Sponsored by ?

This article was paid for by a contributing third party.More Information.

Digital exposure makes fraud management a vital responsibility for financial institutions

Digital exposure makes fraud management a vital responsibility for financial institutions

Fraud detection and fraud management continue to be a growing area of concern for financial institutions (FIs) worldwide

As technology constantly evolves, FIs need to ensure they stay on top of the key issues and have extensive fraud management systems in place.

Vincent Caldeira, field chief technology officer, Asia-Pacific (Apac), at Red Hat, discusses current issues in fraud detection and management, and how technology-driven platforms can help FIs ensure better management for their customers. This came on the back of an Asia Risk webinar recently convened by Red Hat and SAS, which looked at utilising technology to process precise detection of fraudsters in a digitalised world. 

Main issues in fraud detection and management today

Caldeira observed there are quite a few issues they are seeing from their customers. These issues come with major growth in the digital footprint of FIs, more and more of which is through third-party solutions. As FIs continue to grow their digital exposure, they are seeing an increase in data breaches. But with increased digital exposure comes a significant increase in the amount of data that criminals can acquire about customers. As Caldeira notes: “The more exposure you have of customer data, the more risk of fraud.” 

Caldeira also spoke of an increase in what he describes as “social engineering” attacks, where the scammers typically have some knowledge of the customer, which allows them to take advantage of the fraud detection system in place. With these socially engineered attacks, the traditional means for FIs to protect the customer are no longer sufficient, as the fraudster will already have access to the accounts. 

Caldeira used the example of know your customer (KYC) as a process that has become more difficult with the growing digitisation of banking. “In the past, when people went into their banking branches, things like KYC were easier because you could actually see the customer. With things moving digital, you don’t have that anymore. FIs need to evolve their business models to bridge this gap.”

One of the main threads that arose during the webinar was the wide range of fraud types FIs are currently dealing with, such as credit card fraud, insurance fraud and first-party lending fraud. However, all of these different types of fraud are still linked, as they all occur within the client lifecycle. 

During the SAS/Red Hat webinar, the live audience was polled on what they believed were the fundamental reasons that fraud issues persist within the market, and asked whether there are insufficient protections in place or if it is a more fundamental issue. Almost half (46.8%) agreed that people will always be the weak link, as the fraud schemes being carried out are not particularly elaborate. If people are the biggest problem – by either not following the rules or being susceptible to fraud schemes – then technology must be the solution for the removal of weak links. 

Gerard McDonnell, regional solutions director at SAS, explained that the increase in access to customer data and patterns provides a great amount of rich data to work with. This then leads to a better ability to assess the context of fraud with trained models, wherein fraud patterns can be identified and technology used to recognise and shut it down when it appears. “At the end of the day, if people are the weak link, then we need to take people out of the link as much as possible and put in something instead, such as artificial intelligence [AI] or machine learning. We can use technology to look at data, see the problem, and draw it to the attention of people”. 

Growing regulatory pressure

The rise of new technologies, inevitably, will necessitate updated regulations to ensure FIs can detect and manage potential fraud. Caldeira notes that, at a high level, he sees regulators constantly adapting regulation and advisory guidance to the market based on the different types of fraud faced by the industry. The biggest change is that regulations are now focused on the risk to the customer; Caldeira notes the large shift from the previous status quo, when institutions would focus on their own technology risks and controls, such as in their online banking systems. Today, customer risks – such as targeted social engineering attacks – are more heavily considered. Caldeira notes that the focus now “…is on what the real risk for the customer is, how it’s evolving, and what the bank needs to do in order to adapt to it.”

