Pub. 11 2021 Issue 1

20 www.azbankers.org Capturing These Three Data Types Can Transform Your Fraud Monitoring This article originally appeared in the American Bankers Association Magazine By Matthew Van Buskirk W HEN WE THINK OF THE WORK done by anti-fraud and AML teams, we automatically view it from the bank’s perspective. e know that bad actors are trying to com- mit fraud and launder money through the financial industry, and we take steps to stop it. We think in terms of how much it costs to keep the bad guys out. But we rarely think about this from the bad guys’ perspective and how much it costs them to get in. Viewing things through their eyes is the key to understanding how to design modern AML programs — don’t try to block them outright. Instead, make it too expensive for them to bother trying. Bad actors are changing their tactics quickly, and keeping up is difficult for banks. Compromised Data and Synthetic Identities Security firm Norton reported that 4.1 billion consumer records were compromised in 2019. We have reached a point where a fraudster may be more likely to pass standard KYC/CIP checks than a legitimate customer. This is possible because the fraudster can buy a full set of compromised identity data on the dark web and enter completely accurate customer information when signing up for an account. Since that information is entered via a script, the fraudster won’t make any mistakes where a real person may fat finger a digit in their Social Security number. Compromised data sets are bad, but there is still a chance that the consumer will notice unexplained accounts on their credit report. Synthetic identities remove that risk for the bad actor. The FTC identified synthetic fraud as the fastest growing form of fraud in the U.S. This approach is even harder to detect since the identities are manufactured to appear real. Bad actors combine pieces of different individuals’ personal information into a synthetic persona, then patiently build a history for that persona, often including financial accounts, on-time loan payments and an online social media presence. In the fraud context, the bad actors are looking to build trust to allow access to large credit lines before “busting out” and disappearing. Most of the focus on synthetic identities is on their potential for fraud. Still, the more nefarious use case may be in money laundering, where the manufactured identity keeps operating normally with no fraud occurring. If the only tools at the banks’ disposal are credit checks, validation of CIP data fields, and rules-based transaction monitoring, it will be nigh-on impossible to differentiate between the good customers and the wolves in sheep’s clothing. So, how should a bank deal with these evolving threats? In short, look to capabilities developed in the fintech space that center on gathering data beyond the scope of traditional KYC/ AML programs. In a fintech firm, the customer’s primary, if not only, interaction with the product is through a smartphone. They never meet their customers face to face and may only rarely speak with them on the phone. A bank’s face-to-face interaction with its customers is often viewed as a positive since it allows for some certainty that the person is real, but that is a false sense of confidence. The various channels a customer can use to interact with a bank mean that the bank needs to spread its risk controls more widely. By contrast, fintech companies invest more deeply in digital capabilities. That investment mainly focuses on capturing additional data signals that can paint a complete picture of customer activity to determine whether something feels off. Three categories of data matter more than ever: u IP intelligence — Bad actors take steps to hide their internet tracks, making it difficult to trace the activity back to them. Legitimate customers may use tools such as VPNs to protect themselves from identity theft, but more sophisticated tools such as TOR are more often than not a mark of something suspicious going on. IP intelligence monitoring can give compliance teams insight into how the customer connects to the bank’s platform and prime them to ask the customer to reconnect without any masking techniques to validate who they are. Of course, this signal alone isn’t enough for the most sophisticated bad actors, as they may be working with a network of compromised home computers and can route their activity through a customer’s IP address without the customer knowing. v Device fingerprinting goes a step beyond simple IP intelligence to capture additional device attributes such as