Fraud’s most wanted and the private AI

But banks and financial crime will ‘always be in tension’, says Harris

A growing ecosystem of super-criminals, middlemen and hackers, combined with the chaos and digital upheaval of a pandemic, has put Cloud-based fraud prevention top of the agenda, says Richard Harris, EVP for Global Sales at risk management platform Feedzai

If you received any dodgy-looking emails from your boss or a colleague, demanding urgent action, you were not alone. Impersonation scams sky-rocketed by 600 per cent as criminals preyed upon people working from home.

According to research by Scamadvisor. com, these shady characters hoovered up a staggering €36billion and counting over 2020, with 140 million scams reported across 30 countries. It’s estimated that three per cent of the global population got stung in one way or another, from straightforward identity theft to fake lotharios conning victims out of money through online dating. But sadly, due to the embarrassing nature of scams, a meagre seven per cent got reported, and the lack of a centralised reporting system in most countries means even less action is taken. So, the problem is probably much bigger than we even realise.

Everyone from the regulators to the anxious business manager is pulling their hair out, trying to limit exposure to these revenue-draining tricks.

Cyber-criminals are not just limited to using the internet as a vector, either. Computer programmes with menacing automated voices are now calling business owners and threatening them with fake prison sentences for unpaid tax. Algorithms are also being used to detect vulnerable people, who criminals manipulate into handing over their pensions. Around eight million people were targeted by pension fraudsters in 2020, a 45 per cent increase on the year before. And, sadly, more than £54million in pensions has already been reported lost – with much more expected to follow.

“This is organised crime on a massive scale,” observes Richard Harris, EVP for global sales for fraud detection platform Feedzai. “This isn’t a matter of a few people misusing a card to buy a bit of extra stuff. These are large criminal enterprises making huge amounts of money.”

Security systems are surrounded by droves of marauding amateurs, hacking away day and night; it’s a constant shark frenzy. But the serious villains are facilitated by the dark web.

“There are now businesses on the dark web that monetise the ability to carry out attacks,” says Harris. “Fraud’s a gold rush, so people are going to sell shovels. You’ve middlemen in the criminal underworld making and selling attack

kits – and the data obviously is a commodity in that space as well”.

Harris describes digital fraud as an arms race: “The speed of that race is critical and you’ve got to be able to respond very quickly,” he tells financial institutions. Constant innovation is needed, which leads in a straight line to Feedzai, one of the secret agents of the banking world.

As scams and hacks surged during the pandemic, firms like this have had to innovate and re-innovate faster than ever to keep up with escalating levels of crime. Feedzai has been particularly effective and, as you might expect, its value has swelled. In March 2021, the firm officially joined the unicorn club.

Some 800 million people – including half the population of Canada, according to Harris – benefit from the protection of Feedzai, although they know little about it. It works with four of the five largest banks in North America and 80 per cent of the world’s Fortune 500 companies. The huge changes in those consumers’ behaviour during the pandemic, and how cyber-criminals tracked them, was graphically illustrated in its Q1 2021 Financial Crime Report. In just three months, its customer traffic monitoring saw, for example, a 178 per cent increase in attempted fraud related to digital media services (Feedzai claims to monitor and protect 60 per cent of global music streaming subscriptions), a consequence of the world turning to online entertainment in 2020, as every other form dried up. It also revealed that 70 per cent of fraud was driven by card-not-present transactions, while card-present attacks dropped by 48 per cent – despite the latter type of transaction falling by only 20 per cent. “During the pandemic, certain products were more in demand, with people working from home, while others weren’t, so it was a case of managing the risk in a targeted way, and we did that well,” says Harris. Feedzai also noted a rise in transfer scams, including account takeover, impersonation, purchase, investment and romance fraud, as people’s exposure to the internet rose and their defences were lowered. And the report warned that another deception was on a worrying rise: the targeted recruitment During the pandemic, certain types of product were more in demand, with people working from home, while others weren’t, so it was a case of managing the risk in a targeted way, and we did that well

of ‘money mules’ in order to launder funds through their legitimate accounts – a crime always related to bigger and often deadlier activities, which often leaves the unwitting victim blacklisted by banks.

Fraudsters were clearly following the money online in 2020 – but it wasn’t just consumers and private organisations that suffered. One of the biggest pandemic honeypots was government-backed support schemes to get people and businesses through the crisis. The true scale of the fraud involved will only become clear in the post-pandemic washdown.

“A lot of stimulus went into direct payments to businesses and there’s concern that not all of that was handed out in a way that was managed well,” says Harris. “Obviously, it was distributed quickly, but was AI or machine learning even used to decide who got those payments? I suspect, in a lot of cases, it wasn’t. If those things weren’t managed well, a huge amount of money will have gone into the wrong hands, because such schemes were absolutely going to be attacked by fraudsters looking for that kind of opportunity.”

As Harris indicates, the first line of defence for Feedzai is its proprietary AI.

“We protect billions of transactions every day,” he says. “AI has been the cornerstone for allowing us to do that. You can’t cover that quantity of data as accurately as we do without machine learning and AI. That’s been the catalyst for scaling this business.”

