Fraud and Breach Prevention Summit Chicago June 21-22nd, Chicago IL
Anand Sureka | Guardian Analytics
Behavioral Analytics for Preventing Fraud Today and Tomorrow
Fraud & Breach Prevention Summit Chicago #ISMGSummits 2
About the Speaker
Anand Sureka
Senior Solutions Engineer, Guardian Analytics Anand Sureka is a Senior Solutions Engineer at Guardian Analytics. He has spent over a decade working with banks to develop and integrate software solutions into online banking and payment services, including fraud detection, personal financial management, bill pay, ACH transfers and credit card payment services. Prior to joining Guardian Analytics, Anand was a principle consultant for the professional services team at Envestnet-Yodlee.
Fraud & Breach Prevention Summit Chicago #ISMGSummits 3
• Fraud and Breach Prevention Summit Miami
Behavioral Analytics - Preventing Fraud Today
• April 12-13, 2016 – Miami, FL
Anand Sureka
Fraud & Breach Prevention Summit Chicago #ISMGSummits 4
Banks Facing Unprecedented Trust Issue
§ Demiseintrust§ Legacyandsiloapproachesfailing-increaseinfraud
§ Can’tholdback-compe;;vepressureforcinginnova;on
§ Newapproachisneeded
Trust
Compe,,vepressures
Thirdpartyproviders
Compe;;veBanks
Speed
ConvenienceSimplicity
Products/Services
Customerexperience
Opera6onalCosts
Databreaches• MalwareSocialengineeringSinglechannelCross-channel
CustomerAccessCustomerData
Fraud & Breach Prevention Summit Chicago #ISMGSummits 5
New Requirements for Fraud Prevention
Support payment /channel
innovation
Improve customer experience
Increase operational efficiency
Address modern
fraud
Fraud & Breach Prevention Summit Chicago #ISMGSummits 6
Meeting The New Requirements
Identity
Threat specific
Payment/channel slice
Behavior
Threat agnostic
Holistic view
Legacy Modern
Rules/scenarios Analytics
Fraud & Breach Prevention Summit Chicago #ISMGSummits 7
Success Starts With Broad View of Behavior
OOBAChannelDeleteOOBAChannelEditPasswordChangeUserCreateUserDeleteUserEditUserEnrollmentCreateUserEnrollmentDeleteUserEnrollmentEditUserViewInformationalCheckImageView
AccountCreateAccountDeleteAccountEditAlertCreateAlertDeleteAlertEditExternalAccountLinkInternalAccountLinkMFAOptionsChangeRemoteDepositCaptureReportViewOOBAChannelCreate
WireTemplateApproveWireTemplateCreateWireTemplateDeleteWireTemplateEditWireTemplateSubmitWireTemplateApproveWireTemplateCreateWireTemplateDeleteWireTemplateEditWireTemplateSubmit
HTTPAcceptEncodingHTTPAcceptLanguageHTTPClientIPHTTPCookieHTTPForwardedHTTPForwardedForHTTPHostHTTPLocationHTTPProxyHTTPRefererHTTPRequestURI
BrowserPluginsCookieCookiesEnabledDeviceIDFontListJavaEnabledLanguageBrowserLanguageSystemLanguageUserLatitudeLongitude
DirectionToAccountToAccountTypeFromAccounTypeAmountinUSDollarsStatusStatusReasonRecurringPaymentReceivingBankIDReceivingBankNameRecipientOtherInstructionsDestinationType
ACHParticipantDeleteACHParticipantEditACHParticipantSubmitACHTemplateApproveACHTemplateCreateACHTemplateDeleteACHTemplateEditACHTemplateSubmitACHParticipantApproveACHParticipantCreate
WireApproveWireCreateWireDeleteWireEditWireSubmitWireEvent
BillPayApproveBillPayCreateBillPayDeleteBillPayEditBillPaySubmit
ACHBatchApproveACHBatchCreateACHBatchDeleteACHBatchEditACHBatchSubmitACHCreditEntryACHDebitEntry
TransferApproveTransferCreateTransferDeleteTransferEditTransferSubmit
MFA ChallengeLoginUTCTimestampSingleSignOnLogoutDeviceRegisteredChannelCompany IDASNsNetwork attributes
