Identity fraud was the number one method of fraud that affected businesses globally according to The Communications Fraud Control Association’s (CFCA) Fraud Loss Survey.
In banking, identity theft might involve employee or customer accounts being compromised or fabricated by fraudsters. Identity theft in payments and other retail banking functions can even become a jumping-off point for other illegal activities, such as money laundering.
AI solutions for identity theft protection might be something that banks will need to deploy. This is because incidents of fraud in recent times have become far more sophisticated. Fraudsters are deploying AI systems in an attempt to bypass traditional security firewalls, helping steam information such as social security numbers and credit card numbers.
The US House Financial Services Committee AI Task Force Chair, Bill Foster, seems to agree:
Artificial intelligence is making improving identity theft protections imperative. AI has become an increasingly popular tool for crooks to swipe assets and sensitive financial information from consumers.
In this article, we explore how AI can help banks prevent identity theft and what the current state of AI is for these applications using representative case-studies from vendors and use-cases. We will detail our analysis of how AI is being used for identity theft protection in banking by structuring the article in the following way:
- Key Insights – AI for ID Theft Protection
- Current AI Use Cases For ID Theft Protection
- Vendor Profile – Feedzai
- Challenges and Opportunities For AI In ID Theft Protection
We’ll begin our analysis with key insights from our report and Experian.
Key Insights – AI for ID Theft Protection
We recently launched our AI in Banking Vendor Scorecard and Capability Map report, in which we categorized over 77 AI product offerings marketed to the banking industry. Readers can download the Executive Summary Brief for the report to know more about our research into the state of AI in various banking functions.
We found that Fraud and Cybersecurity as a category accounted for 20.2% of all AI product offerings in banking. In addition, AI vendors offering products for fraud and cybersecurity raised a total of $757 million, more than any other banking function. The large banks are investing most of their money in fraud and cybersecurity-related projects while marketing their customer-facing AI applications in news media.
In 2018, Experian released the Global Fraud and Identity Report, in which the company claimed 84% of the businesses they surveyed asserted that customer identity verification will help their fraud risk mitigation efforts. The report also suggests that businesses seem to be leaning on their IT security teams when making decisions for investing in both identity theft protection and risk management.
However, human teams require significant time and resources to manage manual verification and authentication systems. AI systems might potentially help banks reduce the time and effort involved with customer verification through biometrics or automation of verification workflows in banks.
Current AI Use-Cases For ID Theft Protection
In commercial banking, identity theft is a problem that individual merchants need to deal with. Increases in the share of online payments have made instances of fraud more common. Merchant payment services at banks are also likely to be targeted for identity fraud and in many cases, the losses incurred on this type of fraud is significantly higher.
Fraud detection algorithms might have variables that take into account the trustworthiness of the merchant, the customer’s previous transaction behavior, geolocations, and Ip addresses. The big advantage that AI systems bring is that the speed of detection is real-time, which can simply not be done with a team of fraud analysts.
Large Scale Data Analysis
Traditionally, fraud detection systems require human officers to review suspicious transactions that have been red-flagged by rules-based fraud detection software engines. The only way to verify the customer’s actual identity is through a phone call. Large banks that have a vast number of customers each making several transactions will find it challenging to scale this process since the number of datasets that need review and analysis are far too many for one team to handle effectively.
In addition, rules-based systems are also disadvantaged by the fact that cyber attackers only need to find a loophole around a rule once. AI systems can be more dynamic by modifying and adapting rules over time based on what historical instructions have occurred. AI algorithms can also handle far larger scales of data management than humans, which makes detecting identity theft less labor-intensive. Human reviewers are still required in this case but the system only defers to the analysts in cases which are highly complex.
Anomaly detection software can help identify which particular transactions weren’t done by the customer based on historical spending patterns and other personal information.
For example, we covered a case study in our report in which Ayasdi claimed to have worked with HSBC to reduce and automate the manual effort required in anti-money laundering processes.
Ayasdi claims to have unearthed many new cases and patterns directly correlated to fraud, as well as reducing HSBC’s false positives (cases when HSBC’s existing rules would have flagged for laundering risk when no such risk actually existed) by 20%.
