Minimising fraud is still about the basics, even with latest technologies
by Jack Large
In the current fraud boom, although there have been unprecedented fraud rate levels in many factors during the COVID-19 pandemic, the biggest danger is still your own staff and contractors. But, as Feedzai point out in their really useful webinar “The 4 key elements of digital trust”, there are many other aspects required to provide banks (and others) with the ability “to trust the customer” or the other party.
How banks control fraud
Feedzai begins by stressing that banks need to recognise that “Each digital interaction is a fraud opportunity” and then they need to check in detail:
- The identity of the person/company
- Use a combination of multi-factor authentications, face verification, fingerprint scans, one-time passwords, etc.
- That the other person is behaving as you would expect:
- Login routine, etc.
- The device being used is as expected
- E.g. still the same terminal or phone
- The input rhythms of the other party are ‘normal’/same as before in normal legal transactions
- People have a typically unique typing rhythm, so check if it is similar or ‘suspiciously’ different.
These detailed processes need to be carried out almost instantly, so the bank customer is not delayed in carrying out the transaction which requires huge databases and fraud control systems, such as Feedzai provide. But there are lessons for the corporate treasury department.
Lessons for how corporate treasury departments could control fraud
The lessons for corporate treasury from the Feedzai example and services are:
- Regard each interaction with the world outside the corporate treasury department as “a fraud opportunity”
- The ID of the person/other party: use a dynamic combination of different technologies and processes to check they really are who they claim to be
- Each time: is their behaviour and processes as you normally expect?
- Are they using the normal, expected device, and, if not, is there a fully checkable, acceptable reason?
- Are their Input rhythms normal/as expected? If not, then the operator could be a different person, a fraudster.
CTMfile take: The important lesson is to focus on the basics, e.g. is it really the person they say they are? But do many corporate treasury departments really have the technology to carry these basics out? Could your system suppliers provide any of these essential processes?
Like this item? Get our Weekly Update newsletter. Subscribe today