Category Archives: Fraud & Security

Fraud & Security 2016 UK Fraud Figures Show Disturbing Trend

Apr242017

Financial Fraud Action UK (FFA UK) recently released their 2016 UK fraud performance report. Whilst there were some logical changes between 2015 and 2016, I was surprised at the fluctuation and significant shifts fraudsters have made in order to circumvent existing controls. Here are some highlights and lowlights I took from the report. Overall, UK fraud losses were up again and this is due to a combination of shifts between fraud types and an increase in the number of victims of fraud (cases). What did surprise me was the rate at which the gross losses increased compared to the value prevented had decreased. For example, Industry losses increased by £13 million (2%), yet the value prevented was reduced by a staggering £380 million (22%). This means that we prevented far less of the overall fraud attack in 2016 than we did in 2015. Here are some other interesting stats: Card... [Read More]

Leave a comment

Fraud & Security EnterCard Moves Fraud Protection to the Cloud

EnterCard logo
Apr202017

In another sign of the growing use of the cloud for fraud protection, EnterCard — one of the leading Scandinavian finance companies — will use the FICO® Falcon® Platform to combat card fraud and communicate with its 1.7 million customers. EnterCard is upgrading to a cloud-based version of Falcon to protect customers in Sweden, Norway and Denmark from fraud. “The cloud-based version of Falcon gives us greater flexibility to serve our customers with better fraud protection,” said Yannick Leclerc, head of fraud in EnterCard Group. “We will have greater control over how we communicate with customers when fraud is suspected, which will help us improve the customer journey in a fraud context.” For more information, read our news release.

Leave a comment

Fraud & Security Behavioral Analytics Attack Fraud, Cyber and Financial Crime

Hand holding analytics
Apr122017

Economies of scale is one of my favorite economic principles. It’s especially cool to see how FICO customers can realize associated benefits by using our behavioral analytic technology. IDC predicts that in 2017, behavioral analytics across compliance, fraud, and cyber detection and prevention will be in place at 15% of banks, helping them to avoid losses, regulatory fines and sanctions. Banks have already made a big start in the fraud space. FICO introduced behavioral analytics in the early 1990s and we currently analyze two-thirds of the world’s payment card transactions, in real time, for fraud. Now, FICO’s proven behavioral analytics can be applied by forward-thinking institutions to fight a wide range of financial crimes. In doing so, banks can gain powerful technology economies of scale, too, leveraging mature, market-proven analytic models to benefit new domains within their business. How do behavioral analytics work?   A quick search may tell you that... [Read More]

Leave a comment

Fraud & Security Hacked ATMs Lead to 70% Rise in Debit Card Fraud

ATM with Hacked stamp
Mar292017

The latest fraud news from the FICO® Card Alert Service, which monitors hundreds of thousands of ATMs and other readers in the US, is bad. In fact, it’s doubly bad: The number of payment cards compromised at U.S. ATMs and merchants monitored rose 70 percent  in 2016. The number of hacked card readers at U.S. ATMs, restaurants and merchants rose 30 percent in 2016. This new data follows a 546 percent increase in compromised ATMs from 2014 to 2015. Here’s some more details: About 60% of the compromises were at non-bank ATMs, such as those in convenience stores. The rest took place at bank ATMs or point-of-sale (POS) devices, such as card payment machines at retailers. The average duration of a compromise continued to fall — on average, an ATM or POS device would be compromised for 11 days, compared to 14 days in 2015. The 2016 average duration is... [Read More]

Leave a comment

Fraud & Security Same-Day ACH Requires AI-Powered Fraud Protection

Mar272017

On Groundhog Day 2017, I was thinking that the payments industry is a lot like Groundhog Day, the movie. There are an awful lot of repeating themes in the payments world. And in the best case, they can teach us invaluable lessons. Payments speed is one of those recurring themes. Four years ago, we at FICO started saying it’s time for banks to upgrade fraud protection in their retail banking departments. Otherwise, financial institutions could wake up one day—Groundhog Day?—and realize that it’s too late; fraudsters will have figured out how to hijack funds flowing out of checking accounts. Today could be that day. Are banks truly ready for same-day ACH? Between the Same Day ACH initiative launch on September 23, 2016 and December 31, 2016, there were more than 13 million same-day ACH transactions. A significant 14% were person-to-person (P2P), a pretty astonishing amount for a brand-new payment type.... [Read More]

