swindles that never get associated to the original breach online.

Regrettably, the online channel's role in these scams is often overlooked. This is exactly what makes this kind of fraud so effective - and hard to catch. Financial institutions just register the final transaction fraud, and can't account for the original violation, which often occurs in the online channel. Add this to the actuality that consumers don't know it is happening, and the fraudsters have a wonderful opportunity to continuously get away with this crime.

Case in point is what occurred recently to a leading financial institution that serves tens of thousands of customers daily. Despite hard line efforts to look after its online environment, fraudsters carried out a startling cross-channel fraud scheme.

Here's how the fraud scheme happened:

1. The fraudster called up the institution's customer service number and, via social engineering procedures, reset the online account password and contact phone number.

2. The fraudster entered the online account, learned more about the customer's online activities, and downloaded check images holding the customer's signature.

3. The fraudster then called on a unconnected institution using the stolen information to open a brand new account in the victim's name.

4. A wire transfer was set up to empty the victimized account and credit the new account at bank #2. Because the names on the accounts were matching and the fraudster had presented a phone number under his/her control and a official looking signature, an offline authentication of the transfer by phone, as a second means of identification, passed and was authorized.

5. The fraudster withdrew his loot piecemeal, visiting separate branches in a state other than the victim's.

Legacy Fraud Detection Techniques Blind to Online Activity

When fraudsters employ schemes involving multiple interactions with separate touch-points across an organization, they aren't caught for the reason that the precursor online channel breach is often overlooked.

Common industry practice registers the closing fraud transaction as the breach place, and case forensics employ partial resources to return insight that cannot discover the original breach to the online channel. When accessed only for exploration, the online channel records no "transaction" for detection. This is precisely what makes cross-channel fraud so efficient - and so hard to catch. Moreover, as what kind of fraud is our prior example to be categorized. Is such a loss wire fraud, check fraud, or simply "online account fraud"?

A next-generation approach to online fraud detection and prevention is needed if we are to continue to retain customer confidence in online banking security. According to Javelin Research's 2007 Identity Fraud Survey Report, it is an average of 60 days for consumers to even indentify that fraud has occurred. This leaves fraudsters with a dangerous opportunity to execute successful cross-channel fraud crimes if financial services providers don't take pre-emptive steps to protect both their customers and their bottom line. New best practices and back-end technologies that concentrate on online behavior can better isolate and prevent cross-channel fraud at the source.

Modeling Individual Account Behavior Stops Fraud at Its Source

An emergent best practice of online fraud prevention is to employ predictive models of individual customer online activities to detect when the "customer" logging in isn't who they say they are, even if they pass authentication. Beyond standard machine signature technology, user profiling technologies count on trended analysis of behavior account by account. They start by accepting what "normal" behavior is for each individual customer - and admit that there is no single guide of "normal" behavior to write an anti-fraud rule for.

Dynamic, model-based investigation of account activity "does the math" - piecing together what by themselves may seem like weak indicators of fraud until a unmistakable pattern emerges of online fraud detection. Behavior that differs from what is expected becomes suspicious - the more the deviation, the deeper the suspicion. This comprehensive analysis allows for more granular risk scoring and better connection with offline activity patterns. A spin-off of this behavioral analysis through transaction monitoring software, also provides a rich history of online activity that aids case management and forensics.

Using these techniques, organizations can identify the fraudster via the warnings to online activity outside the customer's predicted behavior. Deploying strong analytics at the source - the online channel - ensures that fraudsters' assaults are shut down before any damage is done.

Article Source: http://www.articlecontentprovider.com/articlesubmit

The most recent threat to online banking accounts and online fraud detection involves fraudsters using a multi-step plot that involves various interaction points with financial institutions. Cyber-criminals commit this cross-channel fraud by first breaching an account via the online channel to pilfer precious information such as account balances, check images, or signature blocks, in order to commit wire, check and other types of offline swindles that never get associated to the original breach ...

Erwin Roberts is a online banking security enthusiast who writes on the online banking security topics. Guardian Analytics is the technology leader in the fraud detection and prevention of online accounts. They provide real-time risk management solutions that protect online channels. Guardian Analytics offers an analytics-based software solution that addresses the entire risk management lifecycle. http://www.guardiananalytics.com/index.php

Please Rate this Article

5 out of 5 4 out of 5 3 out of 5 2 out of 5 1 out of 5