Real-Time Forensics: How to Outpace Criminals in the Cyber Arms Race

“I am convinced that there are only two types of companies: those that have been hacked and those that will be. Even they are converging into one category: companies that have been hacked and will be hacked again,” is the stark observation of the former Director of the FBI. Below Parth Desai, CEO at Pelican, delves into the strategies businesses can use to outsmart the criminals doing the hacking.

The UK’s National Crime Agency warns of a cyber technology arms race where “criminal cyber capability currently outpaces the collective response to cybercrime”, observing that global financial networks face criminals that are “sophisticated, use advanced tools and technologies and invest heavily in their fraudulent activities.”

The disruption caused by payments fraud, especially high value wire transfers, is well documented and widely reported, and demonstrates the increasing focus of highly sophisticated criminal entities on the global financial payments system. It is therefore essential that organisations urgently reassess their existing cybercrime defence strategies and deploy equally comprehensive solutions to ensure they stay one step ahead of the criminals.

Identifying the threats

Recently reported cases seemingly confirm the common perception of payments fraud – that of external hackers utilizing malware to circumvent the local security systems of a single bank, thereby gaining access to their payments messaging network to send ‘fraudulent’ messages to initiate fund transfers. Yet, this is not the complete picture.

In a recent survey, the Association of Certified Fraud Examiners (ACFE) reveals that 78% of overall fraud losses stem from actions committed internally by employees. Fraud counter-measures that only guard against ‘external’ intrusion provide no protection from unauthorized activity from within an organisation, and therefore the majority of threats. In addition, no matter how advanced a hacking prevention or intrusion protection system – including ones deploying the growing number of biometric authenticators of iris, facial, voice, or fingerprint recognition – leading experts are advising that these have, and always will, eventually be compromised and broken.

Real-time forensics

The numerous recent cases of high-value payments fraud, however different in origin, commonly exploit the traditional readiness of banks to approve ‘authenticated’ messages at face value – without a requirement to conduct the additional checks that would be considered best practice outside a secure and closed network.

This highlights the necessity of going beyond standard authentication of wire transfers to counter criminals targeting financial payments. This can be considerably challenging in today’s environment of high expectations to reduce payments processing times.

One powerful and comprehensive weapon in any defensive arsenal, is the deployment of pattern detection and anomaly alerting capabilities on the actual message flows into and out of a bank – the kind of functionality that offers ‘real-time forensics’ screening to detect, and prevent, fraud before it has taken place.

The deployment of machine learning and other Artificial Intelligence disciplines are proven and powerful in providing this real-time forensic capability, offering tools that payments participants can deploy to provide secondary validation by analysing the small pieces of information within transactions and detecting unusual behaviour. On the surface, a fraudulent payment tends to look normal, but by its very fraudulent nature, contain micro-anomalous data – this could simply be the time of day it was initiated, or in aggregate with other payments, show a transaction volume or amount deviation.

Machine learning AI disciplines are not dependent upon static configuration and can reason over large data sets to adjust and learn, significantly enhancing the fraud detection capabilities of human operators. They can build up clusters over time of ‘normal’ flows and customer/counterparty behaviour, then detect and alert outliers from these patterns. As fraud attacks evolve, through machine learning, so too does the fraud prevention system.

Natural Language Processing disciplines can also be utilised to convert unstructured narrative fields into structured information, delivering the ability to identify parties and purpose and to perform profiling analysis.

A race banks can win

The adoption of such technology can provide a robust and reliable approach to secondary payment validation, working in real time to ensure the many millions of valid messages sent each day across financial networks are not interrupted, while ensuring the continued security of global financial infrastructures.

The wave of payments fraud that continues to sweep the globe shows no signs of receding; just as payment processing becomes faster, so too are the cyber attackers moving quickly to find new ways to compromise sensitive data and transactions. Criminal gangs will continue to invest in new ways and new technologies to commit fraud, but with swift action and armed with the right AI tools, the payments community can seize the advantage and keep one step ahead of the fraudsters.

Leave A Reply