This article first appeared in Digital Edge, The Edge Malaysia Weekly on June 26, 2023 - July 2, 2023
According to the Singapore Police Force (SPF), the volume of scam, fraud and cybercrime cases in the city state increased by more than 25% in 2022 compared to 2021. Scams specifically accounted for more than 94% of all reported cases and the category grew by more than 32%. In Malaysia, an investigation into an alleged significant data breach affecting more than 13 million individuals is underway.
The number of cyberattacks is growing and Asia-Pacific has reported more than any other region over the past year, with 39% of organisations having reported a security breach. Data breaches also aid criminals by flooding the underground with regular batches of personal and financial data for future targets and victims.
Despite hard-hitting tactical responses from the banks and regulators, scams continue to be a problem on the rise. Stronger forms of authentication are no longer a challenge for scammers and the education of consumers often just creates confusion and fear while eroding trust in traditional communication channels such as email and SMS.
So, what should banks be doing better to combat the continuing rise in scams in the region? And how do banks rebuild trust with their customers?
The tools that are solving some of these problems already exist and are being used by financial institutions worldwide. The real-time detection of a scam in progress is a reality and not a myth. The combination of four innovative yet practical capabilities has been proven to reduce the success of scammers. IP geolocation, device profiling, behavioural biometrics and machine learning risk engines, when combined, give fraud prevention teams unparalleled visibility of criminal scams and the fraudulent activity plaguing them.
IP geolocation: The mapping of an internet protocol (IP) address, it provides the ability to understand banking customers’ location and build a profile on where they normally conduct their digital banking from. This data can be leveraged to detect when a criminal who has stolen a customer’s login details is trying to access the account from an unusual network or new location.
Device profiling: This is the ability to know a banking customer’s commonly used digital devices, mobile phone or a local desktop computer, and build a profile of which devices the customer normally uses to complete banking activities. To detect potential fraud, this information can be used to determine whether an account has been compromised and is being accessed by an unauthorised party.
Behavioural biometrics: The analysis of patterns to understand how a bank customer physically and cognitively behaves in digital channels, this technology can be leveraged by banks to build a profile of what normal behaviour looks like and set up parameters for identifying potentially risky behaviour. By looking at how a person types on a keyboard, moves their mouse, taps on their mobile screen or swipes in an app, a bank can determine whether this is the genuine account owner acting normally or someone acting under duress of a scam.
Machine learning risk engines: This is essential for calculating the risk of a digital banking activity or session based on the thousands of data points being analysed using the aforesaid technologies. Without the help of machine learning risk engines, it is impossible for a human to decide on the IP geolocation, device profiling and behavioural biometrics data that need to be collected and analysed in real time. This real-time analysis helps banks stay ahead of criminals by taking a risk-based approach to their fraud strategy and ensuring that actionable intelligence is acted upon immediately and not just stored for retrospective investigations after the scam has succeeded.
Many banks will ask why they need all four layers for an effective defensive strategy against both legacy and emerging fraud and scam types. The answer is simple: Fraud is no longer a one- or two-dimension threat.
Criminals are hurting banks in the two places where they are the most vulnerable — their customers and communication channels. As customers receive a relentless tidal wave of scam messages through email, SMS and social media, trust is being eroded and consumers no longer have the confidence to distinguish between legitimate communications and scams.
Phishing scams, job scams, e-commerce scams, investment scams and fake friend call scams were the top five scam types in 2022, said the SPF, making up more than 82% of reported scams. A single-threaded approach to fraud or scam detection always has an area of weakness. Today, that weakness is being exploited by criminals with access to tools and technology that make phishing, remote access and device spoofing easy.
The only proven way to rebuild trust is to stop scammers before customers lose their money. Adding visibility and insights that provide actionable intelligence in real-time, thereby empowering banks to stop scams before they occur, is a strong strategy that addresses both scam numbers and eroded trust. If scams continue to rise, consumer confidence and trust will degrade.
Educating consumers through public awareness campaigns, collaborating with law enforcement to disrupt criminal operations and strengthening the infrastructure around SMS are all valuable strategies. However, they must be implemented in parallel with fraud controls that empower banks to prevent scams in real-time.
Richard Boot is vice-president of sales for Asia-Pacific at BioCatch, a cybersecurity company that delivers behavioural biometrics, analysing human-device interactions to protect users and data
Save by subscribing to us for your print and/or digital copy.
P/S: The Edge is also available on Apple's App Store and Android's Google Play.