The new online security
rules announced last year by the Federal Financial Institutions
Examination Council have seen financial institutions scrambling to
keep pace. But one US bank – National Penn Bancshares – is a long
way ahead of the rest of the field, writes Charles
Davis.
Online fraud is, of course,
an increasingly biting issue for the retail banking sector. There
is a rush to find the right processes, and the right technology
partner, to meet the Federal Financial Institutions Examination
Council (FFIEC) rules.
Some two years ago, before
those rules were announced, National Penn Bancshares – a
123-branch, $9bn regional bank – began working with Memento, a
fraud prevention platform that uses a mix of human and
technological intervention to detect fraud.
Since then, the bank has
experienced a significant reduction in fraud, according to Steve
Kunkel, senior vice-president of operational risk management and
loss prevention.
“We have embedded a system in
our ACH and wire processes that performs analytics on transactions
before they leave the bank,” Kunkel says. “The system generally is
looking for unique, unusual patterns. We are finding transactions
that need more review, and then working with our customers to
determine whether or not they are fraudulent.”
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData
Working to
rule
Memento’s Enterprise Platform
addresses all of the layered security guidelines required in the
FFIEC’s latest guidance, including multiple controls and
technologies.
The FFIEC said financial
institutions must combine endpoint security with transaction
monitoring across all transfer mechanisms used to move funds into
and from a deposit account.
That’s where Enterprise
Platform’s analytics kick in, Kunkel says. Each account and
customer has a unique behaviour profile which, if analysed
intelligently, can be used to identify suspicious
activity.
“Customer and account level
transaction monitoring is one of the most effective fraud
prevention approaches available,” Kunkel says. “It is the last line
of defence, and it is powerful because the fraudster has no way of
detecting what we are doing.
“It is a dynamic system, one
that allows for a great deal of customisation and real-time
adjustments, which is critical to fraud detection in electronic
payments.”
The system’s sophisticated
analytical techniques look for anomalies and patterns that
investigators are not aware of yet.
Employing a rich mix of
statistical techniques and algorithms – including Bayesian
networks, learning models and behaviour profiling – the Enterprise
Platform allows National Penn to examine their overall customer and
account base, identify outliers and tracking potentially harmful
patterns.
These alerts provide an
opportunity to detect previously unknown patterns of fraud,
catching them earlier and reducing their impact. And they help
fine-tune scenarios for greater accuracy.
Most importantly, the
platform enables customers to employ business rules and advanced
analytics in tandem. Users routinely prosecute cases based on
business rules with a low ‘false positive’ rate. And as soon as
they identify a new, previously unknown pattern using advanced
analytics, they are alerted to a potential new threat.
The more data National Penn
collects, the better the analysis, Kunkel says, as the system
learns to reduce false positives that slow down payments and
distract bankers from core tasks.
The helping
hand
It is not all automated
analytics, however. Kunkel insists the real power of the Memento
platform lies in combining technology with human hands.
While detecting fraud was
once the sole responsibility of the bank’s fraud protection unit,
the new system spreads fraud detection throughout the
institution.
National Penn’s relationship
managers now play an active role in sniffing out suspicious
transactions, since they work more closely with the business
customers at the other end of the transaction.
“We have made fraud detection
an enterprise-wide effort,” Kunkel says. “It is extremely important
to educate customers in advance, to empower them to protect
themselves, to communicate with our customers as we go so they will
expect a call from our ACH customer manager with a question about a
transaction.”
Kunkel describes the response
from clients as “extremely positive”. He says the frequent
interaction between bankers and business clients helps spark
discussion about steps businesses can take to improve payments
security at their end as well.
“It is important to drive the
message home that, while we are tweaking the analytics to improve
transaction security, we are in this together,” Kunkel adds. “As
new payment forms emerge, and as the payment mix of our business
customers changes, it is important to work collaboratively on
security.”
Kunkel’s team has trained
staff the basics of ACH payments, patterns of suspicious activity
and the bank’s requirements for timely decision-making. A protocol
for inquiries about suspicious or anomalous transactions also
helped to smooth the transition to a more robust monitoring
environment.
Memento’s system helps
National Penn tackle the enormous task of effectively analysing
transactions spanning product lines and channels. This data must
then be assembled into intelligent customer profiles that can be
studied across time and within the customer’s own transaction
history.
“You have to look at the
transaction in the context of the person’s overall transaction
history, so we are looking for things that are unusual for that
customer,” Kunkel says. “It could be a threshold set for
hard-dollar amounts, but most of the time it involves looking for
things that are derivations from the mean. We are looking for
degrees of abnormality for this customer… how unusual,
statistically, is this transaction?”
The system’s flexibility is
key, says Kunkel, because one thing is certain: fraud will continue
to evolve, and the bank’s fraud detection efforts must keep
pace.
“Straightforward phishing has
evolved to ‘man-in-the-middle’ fraud where the fraudster has taken
control of the computer or account, and so to us, it looks just
like our customer making the transaction,” he says.
“That makes the combination of analytics and a human touch
even more crucial. The great thing about the Memento system is that
we can adjust it on the fly. We are adjusting daily to events on
the ground.”