Page 16

SIBOS: AI, DATA & SECURITY BAE Systems helps banks hand repetitive work to robots and automates as much of the process as possible to free up employees. Machine learning, AI and robotic process automation, it says, have much to bring to the table, and successful organisations will be those that combine human and machine intelligence. AI can play an important role in routine cybersecurity functions, such as filtering out phishing emails, which are difficult for people to spot. “So, one of the things we can do, specifically around social engineering and machine learning, is, rather than looking at binary scenario rules, which are effectively saying ‘what are you doing and is this you?’, we can look at many more data points, that analyse other similar behaviours to that which have previously resulted in, say, a social engineering fraud. “It becomes less reliant on understanding if you are you and rather asks ‘what is your behaviour and what does your behaviour look like against a selection of other behaviours that we’ve observed among other customers?’. We can identify examples of manipulation/social engineering by looking at patterns of behaviour, rather than at individual, linear behaviours. But that’s just one of the things that we’re doing with AI,” says Evans. “We’re also looking to become more efficient in terms of how we manage fraud. It’s not just about identifying fraud, it’s about how you manage the experience around that by dynamically looking at things like the customer interaction, to step up authentication, increase the journey where it’s riskier and decrease it where it’s not. “I often say that the most important thing in a fraud system is not actually detecting fraud, which sounds pretty strange, but it’s telling you, with confidence, when it’s not fraud – because if you know it’s not fraud, you can build a whole number of customer journeys into the equation and give the optimal customer experience, and you can allow that customer to have a really satisfactory view of your bank.”

A cross-industry response Banks that future-proof their compliance and fraud teams represent a moving target to single bad actors and criminal enterprises, but there is also a strong argument for active and early co-operation with competitors, regulators and law enforcement. Merely responding to threats isn’t enough. Banks prevented two-thirds of fraud attempts in 2018, according to trade body UK Finance, but a lack of support from authorities is making the job harder, believes Evans. “There isn’t really a deterrent to fraud,” he says. “But if someone has successfully stolen the money, then the police can

The most important thing is not actually catching fraud, which sounds pretty strange, but it’s telling you, with confidence, when it’s not fraud


TheFintechMagazine | Issue 13

prosecute. So how do we work with law enforcement to get better at going after attempted fraud? We need to tackle the r oot cause and take out the mule accounts.” A recent report from Her Majesty’s Inspectorate of Constabulary and Fire & Rescue Services in the UK revealed that one police force filed 96 per cent of well-evidenced fraud reports without further investigation. “Within BAE, we’ve got something called the intelligence network, which is almost a kind of social experiment where we are trying to create thought leadership pieces in conjunction with financial services authorities to tackle subjects like cyberfraud,” says Evans. “Rather than put the onus on the banks, independently, or on the vendors, to come up with a technological solution, we’re

saying how do we collectively, as an industry, work towards solving the problem? How do we tackle this?’. “The BAE intelligence network helps in that task by running workshops, sharing thought leadership pieces, videos, etc. I think that, in many ways, the industry getting together to solve problems is probably a stronger solution than saying we just need to educate our customers, and putting a help page on a website.” Clearly, new technology like AI must be part of the industry’s arsenal in responding to and deflecting fraud, but banks must also look at, and be prepared for, who else is using it. If financial institutions

No silver bullet: Countering fraud relies on a number of things

see its benefits, so too will the ‘bad guys’. In March this year, cybercriminals used AI and voice technology to impersonate a UK business owner, resulting in the fraudulent transfer of $243,000 (£201,000), according to a report in the Wall Street Journal. An unknown hacker group is said to have exploited AI-powered software to mimic the individual’s voice to fool his subordinate, the CEO of a UK-based energy subsidiary. The hackers were then able to convince the CEO to carry out transactions in the guise of urgent funds destined for its German parent company. This kind of attack could be a sign of things to come, according to some cybersecurity specialists, who expect to see a huge rise in machine-learned cybercrimes, raising the question: will protection of our funds and personal security ultimately come down to who has the smartest robot? BAE Systems will be revealing its latest version of NetReveal at Sibos 2019. Two years in the making, it will help financial services out-think the bad guys… for now.


Fintech Finance presents: The Fintech Magazine Issue 13  

Fintech Finance presents: The Fintech Magazine Issue 13

Fintech Finance presents: The Fintech Magazine Issue 13  

Fintech Finance presents: The Fintech Magazine Issue 13