Leave a comment

Fraud & Security 5 Reasons Cyber Scoring Is the Next Big Idea for Credit Unions

Cybersecurity posture score dial
Mar212017

The greatest risk to credit unions and CUSOs today is the loss of your members’ trust and financial safety. Can your institution survive a cyber breach? Understanding your cyber risk is a critical part of protecting yourself and your members. That’s why we launched the FICO® Enterprise Security Score last year. And now, our cyber score has been selected as one of 5 big ideas to be presented at the National Association of Credit Union Service Organizations (NACUSO) 2017 Network Conference “Next Big Idea Competition.” Why is cyber scoring the next big idea for credit unions? Fraud/cybersecurity is the top priority for credit union CEOs and, by extension, CUSOs. Today’s breach risk measurements are inadequate and inaccurate. They’re manual rather than scalable, judgmental rather than empirical, point-in-time rather than predictive. ESS is rapidly deployed. You don’t install software, you just throw a switch. ESS is multi-tenant, so CUSOs can rapidly... [Read More]

Leave a comment

Fraud & Security Why the Panama Papers Leak Was Good for KYC

Panama Papers illustration
Mar132017

For many banks, KYC — Know Your Customer — means asking them how they intend to use a product, where the funds are coming from for their new account, etc. At the same time, the bank will check the customer against sanction lists, PEP (politically exposed persons) lists, and so forth. It’s not enough. Some hard evidence that it’s not enough came in 2016, when the so-called Panama Papers leak revealed that thousands of people worldwide owned a shell company in one of the countries covered. This was, needless to say, not something those individuals had disclosed to their banks. Should banks care? Absolutely. Under the KYC requirements that are part of current regulations, such as the 4th EU Money Laundering Directive and the fifth pillar of the BSA, the bank needs to know the business of their customers. If a customer owns an offshore company, it’s quite possibly so... [Read More]

Leave a comment

Fraud & Security Hackers vs. Dracula: Biometrics Are No Silver Bullet

Bela Lugosi as Dracula
Mar082017

I’m not a big fan of vampire movies—I’d pick Blackhat over Abraham Lincoln: Vampire Hunter any night of the week—but there are a lot of similarities between hackers and vampires. First, they’re afraid of the light. What hacker wants his true identity to be revealed? Second, they suck the blood out of their victims. Whether stealing data or demanding payment for ransomware, “bloodsucking” is one of the kinder adjectives used to describe cyber criminals. However, even though vampires are theoretically immortal, vanquishing them is pretty straightforward; any True Blood fan can tell you that a wooden dagger or silver bullet will do the trick. It’s not quite so easy to stop hackers in their tracks.  Encryption can be effective …  … but it’s not a stake through the heart of hacking. Data encryption is a highly effective defense against hackers, particularly in achieving HIPAA compliance to protect Protected Health Information... [Read More]

Leave a comment

Fraud & Security Why Do Hackers Commit Cyber-Attacks?

Dick Dastardly
Mar062017

Cyber-attacks are hitting the headlines on a daily basis and a lot of effort goes into both preventing them and dealing with the consequences when they have happened. Understanding the motivation behind attacks can help organisations understand more about the risks they face so that they can tackle them. So why do cyber-attacks happen? 1. For financial gain This is the most likely reason an organization get attacked. Criminals are looking to gain financially in three main ways: Data breaches to feed identity theft. Third-party fraud is fuelled by identity theft, and breached data gives criminals the information they need to take over someone’s identity. In the UK the CIFAS Fraud Scape 2016 highlighted a 49% growth in identity theft over the previous year. Criminal gangs are well-organised and operate on a commercial basis – there is a supply chain, those that steal data are unlikely to be the same criminals... [Read More]

Leave a comment

Fraud & Security Are Your Fraud Alert Replies Being Spoofed?

SMS screen with fake response to bank inquiry
Mar012017

As banks try to improve customer experience, reduce fraud and cut operational costs through interactive SMS, criminals have moved in to take advantage of the channel. The latest fraud scam involves ‘spoofing’ CLI (calling line identity) numbers to respond to SMS fraud alerts intended for customers. “Spoofing” SMS or texts might seem like something teenagers would do, perhaps sending fake texts on Valentine’s Day appearing to be from someone else. Instead, what’s happening is more sinister. If a credit/debit card transaction is deemed as suspicious, banks can alert customers through SMS, as well as through automated voice, mobile application push notifications and emails. If the transaction is genuine, the customer simply needs to respond to the SMS to confirm this, without actually having to speak to an operator in a call centre. What the fraudsters are doing is making a fraudulent transaction using a compromised card and then successfully ‘spoofing’... [Read More]

Leave a comment