Inevitably, this means there is a lot more pressure on FIs to gather all of the contextual data they have about the customer, and it is not sufficient to perform just the minimum amount of KYC work. Caldeira provided an example from Singapore, which relates to customer risk and education. When the local regulator became aware of some emerging fraudulent activity, it advised the FIs that it was part of their role to enact comprehensive customer education about fraud. While customers need to be made aware of how and where they may get hit, the FIs are ultimately responsible for this education. In the SAS/Red Hat webinar, McDonnell also noted that, in Singapore and the Philippines in particular, regulators have “been passing out hefty punishments for not being up to speed” with the various scams and crypto issues that may impact their customers, ultimately laying the responsibility within the FIs themselves. 

Caldeira believes there is a set of challenges that apply specifically to the Apac region when it comes to fraud. For example, Apac has the world’s highest mobile and internet penetration. But, while this digital adoption is ahead of the curve, its markets are slightly less mature than those in North America and Europe. In combination, this has created a bevy of unique issues to deal with. He provides India as an example, where an FI needed to build an entire digital payment infrastructure to meet the huge volume of online payments, along with the necessary fraud detection capability to help cope with the sheer volume of transactions.

Technology-driven models for fraud detection

Caldeira describes how digitalisation is changing the ways customers behave, as well as how solutions are able to adapt to these changes. There is a growing need for FIs to acquire a lot more data about their customers and their transactions, with this data forming the parameters around which a solution can be based. Machine learning can adapt to new forms of data and is therefore much nimbler than rules-based systems. 

Caldeira further explains how technology is “a solution to scalability. You have data constantly changing and new data patterns emerging, so you need to think about how to scale your entire pipeline for machine learning.” This includes data acquisition, monitoring of model efficiency, retraining of the model, deployment of the model and more. And so, to detect and manage fraud, Red Hat believes FIs need a technology platform with three key elements: data ops (how you actually manage your data at scale), model ops (your machine learning pipeline, including maintenance and testing) once your model is ready and, finally, integration with your system (deploying the machine learning model as a microservice).

Red Hat Kubernetes

In discussing the benefits of using tech-based platforms for fraud detection, Caldeira points to Red Hat’s Kubernetes technology – a container orchestration technology that facilitates the deployment of an analytics and machine learning platform. The technology itself is quite valuable as it deals with the issue of scale, as well as maintaining consistency across workloads. With so many data analytics processes running, an FI needs to ensure that all the people involved are working in a consistent and efficient way. With Kubernetes for machine learning, FIs get automated deployment, so they can scale their operations very quickly. 

A 2023 report by Red Hat surveyed technology leaders from multiple industries on what types of workloads they deploy on containers and Kubernetes. The survey found cloud security to be the top cloud infrastructure priority, with data security and integrity as the top analytics funding priority, and security automation as the top automation priority.

The Red Hat approach is different from other competition offerings. Red Hat helps its customers use their existing infrastructure – whether that’s a data centre or a private or public cloud – to support their platform. With the multiple different systems that FIs run today, potential customers typically do not know where their data – or collection of models – is actually run. FIs require a consistent platform to ensure that models trained with sensitive information in their private data centres can potentially be deployed onto public clouds, while also reducing data exposure. The Red Hat platform provides the capability to be infrastructure-agnostic and offer a consistent deployment model. This ultimately means that the technology teams within the FIs don’t need to have different skill sets to manage an array of platforms.

Next steps in fraud detection

Caldeira explains there is one key maxim that applies to technology platforms, and especially for those used in fraud management: “It is very difficult to build an end-to-end capability by yourself and, at the same time, it is never efficient to build it for only one type of use case.” 

He adds that analytics and machine learning extend across a variety of areas within an FI’s functions, including fraud management, customer segmentation, marketing and more. Though fraud has been a driving force for adopting some of these technologies, it is not the only applicable area within an FI

For FIs looking to strengthen their analytics and machine learning capabilities, Caldeira recommends identifying potential partners that can provide a full end-to-end solution, with end-to-end capabilities in analytics and machine learning that can apply to fraud, but also across other functions.

For more information on Red Hat Kubernetes, visit:

SAS Viya on Red Hat OpenShift

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here