The figure on the right is of the dashboard of Ayasdi’s software, and it shows examples of how Ayasdi’s system creates visual “clusters” to represent data sets in 3D space, allowing analysts to coax out meaningful patterns.
When the amount of data that banks and financial institutions need to process grows beyond a certain level, traditional fraud solutions may not be good enough to function accurately enough since any rules-based system would require far too many rules and regular updates to those rules to stay relevant.
AI systems, on the other hand, are more dynamic and can generate a probability that a particular transaction or user behavior might be related to fraudulent activities and automatically stop the transaction.
One way in which banks can add an additional layer of identity verification is by using technologies such as voice and facial recognition. While it’s commonplace among banks to use a pin-based verification in mobile banking payments, they might need to add forms of biometric authentication to their existing authentication systems to prevent more advanced fraud incidents.
For example, Chinese company Cloudwalk Technology offers a facial recognition software that it claims can help banks improve the security of their self-service transactions using machine vision. The company’s facial recognition software is used by China’s state-owned banks to identify customers when making transactions at ATM machines.
Customers can use their face as a password instead of typing in a PIN number. The figure below shows a customer using Cloudwalk’s facial recognition software at an ATM.
The figure below shows the percent that facial recognition vendors made up of the total number of computer vision vendors selling into banking:
We believe this technology is still in its nascency in banks but is likely to grow in the future.
Vendor Profile: Feedzai
In this section, we delve deeper into the product offering from AI vendor Feedzai to better understand how ID theft prevention is being deployed in real-world business cases.
Feedzai offers a fraud detection platform tailored to banking and financial services applications. The company claims its software can work with data such as historical fraud incident reports or network traffic communications data from the merchant’s and banks’ systems to create detailed risk profiles of individual customers.
The potential advantage that software such as that from Feedzai brings lies in the speed of creating these profiles. Human analysts can achieve the same task, but not at the scalability offered by AI software such as Feedzai’s. The software gathers data such as IP addresses, geographic locations, past transactions, and patterns of abuse, such as hacking accounts and changing passwords, to establish if a user account has been compromised.
The company claims their software uses machine learning to replace the manual analysis of a large number of variables from a continuous stream of data. This allows for much faster responses to ID theft fraud incidents since the cybersecurity teams at banks and merchant companies can review only the most pressing and complex fraud incident.
One application of the ID theft prevention capability offered by Feedzai is in helping lending divisions at banks acquire new customers without falling prey to fraudsters who might use this as an opportunity to create fake bank accounts or impersonate other customers.
Feedzai claims their software was used by an unnamed US retail bank in such an application. The bank required a solution to assess the risk of fraud associated with new online account applications. Before deciding on the AI solution, the bank used human employees to manually review these applications, which were significantly higher in number.
This resulted in false positive and false negative identifications, leading to the loss of good customers and allowing fraudsters to gain access to certain accounts. The Feedzai solution has allowed the bank to automate the review of customer applications and establish their identities. The bank also claimed its application approval rate went up by 70% since the integration. The company also claimed there was no increase in fraud losses despite an increase in customer application approvals.
Challenges and Opportunities For AI In ID Theft Protection
The rise of online banking and mobile banking has also caused an increase in cybersecurity threats in which hackers use digital services to gain access to customer bank accounts and credit cards. Artificial intelligence can help avoid these instances of identity theft, aiding efforts in data privacy, better regulatory monitoring, and risk management.
Harvard Business Review Analytic Services state in their report that companies in the next one to three years 95% of organizations that the respondents belonged to will adopt big data analytics, 87% will implement data-driven marketing, and 65% will sell or purchase customer records.
While having access to a lot of customer data can be an advantage, collecting this data in a way that is not too intrusive on customers and within the compliance regulations such as the BASEL IV or GDPR is a challenging task. Banks that choose to extract customer data and sell it might find that this is a short-term strategy that will not hold up later. Customers are more concerned about how their data is being used by vendors and at the same time, such a data collection network leaves companies open to security breaches.
Header image credit: Greenpath