Bulgarian banks should apply for appropriate security measures when moving to digital world

Marcin Nadolny leads the EMEA Banking & Insurance Fraud Practice at SAS Institute. He is a thought leader on fraud, accountable for defining the go-to-market strategy, business development, support of implementations with expert knowledge and fraud analytics. Marcin and his team are subject matter experts that help banks and financial institutions to combat fraud and financial crimes, and improve detection across all areas including payments fraud, application/identity fraud, insurance claims fraud, insider threats. Marcin is an experienced anti-fraud expert, but also data scientist with huge expertise in machine learning applications in business. He has strong background in banking and financial services and over 16 years of professional experience he gained with SAS but also at PwC, Toyota Bank and at DaimlerChrysler R&D. Along his career Marcin was leading fraud teams on the country and regional levels. He participated in numerous projects addressing setting fraud detection strategies with support of machine learning and networks analytics, and particularly he was leading the team of analysts implementing SAS Enterprise Fraud Management platform at largest banks in Central Europe. Marcin is graduated in mathematics from the University of Warsaw, and also holds a Master of Science degree in Applied Computer Science from Albert-Ludwigs-University of Freiburg in Germany.

Mr. Nadolny, we talk about Banks and Fintechs cooperation now 2020. What will change in the field of payments next 10 years?

When we look for the future, then we need to say traditional banks will alive only if they become Fintechs, only if they go beyond what they do currently and become more tech companies, serving their clients in parallel of course. Those banks which recognized it already started to transform themselves to become Fintechs in future.

What we observe there are also banks which decide to take a route of building a synergy with multiple small Fintechs addressing different types of services. Those banks are building an ecosystem, where they cooperate with Fintechs to supplement their offering or even they acquire some of them. That is their way to stay in the game after next 10 years. This is also a good option, as this brings fresh air and ideas to those organizations as well.

What else can we improve in existing systems, what else do we need to decide like problems?

If we focus on fraud detection and prevention I believe critical points for being successful are flexibility, power of analytics and speed of reaction. By flexibility I understand first capability to enrich the data flow – payment/application with additional data points that allow to better identify the genuine person in the digital world and to better detect potential threats. This is about a broad variety of data to be leveraged - device information and reputation, session data, behavioral biometrics, geolocation, but also phone reputation, credit bureau information or even public records.  Those data points can be obtained from multiple 3rd party data provides, as no single vendor will give you the information about every single customer/device and information about all different aspects mentioned before. These additional data joined together are then additional fuel for Analytics that is a second pillar to succeed.

If we think about the role of Analytics - there is no single technique that is best. We obtain best result if we apply a hybrid approach and leverage various techniques – business rules, anomaly detection, AI/machine learning but also network analytics. Such combined approach is crucial for better detection of frauds that are becoming more and more complex – when fraudster is using stolen data or makes a combination of real and fictious data, or even when the cases are more organized with more fraudulent parties playing that game with the bank, like for example in the case with fictious companies confirming identity and salary of numerous individual fraudsters.

And finally what is also critical is the speed of reaction. Banks need to have ability to quickly/immediately react to changing fraud trends, both in terms of capability to update business rules but also in terms of having machine learning models adapting to changing environment. And last but not least we need to remember that with the current speed of life, when loans are to be granted and accounts opened via online channels in seconds, everything – data enrichment, analytics and alert generation should be done in real-time (in milliseconds).

On the event DIGI PAY 2020 on 1 of October you said: Banks are transforming, we are transforming our lives into the digital world? Cybercriminals love the digital world too, how much crime has increased in recent years, in which countries why doesn't trust drop, though?

Over recent years, many banks and financial organisations have embarked on digital transformation programmes. This process has been hugely accelerated over the last few months because of the coronavirus pandemic. Large numbers of banks and lenders are now running digital application and approval processes. And even more customers have moved to digital or online payment systems, encouraged by retailers and restrictions on physical movements. This shift to digital is good for customers, but it is also a good information for fraudsters, as human interaction is removed, people are more anonymous and criminals can steal identity or credentials of someone that is even hundred thousands of miles away.

If we look on the COVID-19 impact on fraud trends, then we observe a raise of cybercrime-as-a-service, we see criminals leveraging AI in the malicious way, to create malware or even for social engineering purposes. We observe also steep rise of SIM swapping and digital skimming. As of August 2020, 77% of experts asked by ACFE said they had observed an increase in the overall level of fraud. The observed fraud level increased from 68% in May 2020.

Finally 92% of ACFE respondents expect further increase of fraud across next 12 months.

In that context industry expects also an increased investment in advanced anti-fraud technologies to keep pace with criminals, keep customer trust and keep safe their money.

Bulgaria is on the last place for cybercrime in Europe because the digital payments are not widespread? What shows the statistic? How we can increase digital payments but keep cybercrime low?

There is no way back from digital and digital payments are of course the right direction, this is what we observe happening across many countries, and there is no reason it will be different for Bulgaria, it is only delayed. What is important for every organization that is moving its processes to digital is not to forget to invest in proper anti-fraud systems and processes, that will help to protect the money and customers from cybercrime.

Interesting to mention is that even if Bulgaria is not a champion in digital banking yet, we see many criminal groups from Bulgaria that are extremely active in the cyber space across other EU countries. That is why the more important is for Bulgarian banks to apply appropriate security measures and do proper anti-fraud investment when moving to digital world.

Does the use of biometrics provide a greater guarantee that we will not fall victim to cybercriminals?

Biometrics has two aspects, it might be physical biometrics – client verification based on face, fingerprint, etc. or behavioral biometrics looking on client behavior on the device – so it is about mouse movements, keystrokes, etc. 

The first one can be used as a credential to authenticate a user at account creation. When the second one is very important in the digital world, and can enrich fraud detection at any stage in the customer lifecycle, whether it is account opening, login, or account usage monitoring. Biometrics is important and provides additional level of security, but this is only part of the picture, there are plenty of other important data points (like device intelligence and reputation, digital identity) that increase the security of payments and application processes and together with machine learning allow to better prevent fraud and identity theft.

What is the percentage of AI currently in payments and what percentage of crime detection is due to AI? What cannot be done by AI yet, but is moving in that direction?

Still not many financial institutions are employing analytics and AI to detect and prevent payments, application or identity fraud. Those organization who already employed modern anti-fraud systems detect most of fraud leveraging hybrid analytics with black list matching, automated business rules, but also with network analytics and AI/Machine Learning models. There are organisations which fully automated fraud assessment for high-risky cases, but still in many institutions however the last word belongs to Investigator who’s role is to analyse the case and confirm if this is fraud or not.

How much fraud attacks decrease after the introduction of an integrated system?

Introducing a holistic anti-fraud system and process changes in the organization always results in better fraud detection and prevention. To give an example – one of SAS customers observed significant attacks, they decided to implement an integrated anti-fraud system with 3rd party data enrichment and machine learning, and this allowed them to cut fraud by around 80% after going live.

Which countries in Southeast Europe invest the most in integrating innovative crime prevention methods? Does this depend only on the money they will pay for the product?

We do not have such detailed information in the most recently published reports, but based on our observation when we look on Southeast Europe countries, we see Turkey, Greece and Bulgaria as countries which invest the most in innovative fraud detection and prevention technologies. As the digitalization is rapidly accelerated within this year, we believe that other countries in that region will also look soon to increase their investment in fraud prevention innovation in order to keep their customers safe.