behavioral analytics for preventing fraud today and tomorrow

Fraud and Breach Prevention Summit Chicago June 21-22nd, Chicago IL

Anand Sureka | Guardian Analytics

Behavioral Analytics for Preventing Fraud Today and Tomorrow

Fraud & Breach Prevention Summit Chicago #ISMGSummits 2

About the Speaker

Anand Sureka

Senior Solutions Engineer, Guardian Analytics Anand Sureka is a Senior Solutions Engineer at Guardian Analytics. He has spent over a decade working with banks to develop and integrate software solutions into online banking and payment services, including fraud detection, personal financial management, bill pay, ACH transfers and credit card payment services. Prior to joining Guardian Analytics, Anand was a principle consultant for the professional services team at Envestnet-Yodlee.


• Fraud and Breach Prevention Summit Miami

Behavioral Analytics - Preventing Fraud Today

• April 12-13, 2016 – Miami, FL

Anand Sureka


Banks Facing Unprecedented Trust Issue

§ Demiseintrust§  Legacyandsiloapproachesfailing-increaseinfraud

§ Can’tholdback-compe;;vepressureforcinginnova;on

§ Newapproachisneeded

Trust

Compe,,vepressures

Thirdpartyproviders

Compe;;veBanks

Speed

ConvenienceSimplicity

Products/Services

Customerexperience

Opera6onalCosts

Databreaches• MalwareSocialengineeringSinglechannelCross-channel

CustomerAccessCustomerData


New Requirements for Fraud Prevention

Support payment /channel

innovation

Improve customer experience

Increase operational efficiency

Address modern

fraud


Meeting The New Requirements

Identity

Threat specific

Payment/channel slice

Behavior

Threat agnostic

Holistic view

Legacy Modern

Rules/scenarios Analytics


Success Starts With Broad View of Behavior

OOBAChannelDeleteOOBAChannelEditPasswordChangeUserCreateUserDeleteUserEditUserEnrollmentCreateUserEnrollmentDeleteUserEnrollmentEditUserViewInformationalCheckImageView

AccountCreateAccountDeleteAccountEditAlertCreateAlertDeleteAlertEditExternalAccountLinkInternalAccountLinkMFAOptionsChangeRemoteDepositCaptureReportViewOOBAChannelCreate

WireTemplateApproveWireTemplateCreateWireTemplateDeleteWireTemplateEditWireTemplateSubmitWireTemplateApproveWireTemplateCreateWireTemplateDeleteWireTemplateEditWireTemplateSubmit

HTTPAcceptEncodingHTTPAcceptLanguageHTTPClientIPHTTPCookieHTTPForwardedHTTPForwardedForHTTPHostHTTPLocationHTTPProxyHTTPRefererHTTPRequestURI

BrowserPluginsCookieCookiesEnabledDeviceIDFontListJavaEnabledLanguageBrowserLanguageSystemLanguageUserLatitudeLongitude

DirectionToAccountToAccountTypeFromAccounTypeAmountinUSDollarsStatusStatusReasonRecurringPaymentReceivingBankIDReceivingBankNameRecipientOtherInstructionsDestinationType

ACHParticipantDeleteACHParticipantEditACHParticipantSubmitACHTemplateApproveACHTemplateCreateACHTemplateDeleteACHTemplateEditACHTemplateSubmitACHParticipantApproveACHParticipantCreate

WireApproveWireCreateWireDeleteWireEditWireSubmitWireEvent

BillPayApproveBillPayCreateBillPayDeleteBillPayEditBillPaySubmit

ACHBatchApproveACHBatchCreateACHBatchDeleteACHBatchEditACHBatchSubmitACHCreditEntryACHDebitEntry

TransferApproveTransferCreateTransferDeleteTransferEditTransferSubmit

MFA ChallengeLoginUTCTimestampSingleSignOnLogoutDeviceRegisteredChannelCompany IDASNsNetwork attributes

