The digital age has brought with it an unparalleled opportunity for progress, greater connectivity and efficiency. However, where there is opportunity there is also criminality. Fraud has become truly globalised, with the internet serving as its most lucrative vector.
While a great deal of fraud is still committed by opportunistic lone operators, there is a growing contingent of organised, well-resourced outfits able to use the latest technologies to scam their victims. Indeed, between 31 per cent and 45 per cent of UK frauds are linked to organised crime groups (OCGs). The end goal is the same, but the methods are changing and the authorities are struggling to keep up.
Customers are demanding digital channels through which they can access their favourite brands and financial services. Yet in racing to deliver the most competitive customer experience, companies can’t underestimate the danger presented by organised fraud. As companies digitise, they often leave more openings for today’s tech-savvy criminal gangs to exploit. Organisations must ensure they have both the culture and infrastructure in place to detect fraudulent activity and put a stop to it.
Turning a blind eye
- Why fraud detection needs a reboot (opens in new tab)
An OCG’s sole concern is to avoid detection, and they are using increasingly sophisticated tools to do it. The best-resourced fraud groups – often linked to state actors or terrorist cells – are able to leverage technologies like artificial intelligence (AI) to bypass even the most ‘secure’ defences.
Digital delivers greater immediacy and convenience, but it also places an added barrier of anonymity between customer and brand. Fraudsters can exploit this digital barrier using natural language processing to impersonate their targets and gain access to their accounts. In this way, a fraudster could withdraw money from your bank account with only a few recorded clips of your voice.
When a group is able to leverage technology alongside knowledge and expertise, the threat is even more dangerous. The larger and more established an OCG is, the more experience it can draw from. Many organisations, particularly in the financial sector, use simple rules and thresholds to automatically isolate and shut down suspicious activity. An experienced team of fraudsters will know these rules and can easily train AI-powered bots to undermine them.
For example, many banks set a maximum threshold on the amount of money you are allowed to transfer between accounts to combat illegal money laundering. However, experienced criminals with knowledge of these rules can use their tools to subvert them. In a process known as ‘smurfing’, fraudsters can use bots to transfer the full amount in tiny, innocuous increments. By automating the process, they can complete the transaction as quickly as if they’d made a single transaction.
By its nature, fraud is deceptive. Dedicated anti-fraud teams will catch many instances of fraud while rules-based detection systems generate countless alerts. Yet without the right tools, the majority will fly under the radar. Much like an iceberg, many organisations can only see what is above the surface. They need a new approach to find what lies beneath.
Fight fire with fire
- Understanding the art of phishing (opens in new tab)
Ultimately, the greatest advantage criminal groups have over companies is agility. Even the youngest, most disruptive organisations have processes, rules and regulations they must abide by. OCGs have no such restrictions. So long as they remain undetected, fraudsters can adopt new techniques and technologies faster than the market.
To combat this new wave of tech-accelerated fraud, organisations should be willing to learn from the enemy. The best defence against an agile opponent is to become agile; to fight experienced fraudsters with advanced tools, you need experienced investigators supported by advanced analytics.
The first step is to break down the data silos that exist in your organisation. Fundamentally, investigators need data to search for fraud. Yet, foul play goes undetected in the cracks between silos where most solutions can’t reach. It thrives because most fraud teams lack complete visibility into operations. By connecting all your data sources under a single platform, it will be much easier for investigators and detection systems to spot malicious activity.
Organisations should also reassess the process by which they search for fraud. The sheer scale and complexity of the global financial system makes detecting organised fraud a herculean effort. There are so many data points that, often, the only thing linking thousands of disparate, fraudulent transactions together is the account they are filtering money to. This information will be lost to a human using rules-based detection tools, but it will be a red flag to AI.
Through a process known as ‘fuzzy matching’ an AI solution can connect seemingly unrelated actions to a single fraudulent entity. Through machine learning the solution is trained to recognise known behaviours – such as numerous transactions being made to the same account within seconds of each other – and flag it to the team. The intention isn’t to replace the investigator but to augment their search capabilities. In the same way fraudsters exploit AI to obscure their activities, investigators can use it to uncover them.
Finally, you’ll need the culture and workforce able to utilise these tools to the fullest. Anti-fraud teams are typically made up of ex-police and criminal investigators from a range of sectors. They have the experience and understanding of OCGs to anticipate how they’ll act and will know where to look when others don’t. Yet this is only part of the solution. You also need people on your team who know the technology, how it works, and the finer mechanics that could be exploited to avoid detection. This talent is supplied by data scientists, whether hired or closely collaborated with.
Fraud is evolving fast, so companies must evolve to keep ahead of it. The present threat is largely hidden by sophisticated technologies and techniques. For every fraud foiled, there are many more that evade detection. To fight fraud at the source, organisations need to boost their analytics arsenal with AI solutions that can spot the links that investigators can’t see.
Fraudsters win because they don’t fight fair, but by pairing the experience of your investigation team with the power of AI you will give them no place to hide.
- Business email compromise phishing scams on the rise (opens in new tab)
Georgios Kapetanvasileiou, Analytics Consultant, SAS (opens in new tab)