HTTPViaHTTPXClusterClientIPHTTPXForwardedHTTPXForwardedForHTTPXTrusteerRapportImmutableCompanyIDImmutableUserIDIPAddressIPv6AddressSessionIDSignOnID
OSPlatformScreenResolutionTimeZoneOffsetUserAgentStringUserAgentStringDOMPhone NumberGPS eventsWifi/Bluetooth/NFC HardwareHTTPAcceptHTTPAcceptCharsets
PayeeApprovePayeeCreatePayeeDeletePayeeEditPayeeSubmitTransferTemplateApproveTransferTemplateCreateTransferTemplateDeleteTransferTemplateEditTransferTemplateSubmit
Login/Access
Account Activity
Transactions
Fraud & Breach Prevention Summit Chicago #ISMGSummits 8
Real-time Behavior-based Risk Scoring
Login/Access
Account Activity
Transactions
Riskscoreeveryevent
Eacheventupdatesrisk
LLML
H
Rule
Rule
Behavioral Analytics • Individual • Population
•
RiskData
Machine Learning
Fraud & Breach Prevention Summit Chicago #ISMGSummits 9
Risk-based Intervention
Login/Access
Account Activity
Transactions
Riskscoreeveryevent
Eacheventupdatesrisk
LLML
H
Rule
Rule
• Behavioral Analytics • Individual • Population
•
RiskData
Rules-driven interdiction
Risk-driven interdiction
Policiesdriveinterdic;onac;ons(foranyriskscore)
Fraud & Breach Prevention Summit Chicago #ISMGSummits 10 • 10
Guardian Analytics Protects
Fraud & Breach Prevention Summit Chicago #ISMGSummits 11
Partnership with The Norman Group
“To stay competitive, financial institutions need to continually enhance their customer-facing products and back-end technology platforms, and in parallel, rapidly advance their capabilities to protect offerings and channels. We are excited to combine our technical and project management expertise in conjunction with Guardian Analytics Omni-Channel Fraud Prevention solutions to help financial institutions maintain a strong pace of innovation without increasing their fraud risk.”
- Rob Grzeszczak, President and Managing Director
Fraud & Breach Prevention Summit Chicago #ISMGSummits 12
Use Case #1 – Reducing Challenges for Large Commercial Bank
Domes;cCashMovementApplica;on
GlobalCashMovementApplica;on
WireProcessingSystem
ACHProcessingSystem
Client
BusinessBanking
PrivateBanking
WealthManagement
PerformanceAnalysis/RiskMgmt
MarketInvestment/FundMgmt
ExternalDepositServices
ForeignExchange
BenefitsManagement
BenefitsPar,cipant
RetailBanking
BusinessBankingCentralAuthen;ca;on
• Guardian Analytics Online Behavioral Analytics
Risk scores drive stepped up
authentication
Fraud & Breach Prevention Summit Chicago #ISMGSummits 13
Use Case #2 – ACH, Same Day ACH
• NACHAfilestransmiMedoruploaded
• Filesprocesseduponreceipt
• Alertspublishedwithinminutes
ODFI
$$tocustomer
Guardian Analytics ACH Behavioral Analytics
ACH Batch Risk scores
ACH Batch Risk scores
ACH Batch Risk scores
Fraud & Breach Prevention Summit Chicago #ISMGSummits 14
Use Case #3 – Wire Fraud
Detec%on Rates
Alert Volumes
Low
Low
High
High
Trust too li:le
Know when to trust Know when NOT to trust
Trust too much
Over$100KAndinterna;onalAndnewrecipient
Over$100KOrinterna;onalOrnewrecipient
The Wire Fraud Challenge
Fraud & Breach Prevention Summit Chicago #ISMGSummits 15
Analytics Innovations to Raise and Lower Trust Learneachindividualoriginatorbehaviorover;metodeterminerisk
Learnnewrecipientra;o,typical
beneficiarypaMerns(i.e.keepsfalseposi;vesfor;tlecompaniesdown)
Looktoseeifwecanraiseorlowertrustofa
beneficiary
If multiple wires to same “bene” spread out, can raise trust
If many in rapid succession, less trust worthy
Usewhatwe’velearnedfromother
fraudMule
Match in mule db?
