Cyber warfare in payments gets intelligent

Developments in AI have helped financial services defend themselves

By Michael McCaw | 23 May 2018

Artificial intelligence has come on leaps and bounds in the past few years, with big data and cyber security adding much to financial service firms’ means of protection.

Here, bobsguide speaks with Nezar Nassr, technical product manager and Nasser Sweileh, head of financial crime and compliance risk, product development management, of financial crime and payments firm Eastnets, to learn more about the developments.

Bobsguide: How have payments systems grown to become such a target by cyber criminals?

Nassr: In the past banks and financial institutions used to physically isolate their servers but now with access through the internet and ebanking, banks servers are now exposed, creating the risk that these resources will be targeted by illegitimate sources.

How sophisticated are cyber criminals and why do financial services struggle with them?

Nassr: They’re incredibly intelligent. They are always inventing new ways to access the environment so banks are always trying to secure themselves using more firewalls and more security in place. Financial service firms cannot protect themselves 100% because it can be very resource heavy to keep on top of these things.

Why has artificial intelligence become recognised as a useful tool for preventing payment fraud?

Nassr: In fraud generally, banks and financial institutions used to apply the rule-based approach. Here you write a rule – for example: if my client is doing something, it is suspicious in terms of money laundering or in terms of fraud. If you’re in the UK and you lift money from an ATM at 9am and shortly after do the same in Australia it is breaking a rule. These rules are an application of a known thing, so you have to know in advance what a suspicious behaviour is in order to apply the rule. But with big data, we learnt that the rule based approach wasn’t enough to protect banks against financial crime so many started to think about artificial intelligence, with which you can find known unknowns in your data. So you can go into your data and find new patterns that you wouldn’t have been aware of. Another thing you can find certain kinds of patterns for fraud and the risk from one financial institution is different for another. When you write rules the rule is applied everywhere. So a rule is applied but it doesn’t really project the behaviour that might happen at one financial institution but it works for another one.

With artificial intelligence it works a different way. We go into the data and we learn what is usual and what is odd.

Sweileh: The power from this is that these fraudsters are intelligent, and always come up with new things. So no matter how good we are putting firewalls in place we’re talking about internal controls using technology – these guys are always trying to create something new to breach them. In the rule-based system we were reactive, and we needed to become proactive in finding what is an inappropriate behaviour and build around that. With AI we are proactive, by learning from normal behaviours of what the customer is doing. Considering everything that might be considered abnormal behaviour – we can find this out by looking at historical data. The system has already learnt it.

Surely fraudsters could adopt AI?

Nassr: That’s the beauty of AI. It’s very difficult for fraudsters to use it because if you want to use it, you need data, you need history – and the fraudsters don’t have that. The bank has the data on previous transactions, and they can learn patterns.

And what about fraud across borders?

Nassr: Last year in particular there was a number of incidents of fraud affecting specifically the Swift payment network. After that Swift put in place new security systems. They now have 27 security controls – some of these are advisory, some mandatory. These are preventive, but if you have a crime you need to protect, and these security controls are working on the first layer, which is prevention. Fraud detection solutions like ours works on the second defence layer – detection. If it happens, we detect it.

Nezar and Nasser will be discussing more on cross border payments fraud and artificial intelligence in a bobsguide webinar on May 29. Click here to register and find out more.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development