Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .


Three Reasons Traditional Machine Learning Can’t Stop Multi-Channel Bank Fraud

Three Reasons Traditional Machine Learning Can't Stop Multi-Channel Bank Fraud

By: Mark Gazit, CEO of ThetaRay

Financial institutions are learning the hard way what can happen when criminals get their hands on the latest technology. Gone are the days of robbing tellers at gunpoint; today’s sophisticated criminal networks and nation-states use machine learning and artificial intelligence to target institutions remotely, quietly and through many channels at once. They have figured out banks’ vulnerabilities and exploited them mercilessly through a combination of malware, ATM jackpotting, money mules, money laundering, e-payment/cryptocurrency fraud and more, stealing untold millions to finance terrorism and profit from human and drug trafficking.

So, what exactly is “cross-channel fraud”?

A perfect example can be seen in the tremendously successful Carbanak campaign, which used cross-channel methods to steal more than a billion euros from over 100 banks in 40 countries.  It went undetected for four years.

Here’s how they did it:

  1. They began by purchasing databases of bank personnel and targeted each employee with a spear-phishing email, encouraging them to open malicious attachments.
  2. Once clicked, the software allowed the hackers to remotely control infected machines, giving them access to the bank’s internal network and servers controlling ATMs.
  3. They then transferred money through e-payment networks or artificially inflated hundreds of accounts.
  4. To withdraw the money, they used software to remotely instruct the ATMs to dispense cash at a predetermined time. Bagmen (often members of local gangs) were hired to collect the cash.
  5. The money was then laundered via prepaid cards linked to cryptocurrency wallets.

Because of the cross-channel methods used by these criminals, Carbanak went undetected for years and required multiple countries and companies working together to bust the ring.

Banks are fighting back, and we are seeing an increased push from regulators, consumers and the banks themselves to invest heavily in technologies that can fight off these evolving attacks. However, the technology they’re using isn’t necessarily up to the task. Many organizations have implemented supervised machine learning. This means that humans must tell it exactly what to look for.  When you get down to it, classic machine learning isn’t much different than traditional rules-based risk detection solutions –which can catch scams and red flags that have been seen before, but are unable to detect new types of threats.

Here are the three main problems with traditional machine learning, and why banks must institute a better way of catching the “unknown unknowns” to outsmart cross-channel fraudsters:

It can’t recognize new types of attacks: While it’s heartening to see more financial institutions waking up and realizing they need to implement technology that helps catch cyber criminals, supervised machine learning simply won’t cut it. Criminals will always evolve and find ways around security system. If you’re only looking for attacks that have already happened, you’ll miss all the new ones that are evolving.

Cross-channel fraud is extremely difficult to track: Banks used to know all the ways that attackers could physically access their money.  However, now that everything has become digital, the attack surface is larger, and attacks are constantly evolving and hard to pin down. There are so many ways criminals can defraud a bank, and many fraudsters employ more than one method. A little money laundering, a pinch of hacking, a dash of phishing, and voila! Money in their account. Traditional machine learning can’t keep up.

Attacks are growing in sophistication: Today’s fraud schemes have grown dramatically in sophistication to elude not just humans, but technology as well. Criminals are using AI and social conditioning to create gambits that have never been seen before. For example, after breaching a bank’s system via spear-phishing, hackers sometimes monitor the executives’ communication before becoming a ‘man in the middle’ and pretending to be one of them.  In other words, if a hacker learns that a C-suite bank employee is leaving the country on vacation and that he’s a cycling enthusiast, the fraudster could email a bank colleague: “John – great riding through Costa Rica. I just got an invoice from the production company who worked on that cryptocurrency documentary.  We’re late in paying it –and by contract we’ll pay a 50% fee if we don’t pay it now. Could you wire payment to this account asap?”  At face value, it seems like an email that would come from the executive, but once the money is transferred into the fraudulent account, there’s no getting it back!

The next big thing in cross-channel scams has not yet been found, but you can be sure it is happening as we speak. The financial sector is facing a constant escalation of internal and external unknown threats. The diversity of service channels that mix physical and cyber access, like branches, ATMs, online services, and mobile banking, are affected by unique risks tied to each, growing the complexity of internal operations. Along with increasingly rigorous regulatory requirements, managing and mitigating operational risks effectively becomes a major challenge.

Luckily, there are emerging technologies that are making it easier for banks to connect the dots and stop cross-channel fraudsters in in their tracks. Some companies are developing machine learning solutions that point out anomalies with laser precision and the exact parameters by which they are triggered. With next-gen machine learning, fully automated detection is seamless and swift, no matter how much data needs to be analyzed, and more importantly, there is no need for the machine to be ‘taught.’ Banks are overwhelmingly responding to this high computational efficiency, as it allows them to recognize risks immediately, respond, and mitigate the risk and its impact.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post