Fraudsters Don’t Worry About Privacy, Why Should We?

In today's world of cybersecurity threats, fraudsters use social media to gather personal information and target vulnerable places within your organization. The criminals have no boundaries when securing illicit funds and then funneling them through financial institutions disguised as legitimate financial transactions and eventually sending wires to offshore accounts.

According to a recent Federal Deposit Insurance Corporation study, "cyberthieves have cost U.S. companies and their banks more than $15 billion in the past five years." At a recent SAS Government conference, former U.S. Treasury Special Agent John A. Cassara said, "we are witnessing a plethora of new, high-tech value transfer systems that can be abused to launder money and finance terror." 

If you were asked to share your personal information, would you? Such a question is bound to trigger privacy arguments. However, what if sharing information about the bad guys (i.e., potential fraudsters and their tactics) could save your organization substantial revenue, increase customer loyalty and reduce the risk of negative publicity?  Banks are discussing approaches to sharing customer data amongst themselves with some anonymity intact. With analytics,  predictive variables  can be narrowed down and stored in a data consortium so that more enhanced models can be built and shared to better predict new fraud schemes with contributing financial institutions.

To protect themselves, organizations and governments may need to revisit certain privacy rules. For example, in 2010 the European Parliament approved an agreement for the European Union to transfer data from the Society for Worldwide Interbank Financial Telecommunication – a Belgium-based consortium that provides financial data transfer communication services for more than 8,000 banks worldwide – for use by the U.S. Terrorist Finance Tracking Program.

While U.S. consumers have been cautious to adopt mobile banking, the growth of mobile payments is expected on such apps as Google Wallet. Many of these new applications lack appropriate security. For example, most mobile phones do not have anti-virus software, so they provide less protection than computers.

According to Adam Kaufmann, executive assistant district attorney and chief of the investigation division at the New York County District Attorney's Office, "Cross-industry communication is critical to understanding the rapidly changing world of technology and the risk some of these new mobile payment systems pose, as criminals will look to move the money through the systems that give them anonymity."

Overcoming certain privacy restrictions can result in a big-picture behavior-based view of what is "normal," thus increasing accuracy in detecting fraud and money laundering. Accurately detecting fraud and money laundering requires knowing whether an activity or event has met a certain business rule and whether that trigger is meaningful. True detection relies on understanding behavior in broader context to alert organizations to potential fraud, while notifying marketing and lending groups of the credit risk exposure.

Customers see their bank as a single brand that operates across multiple channels (ATMs, branch offices, online, call centers, mobile, etc.). Banks, likewise, see customers as diverse entities segmented by product (mortgage, credit card, consumer banking, small business, home equity, etc.). Criminals know this all too well. They often take advantage of bank fraud systems that rarely monitor customer behavior across multiple accounts, channels and systems to hide fraud and money-laundering activities in cross-channel transactions.

Institutions that are serious about combating financial crimes are adding entity link analysis or social network analysis to their arsenals. Network analysis helps investigators detect and prevent criminal activity by identifying patterns of behavior that only appear as suspicious when viewed across related accounts or entities.

Consortiums such as SWIFT and the National Cyber-Forensics and Training Alliance are paving the way for many other data consortiums that have not yet reached their full potential. Several companies with client support currently have consortiums  to look for new ways to build better analytical models. Centralized data can be mined more easily to detect anomalies, or used to build predictive models from known fraud events that can then be deployed across organizations to spot new, similar schemes.

A centralized, shared platform can automate and streamline the alerts through either  batch or real-time monitoring. A centralized case management platform makes it easier to coordinate and collaborate on alerts, cases and investigations, as well as share leads, information and best practices between the fraud and anti-money-laundering teams.

There are multiple innovative technologies that are rocking the boat with many privacy advocates –  Facebook, Google Wallet and facial recognition are of primary concern right now. A certain amount of privacy is necessary to protect our rights. However, as we use more products and services through mobile access methods and social media, the industry needs to strike the proper balance between privacy and security.

Ellen Joyner-Roberson is the principal global marketing manager for SAS Security Intelligence, a unit of SAS in Cary, N.C. She can be reached at Ellen.Joyner@SAS.com.