Feedzai’s patent-protected machine learning AI takes just three milliseconds – the time for a housefly to flap its wing – to analyse and reach a conclusion on whether to approve, reject or review a transaction. Importantly, it also gives insight into those decisions to help others with future fraud management and detection. That data, shared across the Feedzai ecosystem, improves fraud management at all banks – and,thanks to Feedzai Solutions, a plug-and-play API package for much smaller businesses, they can benefit from that intel, too. It really is a case of ‘we’re all in this together’ when it comes to fraud.

“Financial crime and banking are always in tension,” says Harris. “As famous 1950s bank robber, Slick Willie, said: ‘That’s where the money is.’ Whatever banks do, criminals and money launderers will try to find a way around it. To stay ahead of them, firms need to continue pushing the boundaries of innovation. They’re never going to solve this problem. They just have to keep investing in it.

“As a bank, it’s very difficult to do that with your own technology team. That’s where we – and other companies in this space – come in, who specialise in solving such problems. You have to keep bringing innovation to the table. We’ve filed more than 12 patents this year for AI practices for detecting money laundering and fraud.”

The huge rise of virtual working and online scams over the past year has sparked a wave of new customers for firms like Feedzai.

“Everybody realised that we’re going to be using a virtual environment, for the foreseeable future,” says Harris. “This has accelerated investment in that space, and banks are now shifting to the Cloud quicker than they were 12 months ago”.

In 2020, the cyber-security industry grew to be worth at least $167.13billion, up from $112.01billion in 2019, as more and more businesses started investing heavily in cyber-security. Major banks and financial services were among them. But Cloud has been the technology that opened the door to a new kind of client.

“It’s not just the big banks that can benefit. Suddenly, everyone can because we’re operating in the Cloud,” says Harris.

Feedzai Solutions is made powerful by the collective use of a Cloud-held repository of decision-making data. When a business or bank ‘plugs in’ to the Cloud, its transactions become part of the shared consciousness, contributing to and benefitting from an enhanced level of intelligence and security. This means that even the smallest challenger bank can receive the same level of fraud detection and, ultimately protection, as the largest institution on Wall Street or Canary Wharf.

“With a fully Cloud-based approach, you have all that data from across the network,” says Harris. “A community bank can plug in and take advantage of machine learning capabilities straightaway. We just went live with a big US challenger bank and had them up and running in just six weeks.

“Five years ago, machine learning was the preserve of the Tier 1 banks,” continues Harris. “They were the ones investing in it. Now, everybody wants it, but it’s a question of having the capability to manage it. Embedding machine learning into operations is the hard thing. Even when you’re a Tier 1 bank, with 150 people in your data science team, transferring that capability into a live environment is often difficult. We built our business and reputation on helping the big banks build this capability very quickly. But smaller, challenger and community banks, B2B lenders and peer-to-peer payment providers don’t have teams of 100 data scientists. To support them, we built Feedzai Solutions. It allows them to plug into an API and get out-of-the-box machine learning, ready to use on a live channel.

“Machine learning is fundamentally about maths and statistics and, for that, you need a certain level of data. But, once you are taking a fully Cloud-based approach, as we are, a

small player can tap into the network effect of the intelligence we are seeing. So, suddenly, it doesn’t become the preserve of big banks, who’ve got big data. Suddenly, everyone can benefit.”

The growth of Cloud-based cyber-security is absolutely necessary, as criminals develop increasingly sophisticated attack tools. But, at client level, Harris’ best fraud prevention advice has nothing to do with super robots. It is simply: “Getting your risk team involved at the very beginning, because it could save you a huge amount of pain later.”

He reaches for a personal example to illustrate the point.

“I used to be a customer with a big bank and I got a call one day some time after I’d left it, saying that I owed money on a credit card and they wanted me to pass security. I told them I didn’t have a credit card with them so it was probably a fraud; I wouldn’t be able to validate the account because I didn’t set it up. I gave them the information and, sure enough, they couldn’t validate me, but still demanded I pay the bill. I knew the head off fraud operations at this bank… without their intervention, I don’t know how I would’ve solved the issue because it turned out someone had stolen my identity. I hadn’t had an account with this bank in 10 years, but they’d sent a letter to my old house, giving me a free credit card to get me back on board. Someone who was renting the house had just signed the card and gone around spending with it and, of course, the bill had traced back to me.

“So, this whole thing was the result of

a marketing campaign. And this is often what we see. There’s a disconnect within an organisation, where one department goes ‘let’s do this…’ and no one’s spoken to the fraud team about it,” says Harris.

“People who go into fighting financial crime and fraud tend to be very passionate individuals. Fundmentally, they're driven by fairness, transparency, accountability and ethics,” says Harris. “So, usually, that team will do a great job, if they’re involved. The big risks tend to come when an initiative happens within a bank and they’re not involved at the beginning and given an opportunity to say ‘hey, you know what’s going to happen if you do that?’. When there’s no communication, things go badly wrong. So, if you’re going to launch new products, attack new customer bases or go into a new region, I cannot stress enough that it’s best to get your risk team involved.”

With a risk-first company mindset and an AI super agent, like Feedzai, on your side, fraudsters will have ‘to get used to not being bullet proof’ – as that very analogue private eye Philip Marlowe would say.