HTTPViaHTTPXClusterClientIPHTTPXForwardedHTTPXForwardedForHTTPXTrusteerRapportImmutableCompanyIDImmutableUserIDIPAddressIPv6AddressSessionIDSignOnID

OSPlatformScreenResolutionTimeZoneOffsetUserAgentStringUserAgentStringDOMPhone NumberGPS eventsWifi/Bluetooth/NFC HardwareHTTPAcceptHTTPAcceptCharsets

PayeeApprovePayeeCreatePayeeDeletePayeeEditPayeeSubmitTransferTemplateApproveTransferTemplateCreateTransferTemplateDeleteTransferTemplateEditTransferTemplateSubmit

Login/Access

Account Activity

Transactions


Real-time Behavior-based Risk Scoring

Login/Access

Account Activity

Transactions

Riskscoreeveryevent

Eacheventupdatesrisk

LLML

H

Rule

Rule

Behavioral Analytics • Individual • Population

• 

RiskData

Machine Learning


Risk-based Intervention

Login/Access

Account Activity

Transactions

Riskscoreeveryevent

Eacheventupdatesrisk

LLML

H

Rule

Rule

• Behavioral Analytics • Individual • Population

• 

RiskData

Rules-driven interdiction

Risk-driven interdiction

Policiesdriveinterdic;onac;ons(foranyriskscore)

Fraud & Breach Prevention Summit Chicago #ISMGSummits 10 • 10

Guardian Analytics Protects


Partnership with The Norman Group

“To stay competitive, financial institutions need to continually enhance their customer-facing products and back-end technology platforms, and in parallel, rapidly advance their capabilities to protect offerings and channels. We are excited to combine our technical and project management expertise in conjunction with Guardian Analytics Omni-Channel Fraud Prevention solutions to help financial institutions maintain a strong pace of innovation without increasing their fraud risk.”

- Rob Grzeszczak, President and Managing Director


Use Case #1 – Reducing Challenges for Large Commercial Bank

Domes;cCashMovementApplica;on

GlobalCashMovementApplica;on

WireProcessingSystem

ACHProcessingSystem

Client

BusinessBanking

PrivateBanking

WealthManagement

PerformanceAnalysis/RiskMgmt

MarketInvestment/FundMgmt

ExternalDepositServices

ForeignExchange

BenefitsManagement

BenefitsPar,cipant

RetailBanking

BusinessBankingCentralAuthen;ca;on

• Guardian Analytics Online Behavioral Analytics

Risk scores drive stepped up

authentication


Use Case #2 – ACH, Same Day ACH

•  NACHAfilestransmiMedoruploaded

•  Filesprocesseduponreceipt

•  Alertspublishedwithinminutes

ODFI

$$tocustomer

Guardian Analytics ACH Behavioral Analytics

ACH Batch Risk scores




Use Case #3 – Wire Fraud

Detec%on Rates

Alert Volumes

Low

Low

High

High

Trust too li:le

Know when to trust Know when NOT to trust

Trust too much

Over$100KAndinterna;onalAndnewrecipient

Over$100KOrinterna;onalOrnewrecipient

The Wire Fraud Challenge


Analytics Innovations to Raise and Lower Trust Learneachindividualoriginatorbehaviorover;metodeterminerisk

Learnnewrecipientra;o,typical

beneficiarypaMerns(i.e.keepsfalseposi;vesfor;tlecompaniesdown)

Looktoseeifwecanraiseorlowertrustofa

beneficiary

If multiple wires to same “bene” spread out, can raise trust

If many in rapid succession, less trust worthy

Usewhatwe’velearnedfromother

fraudMule

Match in mule db?

