You might be surprised by the level of sophistication and organization of today’s bank thieves. Rather than holding up a branch, today’s robbers use resources purchased on the dark web, the internet’s underbelly, to hack accounts and drain them with fraudulent charges.

“I’m not sure the industry is staying a step ahead,” says Kurt Long, the founder and CEO of data protection firm FairWarning. “It’s an arms race.” However, banks aren’t helpless in the face of these thieves, and they are continually working to improve their systems to detect and deter fraud.

People-centric systems pose new challenges. In the days before cloud applications, it was easier to protect data. A firewall or similar system could be adequate to keep information safe from most threats. Today, it’s different. “It’s not as easy as putting a ringed fence around the data,” Long says.

That’s because millions of people are now accessing data from the cloud. Not only does a system have to keep its information safe from outside attack, but it also has to ensure all those people using it are who they say they are. These people-centric systems pose a special challenge for financial institutions. “You’ve got to have a multi-layer approach,” says Vince Liuzzi, chief banking officer at DNB First. As a result, banks are combining machine learning and automation with old-fashioned customer contact to identify and address potential fraud.

Algorithms and AI working together. The earliest automated fraud detection systems relied on algorithms to identify potential problems. “Algorithms are sets of rules,” explains Salvatore LaScala, AML practice leader and managing director for consulting firm Navigant. If a rule is broken – say a larger than normal purchase is made – the algorithm triggers a follow-up action such as a text message or phone call to the customer. “It’s trying to see if I’m actually in Dubai doing something,” LaScala says.

Read More