What is fraud monitoring?
Fraud monitoring is the core of a modern fraud prevention strategy. Continuous fraud monitoring is the process of constantly monitoring all actions on a bank account – not just the initial login and ensuing financial transactions such as payments and funds transfers. Continuous fraud monitoring looks at all actions and events, whether they are monetary or non-monetary. This includes things like changes to an account owner’s profile, adding a beneficiary or payee, and device registrations.
When monitoring for suspicious activity, an anti-fraud system must analyze vast amounts of data, events, and their context in a continuous way to spot anomalies in user behavior patterns. It’s an approach that allows financial institutions to respond in real time to the risk of a threat and stop a fraud attack. Continuous fraud monitoring looks at and analyzes the data related to online and mobile banking sessions, devices, IP addresses, behavior, and all the events that users perform – as they occur – to determine the level of risk.
Terminology
As mentioned above, fraud monitoring is an essential part of a financial institution’s online fraud detection and prevention program. When fraud analysts, fraud managers, and other professionals fighting financial cybercrime use terms such as “continuous transaction monitoring” and “continuous session monitoring,” what do they mean? These are sometimes used as synonyms, but there are differences.
Continuous transaction monitoring considers all user actions – monetary and non-monetary, sensitive and non-sensitive – from the login attempt to the transaction. As part of this continuous monitoring, the anti-fraud system looks at actions and events like making changes to an account owner’s profile, adding a new beneficiary or payee, and registering a new device. The fraud prevention system also looks at the attempt and the outcome, either successful or failed. This builds a historical profile for each user action before, during and after the action takes place. Having such a detailed historical profile helps the system identify anomalies (behaviors inconsistent with the account owner’s typical banking behavior) that indicate fraud may be occurring.
The second reason a fraud prevention system should perform continuous transaction monitoring is to detect fraud patterns. For example, a simple pattern indicative of account takeover would be:
- Check balance
- Add a new payee or beneficiary
- Send the maximum allowed transfer
- Refresh & check the balance
- Transfer any outstanding funds in the account
A fraud prevention system that uses continuous transaction monitoring will be able to detect account takeover, malware attacks, and other types of cyberfraud - and intervene to stop it.
Continuous session monitoring is similar, but the monitoring only applies to the banking session. Continuous session monitoring analyzes all events within a banking session and tracks how the behavior of the user or the device has changed within the session to determine, for example, if there’s an indication of the session being taken over by an attacker (i.e., session hijacking).
Continuous session monitoring is done across channels and devices to identify potential risks. For example, if the banking session started on a PC but was authenticated with a mobile device. Or, if the user initiates a payment from one country and authenticates it in another, the bank can help prevent fraud by forcing authentication with the device that was used to initiate the session.
How continuous, risk-based monitoring detects fraud
Continuous fraud monitoring helps detect fraud in online and mobile banking because of its ability to keep watch on all events as they happen in real time. From the moment someone lands on a webpage, continuous fraud monitoring enables behavioral understanding as it identifies a user’s normal online journey and interactions with their bank accounts and devices.
Unlike many legacy anti-fraud systems, a solution that relies on continuous fraud monitoring tracks more than just the login and the transaction. As the behavior of the user becomes known, new behavior can be identified that might indicate an attacker or a bot. Typical indicators of attacks, such as new or known nefarious devices, cookies, bots, beneficiaries or others, can be identified in real-time. This approach establishes a continuous risk profile, which can change with each action undertaken by the end-user or their device. Not only does this allow the financial institution to take real-time action when anomalies are detected, it also allows the bank to reduce friction for legitimate sessions by decreasing the number of authentications required for legitimate user interactions. This in turn diminishes the possibility of an attack and losses, as well as enhancing the user’s experience.
The role of machine learning in online fraud detection and prevention
Machine learning is a type of artificial intelligence (AI). Unlike humans, it can analyze incredibly large volumes of data in real time. Machine learning then can be used to contrast the normal behavior of the user against suspicious behavior, such as the behavior of a bot or attacker. When suspicious behavior is detected, financial institutions can request additional authentication from the user to be sure it really is the legitimate customer. If they can pass the security measures and authenticate successfully, they can proceed. If they cannot, the action or transaction is stopped with online fraud detection.
Machine learning algorithms can spot emerging attack scenarios due to their strength in detecting anomalies. This is something a rules-only system cannot achieve because rules are designed to spot known fraud attacks only. This is why rule libraries are so lengthy, as a new fraud attack is identified, a rule is built and added, driving the need to maintain hundreds or even thousands of individual rules.
Prepare for the unexpected instead of creating more rules
Most online fraud detection and prevention systems used by banks rely on fraud rules. In fraud prevention, machine learning works to supplement the role of the rules engine. The advantage of using machine learning is that it helps banks identify new or emerging types of fraud. Detecting anomalies to spot new and emerging attack patterns is a known strength of artificial intelligence or machine learning algorithms.
How fraud monitoring benefits the customer experience
The customer benefits from an easier, more convenient experience with their financial institution because online fraud detection is taking place in the background. It doesn’t interrupt the user experience unless necessary. From the customer’s perspective, transactions should be as frictionless as possible. Customers would prefer not to be bothered with authentication methods for low-risk transactions; however, the appropriate level of authentication will be introduced, if needed, to protect the user’s account. This seamless, frictionless experience working in the background helps build customer loyalty and trust.
What happens once fraud is detected
Once continuous fraud monitoring detects indicators of fraud, authentication security will increase, instead of rejecting or putting a financial transaction on hold for a manual review by a fraud analyst. For example, if a transaction is evaluated as suspicious, due to unusual timing, location of the user, or a significantly larger dollar amount than usual, the risk system will trigger a step-up authentication challenge. The authentication method used as part of the step-up challenge will match the risk level of the transaction. [Note: It is recommended to use stronger authentication than secret questions/answers or knowledge-based authentication (KBA). KBA refers to questions that a bank can ask to verify a user’s identity, while checking the answers with major credit bureaus such as Experian, Equifax, or Transunion. Because of the many large-scale data breaches, KBA is no longer considered a secure way to verify an identity.]
Continuous fraud monitoring constantly evaluates risk on a case-by-case basis and works in the background so as to not interrupt the customer experience unless necessary. When suspicious or unusual behavior is detected, the fraud system initiates an action, such as “Accept,” “Decline,” or “Block.” Users are only impacted when the decision engine determines that the level of risk for fraud justifies it.
How continuous fraud monitoring helps with regulatory compliance
Continuous fraud monitoring provides the ability to meet regulatory requirements. For example, in Europe, payment services and payment service providers must comply with Payments Services Directives (PSD2), which require mandatory transaction monitoring with a few exceptions, such as low-risk transactions. What is included in PSD2 is the monitoring of transactional risks, detection of fraud methods, and strong customer authentication (SCA). It provides a framework that enforces different risk-based authentication methods, protects mobile applications, and performs transaction data signing (also known as dynamic linking).
When monitoring transactions, payment service providers also are required under the regulations to provide a list of compromised or stolen authentication elements which must be updated regularly, such as IP address, device, email, credit card number, among others. As part of continuous fraud monitoring, machine-based learning determines the level of risk in a transaction to meet the compliance regulations. The user, device, and transaction data are scored to determine the risk associated with a transaction and a decision is made to take immediate action to either allow, review, or block the financial transaction.