After years of overpromising and underdelivering, digital transformation has finally started producing results. Businesses across multiple industries are now accelerating growth through the creation of digital services as additions to traditional customer service channels. What’s more, large numbers of agile start-ups are disrupting the financial services and retail industries with innovative data-driven applications.
The impact of these new services has been a change in mentality. We now expect businesses to prioritise digital, and younger consumers in particular are disappointed by anything other than that. While digital services allow for instant gratification, they also make us more vulnerable to fraud. Among the industries most at risk is the legal sector, with law firms seen as lucrative targets as a result of the large volumes of sensitive information in their possession. Online channels present cybercriminals with countless new entry points for cyberattacks – with 91% of law firms falling victim to email spoofing to send spam, phishing and other fraudulent emails last year, clearly, they are not immune to cybercrime. There are various steps they can take to protect themselves, discussed below by Caroline Hermon, Head of Fraud Solutions at SAS UK & Ireland.
The drive to digital
In the early months of 2020, we have seen a boom in digital services, while the traditional physical economy has slowed to a crawl. To stay in business, many companies are being forced to move services online faster than they had planned. In the rush to get these new digital services to market, there’s a significant risk that development teams will make mistakes and overlook the usual security checks. Unfortunately, the likely result is that fraudsters will have a field day as they find and exploit these new gaps in their victims’ armour.
To stay in business, many companies are being forced to move services online faster than they had planned.
1. Keeping ahead of fraudsters
In a highly dynamic environment where fraudsters are discovering new attack vectors every day, it’s critical for fraud prevention teams to be able to detect threats and respond quickly. Artificial intelligence and machine learning (AI/ML) approaches can help by spotting patterns in previous fraud cases and using them to detect suspicious behaviour by customers, employees or systems.
AI and machine learning are vast and highly technical fields, and it can be difficult for fraud teams to choose the best way to start their adoption journey. Nevertheless, banks and other organisations are putting a variety of interesting AI/ML-powered anti-fraud solutions into production. For example:
2. Facial and image recognition
Digital banks such as Monzo are using smartphone cameras with facial recognition technology to prevent unauthorised users from gaining access to customers’ accounts via their mobile apps. Today’s powerful facial recognition solutions are built using machine learning models that can tell the difference between a customer’s face and a photo or mask. They can even detect when a person is sleeping or unaware that the camera is being used, potentially making them a much more powerful access control measure than traditional password-based login methods.
Banks are also using image recognition to streamline processes such as paying in cheques, where customers simply take a photo of the cheque and upload it via their banking app. Banks already use machine learning models to identify whether the image is a genuine cheque and extract the key information from it. It will be a natural progression to analyse signatures and detect more types of potential cheque fraud.
[ymal]
3. Identifying suspicious behaviour
Natural language processing and text analytics can help companies handle larger volumes of internal and external communications – such as phone calls, emails, SMS and instant messenger/chatbot interactions – while still maintaining robust anti-fraud measures. For example, in a banking context, many institutions already record the phone calls of their traders and other employees to provide evidence in cases of insider trading and other financial crimes. By using natural language processing techniques, organisations can automatically transcribe these audio files into text. Then AI/ML models can recognise relevant keywords and topics, analyse tone and sentiment, and raise alerts to the fraud team when suspicious behaviour rises above a given threshold.
4. Eliminating the problem of false positives
False positives are the bane of fraud investigators’ existence, diverting expert resources away from the true criminals and alienating innocent customers and employees. You can use AI/ML techniques to build models that can analyse previous cases and separate out the behaviour patterns that are truly suspicious from the purely superficial anomalies.
5. Revisiting rule-based methods
Many current fraud detection systems use a defined set of business rules to assess the likelihood that a given case requires investigation. You can use AI/ML models to supplement and test these rule sets. This provides insight into the relationship and relative predictive power of each rule and even suggests new rules that can be added to increase the accuracy of the results.
6. Identifying collusion
One of the most powerful tools in an investigator’s toolkit is network analysis, which provides tools to visualise and understand the relationships between the people, places and events surrounding a case under investigation. Just like human investigators, AI/ML models can be trained to interpret these complex networks, and can often identify patterns and relationships that traditional approaches might miss.
One of the most powerful tools in an investigator’s toolkit is network analysis.
7. Monitoring networks
The move towards providing digital services for customers and remote working capabilities for employees poses new problems for network security teams, who can no longer count on all sensitive activity taking place behind the corporate firewall. However, you can also use AI/ML solutions to process vast quantities of network logs and identify suspicious events at a speed and scale far beyond the capabilities of human network administrators.
Putting a platform into action
Ultimately, the threat of fraud within the legal sector has potential for serious reputational and financial fallout, highlighting the need for pre-emptive fraud defences. Open source coding tends to be the starting point for many organisations in their AI journey, and works perfectly well for small-scale initiatives. But enterprise-grade deployments are highly complex and call for a much more robust approach, plus scaling with open source can be difficult. Among the factors to consider is the need for governance to ensure information is used for its intended purposes, as well as ongoing model testing and monitoring to ensure accuracy and avoid bias. Here, taking a centralised approach is a good way to go. By this, we mean putting an analytics platform in place which supports not just traditional statistical methods, but also newer AI/ML-enabled techniques.