Recipient

Originator


Putting It All Together

Wouldbeneficiarybeexpected?(newbeneficiaryra6o,beneficiaryandFIloca6on/region)

Aretheoriginator’swireac,onsnormal?(6ming,velocity,type,accounts,direc6on,useofinstruc6ons,contentofinstruc6ons)

Arethewirestypical?(type,amount)

OriginatorModel

WireBehavioralAnaly,cs

Cross-ins,tu,onriskdata(Networkeffect)

BeneficiaryModel

Isthisahighorlowriskbeneficiary?(beneficiaryhistorywithotheroriginators,name/accountnumbermatch,suspectedmule)

SelflearningNorulestowriteNotthreatspecificAdaptstonewthreat

Automa;cupdatestoanaly;cs

100+aMributesfromwiresystem


Approach Highly Effective With BEC

Newbeneficiariescommon(40%ofwirestonewbeneficiaries)BECbeneficiaryFIsvary(domes;c,interna;onal,banks,creditunions)

SpoofedCEOemail

Spoofedsupplieremail

Legi,mateuser

(CFOorcontroller)

• Online

• Fax

• Branch

• Criminalbeneficiary

• ormule

Criminals do their homework on their targets and prey on urgency, sense of duty and importance

Legitimate user logs into online banking or requests the wire (legacy ATO detection methods don’t work)

BEC amounts within typical range of client wires


Behavioral Analytics Detects Account Takeover and Business Email Compromise

SpoofedCEOemail

Spoofedsupplieremail

Legi,mateuser

(CFOorcontroller)

• Online

• Fax

• Branch

• Wiretransfer

Amount

ExpectedOBIuse

Velocity

Beneficiary

BeneficiaryFI

BeneficiaryLoca,on

Name/accountnumberchangesandmatch

IndividualandBankPopula,onOriginatorModels

Cross-originatorBeneficiaryModels

GuardianAnaly,csusesoriginator,popula,onandcross-originatorbeneficiarymodelstoaccuratelydetectfraudwithlowalertvolume;norulesorscenariostodefine

Criminalcanspoofemailsender,

contentlanguage,style,wireamounts

Buttheycannotspoofhowan

originatorsendsawire


Recent Successes

Fraudprevented$19Minlasttwomonths

(primarilyBEC,havenotmissedfraud)

EfficiencygainsBankreducedreviewstoonly

highriskwires(50-100wires/day)

ClientexperienceReducedcallbacks

Reduc;oninalertshasfreed;metodiscusspossibleBECwith

clientsinmoredetail

Bankwith~4,000wiresperday

Fraudprevented$500Kinlastsixmonths

(BECandATO,havenotmissedanyfraud)

EfficiencygainsReducedreviews70%(75/

day)Increasedwirerisk

managementcoverage400%

ClientexperienceFasterprocessingFewercallbacks

(1-5/day)

Bankwithnearly2,000wiresperday


Behavioral Analytics In The Future Anand Sureka


Meeting The New Requirements

Identity

Threat specific

Payment/channel slice

Behavior

Threat agnostic

Holistic view

Behavior + context

Threat agnostic

Omni-channel

Legacy Modern Next-Generation

Rules/scenarios Analytics Analytics


Unified Omni-channel Fraud Prevention

• Channels

• Payments

• ATM

• Contact Center

• POS

• Branch

• Online

• Mobile

• Bill Pay

• Debit

• Wire

• ACH

• P2P

Customers are omni-channel. Criminals are omni-channel.


Unified Omni-channel Fraud Prevention

Channels

Payments

• ATM

• Contact Center

• POS

• Branch

• Online

• Mobile

• Bill Pay

• Debit

• Wire

• ACH

• P2P

Fraud prevention should be omni-channel, too

Enterprise API

Omni-Channel Risk Engine

Omni-Channel Visual Analytics

Payments Channels Devices Locations Risk Data


New Requirements for Fraud Prevention

Support payment /channel

innovation

Improve customer experience

Increase operational efficiency

Address modern

fraud

Questions?

Follow Guardian Analytics

Thank You for Attending!

behavioral analytics for preventing fraud today and tomorrow

Technology