Why behavioral intelligence is becoming the bank fraud team’s best friend

In this Help Net Security interview, Seth Ruden, Senior Director of Global Advisory at BioCatch, discusses how financial institutions are addressing fraud. He explains how banks are using behavioral biometrics, device fingerprinting, and network intelligence to enhance fraud prevention.

Ruden talks about how fraud prevention is moving beyond rules-based systems toward risk-scoring models and graph-based anomaly detection, and points out how scam playbook simulations and red teaming help strengthen financial institutions’ defenses.

Have you seen an uptick in cross-channel fraud (e.g., social media scams leading to fraudulent banking transactions), and how are banks responding to these blended threats?

Absolutely. While there’s been a greater emphasis on bad-actors identifying cross-channel exposure in the recent business cycle, this is a pattern those in this space have observed for a while now. It’s particularly striking how the emphasis on both reducing friction and enabling customers tends to leave those same customers more exposed.

A great example of this in banking is the channel breakout from online banking to card fraud. For the last decade or so, the industry’s added greater capabilities for customers to open mobile wallets from self-service venues and online/mobile banking apps, allowing us to leave our physical wallets in our pockets (or at home) and merely tap our phone on a reader to buy a cup of coffee, groceries, or a new television at a physical point of sale.

While, 10 years ago, we might’ve struggled to imagine how bad actors might take advantage of consumers adding credit cards to their mobile devices, today we see fraudsters adding our cards to their cell phones by employing both social engineering attacks (to con us out of our one-time passcodes) and account takeover tactics.

With respect to social media driving higher scam rates, the channels where people are most exposed to fraud are the same ones where they also spend the most time. All our liking and posting and re-sharing and commenting and messaging, along with the popularity of online dating, have left us all massively exposed to all kinds of scams. Romance, crypto-investment (also known by its more vulgar synonym: “pig-butchering”), and job scams seem especially prevalent on social channels.

For banks, this has been realized by skyrocketing case volumes and higher servicing loads for these specific fraud types, threatening strained teams with ever more incidents to resolve. It’s a vicious cycle that banks are now starting to spin up resources around, creating more sophisticated teams focused on what we now call “breaking the spell” of scams. They are investing in new sophisticated tools such as behavioral intelligence to identify possible scam activity and in some regions, such as Australia, have begun collaborating together in real time to apply targeted friction on transactions showing the hallmarks of a scam.

Are banks relying more on real-time behavioral biometrics, device fingerprinting, or network intelligence to detect fraud attempts, especially in mobile and digital banking channels?

Behavioral, device, and network intelligence have become critical tools for financial institutions to effectively fight fraud in this new environment. All have yielded massive benefits, creating necessary new vantage points from where we can acquire novel data points, apply additional analytics to those datapoints, and identify new detection opportunities. The added precision this gives financial institutions when applying controls both improves detection rates and reduces the strain on fraud-prevention teams.

Are you seeing a shift from rules-based systems to risk-scoring engines or graph-based anomaly detection in scam prevention?

Rules are great and necessary and will remain a massive tactical control advantage once an emerging pattern is identified (specifically as a rapid response measure), but nothing beats the newest modeling capabilities at identifying those emerging patterns. As such, models are the best first line of defense for most institutions, accounting for roughly two-thirds to three-fourths of detected fraud. Leveraging a fine-tuned model allows banks to cast a wider net and optimize their alert, false positive, and capture rates. Rule-based systems can then pick up the remainder of fraud, elevating capture rates and making the institution an unattractive target for fraudsters.

Graphical analysis tools can be terrific at creating uplift and identification of cells or clusters of bad actors, but this tends to be more manually intensive. This is where so-called threat-hunting tends to live. It’s a tried-and-true method and helps to reduce residual risk, especially for both boarded accounts and those that are dormant, or “sleepers”, awaiting deployment. The latest tools are quite advanced here, feeding results back to the model, thus creating a virtuous circle of protection.

Can you speak to any recent improvements in scam playbook simulations or red teaming for scam detection systems?

The scams playbook is emerging as a realized critical element in terms of creating and identifying exposure, and it is one of the things that will inform strategy well in advance of an attack. Borrowing from CyberSec Ops, finding the right pathways to identify gaps or weaker controls that allow for scams to proliferate can inform where additional controls or increased friction ought to be applied.

Right now, financial institutions utilize this approach among their internal teams somewhat sparingly. External vendors specializing in these activities can often better identify softer targets and areas of vulnerability. These services can also be helpful in determining the appropriate control to cover an identified gap in coverage.

If you had to prioritize one investment area for advancing scam detection over the next 12 months, what would it be, and why?

In building my own technology roadmap when I ran a leading financial institution, I found behavioral intelligence to be a must-have in my tech stack. Integration of behavior-based defenses into enterprise fraud management systems, ensuring they collected device- and network-intelligence feeds, was a game-changing outcome. It gave us the right defensive posture, allowed us to meet emerging threats, left us agile in our application of novel controls where necessary, and was the key to our rebound from crisis to stability. Without behavioral controls, we would have been continued struggle.