Recipient
Originator
Fraud & Breach Prevention Summit Chicago #ISMGSummits 16
Putting It All Together
Wouldbeneficiarybeexpected?(newbeneficiaryra6o,beneficiaryandFIloca6on/region)
Aretheoriginator’swireac,onsnormal?(6ming,velocity,type,accounts,direc6on,useofinstruc6ons,contentofinstruc6ons)
Arethewirestypical?(type,amount)
OriginatorModel
WireBehavioralAnaly,cs
Cross-ins,tu,onriskdata(Networkeffect)
BeneficiaryModel
Isthisahighorlowriskbeneficiary?(beneficiaryhistorywithotheroriginators,name/accountnumbermatch,suspectedmule)
SelflearningNorulestowriteNotthreatspecificAdaptstonewthreat
Automa;cupdatestoanaly;cs
100+aMributesfromwiresystem
Fraud & Breach Prevention Summit Chicago #ISMGSummits 17
Approach Highly Effective With BEC
Newbeneficiariescommon(40%ofwirestonewbeneficiaries)BECbeneficiaryFIsvary(domes;c,interna;onal,banks,creditunions)
SpoofedCEOemail
Spoofedsupplieremail
Legi,mateuser
(CFOorcontroller)
• Online
• Fax
• Branch
• Criminalbeneficiary
• ormule
Criminals do their homework on their targets and prey on urgency, sense of duty and importance
Legitimate user logs into online banking or requests the wire (legacy ATO detection methods don’t work)
BEC amounts within typical range of client wires
Fraud & Breach Prevention Summit Chicago #ISMGSummits 18
Behavioral Analytics Detects Account Takeover and Business Email Compromise
SpoofedCEOemail
Spoofedsupplieremail
Legi,mateuser
(CFOorcontroller)
• Online
• Fax
• Branch
• Wiretransfer
Amount
ExpectedOBIuse
Velocity
Beneficiary
BeneficiaryFI
BeneficiaryLoca,on
Name/accountnumberchangesandmatch
IndividualandBankPopula,onOriginatorModels
Cross-originatorBeneficiaryModels
GuardianAnaly,csusesoriginator,popula,onandcross-originatorbeneficiarymodelstoaccuratelydetectfraudwithlowalertvolume;norulesorscenariostodefine
Criminalcanspoofemailsender,
contentlanguage,style,wireamounts
Buttheycannotspoofhowan
originatorsendsawire
Fraud & Breach Prevention Summit Chicago #ISMGSummits 19
Recent Successes
Fraudprevented$19Minlasttwomonths
(primarilyBEC,havenotmissedfraud)
EfficiencygainsBankreducedreviewstoonly
highriskwires(50-100wires/day)
ClientexperienceReducedcallbacks
Reduc;oninalertshasfreed;metodiscusspossibleBECwith
clientsinmoredetail
Bankwith~4,000wiresperday
Fraudprevented$500Kinlastsixmonths
(BECandATO,havenotmissedanyfraud)
EfficiencygainsReducedreviews70%(75/
day)Increasedwirerisk
managementcoverage400%
ClientexperienceFasterprocessingFewercallbacks
(1-5/day)
Bankwithnearly2,000wiresperday
Fraud & Breach Prevention Summit Chicago #ISMGSummits 20
Behavioral Analytics In The Future Anand Sureka
Fraud & Breach Prevention Summit Chicago #ISMGSummits 21
Meeting The New Requirements
Identity
Threat specific
Payment/channel slice
Behavior
Threat agnostic
Holistic view
Behavior + context
Threat agnostic
Omni-channel
Legacy Modern Next-Generation
Rules/scenarios Analytics Analytics
Fraud & Breach Prevention Summit Chicago #ISMGSummits 22
Unified Omni-channel Fraud Prevention
• Channels
• Payments
• ATM
• Contact Center
• POS
• Branch
• Online
• Mobile
• Bill Pay
• Debit
• Wire
• ACH
• P2P
Customers are omni-channel. Criminals are omni-channel.
Fraud & Breach Prevention Summit Chicago #ISMGSummits 23
Unified Omni-channel Fraud Prevention
Channels
Payments
• ATM
• Contact Center
• POS
• Branch
• Online
• Mobile
• Bill Pay
• Debit
• Wire
• ACH
• P2P
Fraud prevention should be omni-channel, too
Enterprise API
Omni-Channel Risk Engine
Omni-Channel Visual Analytics
Payments Channels Devices Locations Risk Data
Fraud & Breach Prevention Summit Chicago #ISMGSummits 24
New Requirements for Fraud Prevention
Support payment /channel
innovation
Improve customer experience
Increase operational efficiency
Address modern
fraud
Questions?
Follow Guardian Analytics
Thank You for Attending!