Villains used to rob banks by blowing open vault doors and speeding off in a fast get-away car.
Today, they are more likely to do it sitting at a computer screen. With the majority of financial transactions now electronic, criminals have become more sophisticated, stealthily stealing money via financial institutions’ cash machines, internet banking and card systems.
Recent research by KPMG shows that financial crime – including money laundering, payment card and online banking fraud – has increased dramatically. In the UK it rose almost tenfold in one year, from £37m in 2004 to £360m last year, and figures for the US and Asia are just as bad.
But if crooks are getting smarter, so are the banks. They are introducing business intelligence and analytics systems to spot unusual behaviour, according to George Lennox, senior manager, group credit at HSBC.
While counterfeiting and stolen card fraud has been reduced in the UK following the introduction of chip and pin payment card systems last year, HSBC is also installing fraud detection systems in 25 countries. These will make it harder for gangs to use cloned cards in countries where physical payment card security is not strong, he says.
“Chip and pin has really helped reduce fraud in the UK, but we are still seeing hundreds of thousands of pounds in losses, as criminals shift their patterns to target internet sites. Exposed card information can also be used to clone cards in places, such as the US,” says Mr Lennox.
“If you multiply this around the world then the financial services industry could well be seeing billions of pounds of losses going to the criminal community.”
Working with business intelligence software company SAS, HSBC will use the IT system to profile its customers’ spending habits. If strange purchases occur at unusual times, in odd locations, or at two places that are geographically impossible to reach between purchases, then the bank will be alerted.
The SAS system also compares what it believes are genuine transactions with profiles of criminal spending habits that the bank has modelled from hundreds of fraud cases. “The criminals need to launder the money, so they are trying to buy goods which they know will be easy to sell for cash,” says Mr Lennox.
In addition to cash machine, e-commerce and retail fraud, resulting from card cloning, banks also need to take greater steps to stop hackers transferring money from internet banking accounts, says Martha Bennett, vice president at analyst Forrester Research.
“Banks should be analysing and profiling their customers’ online banking habits. They need to ask: ‘Do their customers log in at a certain time or undertake certain transactions all the time?’ You can’t underestimate the threat that criminals are increasingly focusing on bank’s customers through phishing,” says Ms Bennett.
While improved customer authentication is one method of reducing online banking fraud (see A costly game of cat and mouse), back-end intelligence systems that use geo-location technology to detect whether accounts are being accessed from San Francisco rather than St Petersburg can also stop online theft, she says.
Barclays Bank recently installed such a system from IT security firm RSA Security, to check that online banking transactions are in line with usual customer behaviour. Other data, such as location and the device that is being used will also be checked. Similar technology used by UK bank HBOS has reduced online fraud by 80 per cent.
Banks also need to work together, and share information systems, if they are to cut fraud, says Art Coviello, RSA Security’s president and chief executive: “What you need to do is create an ecosystem to attack the fraudsters. If you live in an unsafe neighbourhood – and on the internet it’s all unsafe – then you need to join together to do community policing,” he says.
One such system, is the RSA Security eFraudNetwork, a proprietary database used by Barclays and 50 of the world’s largest banks to track and share data on online fraud behaviour.
But while fraud detection systems are helping spot external crimes, banks also need to do more in terms of vetting staff and outsourcing partners, says Bennett. “When you look at where the threats are coming from, the huge losses very often have an element of collusion or are an internal job.”