By Team Bleckwen
Evaldas Rimasauskas, a 50-year old Lithuanian citizen, recently pleaded guilty to having scammed Google and Facebook out of $122Mn. How was that possible? How could one individual defraud such powerful international companies?
He used social engineering fraud, and we are seeing dramatic increase in this type of fraud, which takes advantage of the shortcomings of current protection systems.
Social engineering fraud is affecting more and more businesses as well as consumers. According to UK Finance, social engineering fraud increased by 50% between 2017 and 2018, reaching a total of £354 million. £228 million for consumers (+112%) and £126 million for businesses with the number of consumer cases identified more than doubling during the same period!
In this type of fraud, the victim, is tricked by a criminal to move money from their account to one controlled by the criminal. This is called Authorised Push Payment fraud: as the payment is initiated by a legitimate user (Authorised), who sends the money by bank transfer (Push Payment).
We expect that the same phenomenon will occur in Europe with the arrival of Instant Payment because PSD2 encourages the use of digital channels and fast transfers, as a means of replacing cheques, cash and bank cards. This makes payments smoother for consumers, who can transfer payments anywhere in the world in seconds.
Progress? Of course, but we can see that although faster payment methods and online banking offer a better user experience and faster transactions, they also greatly facilitate social engineering fraud.
A great deal of effort is focused today on customer authentication. The stringent requirements laid out in PSD2 Strong Customer Authentication although effective in the case of lost bank cards or theft of login details, do not offer anti-fraud protection if the payment is authorised by the account holder.
Criminals are therefor hacking the human which is the typical scenario playing out in cases of APP fraud: the users are legitimate, with valid credentials using their usual computers and make their payment under normal conditions…. but they are nonetheless victims of a fraud.
To combat this, Bleckwen has developed its payment fraud prevention solution, combining behavioural analysis and explainable AI to protect account holders, regardless of the payment method or channel. Behavioural analysis learns the individual payment behaviours of each account holder, and any new payment is checked against the “usual” profile by an AI algorithm in real time. This algorithm is able to detect payment anomalies and alert accordingly. It can also learn new signs of fraud or abnormal activity automatically and adapt quickly.
Bleckwen’s solution also has explainability capabilities which allows a better understanding of the decision reached by the algorithm. This facilitates feedback to the algorithm thereby increasing its overall effectiveness over time and this is effective regardless of the channel, since it essentially uses the payment data and knowledge of the historical context. It can therefore be applied to cases of payment fraud authorised by the customer, such as social engineering