6 min read
Author: Ant Phillips, Chief Technology Officer, D4t4 Solutions plc
Between 2019 and 2020, Remote Account Takeover (RAT) fraud increased by a horrendous 282%. Through this blog, I'll share more about RAT fraud and how to drive these fraudsters away.
First, a little background. RAT is a type of scam. You receive a call out of the blue from someone claiming to be your bank, an internet or utility company, or even the police. They convince you to give them remote access to your computer by saying they can help sort out some 'fraudulent payments' identified on your account. You may be asked to download software, visit a specific website, or follow instructions that give them control. These details change from one call to another, but they are always well-rehearsed and very persuasive. There are some great examples of recorded calls on YouTube, and they are worth a few minutes of your time.
The fraudster persuades you to log on to online banking. Because the fraudster has remote access to your computer, they see everything you're typing – including your online banking log-on details. It doesn't take long before the fraudster moves your money to one or more mule accounts that are under their control, and then the money is transferred again, at which point it is virtually unrecoverable.
How can retail banks identify these fraudsters? First, you need good data that details everything happening on your digital channels, including the clues that identify the online banking sessions where the RAT fraud occurred. Assuming you have this data, then it's all about building the model. No rocket science here: identify the training set, including fraudulent activity, train and test the model, deploy, monitor, and so on. These models tend to decay quickly because fraudsters are resourceful and constantly look for workarounds, so this is an ongoing exercise for fraud analytics teams.
We've seen some truly stunning results using Celebrus data and fraud detection models, but we can do even better. Thus far, the critical insight in the explanation is that the models identify patterns in the data caused by fraudsters' modus operandi. For example, the fraudster may be coaching you to do something on your online banking website, and this creates an unusual feature in the data, such as the time spent on specific web pages. The issue is that, yes, this feature does identify some fraudsters, but for many other people these patterns are entirely normal. Therefore we get a significant number of 'false positives' that cause unwelcome irritation and friction for your legitimate customers. For the machine learning aficionados, solving this problem by tuning the model often leads to overfitting and worse results. False positives are a nightmare for anyone involved in customer experience (CX) and cause huge disruption to customers (have you ever had a card payment denied when you arrive in a foreign country? Then, you know how irritating and inconvenient it is.)
Fortunately, this problem is precisely what behavioral biometrics in the Celebrus Fraud Data Platform (FDP) solves. Behavioral biometrics create an individual biometric profile for each customer. This biometric profile details your characteristics. In short, it's the 'W' questions such as when do you use an application, what things do you typically do online, where are you located in the world, and so on.
The value of the biometric profile is that it keeps an ethically compliant record of what you normally do online. When a fraudster takes control of your account, these behaviors diverge from your biometric profile. That provides real-time signals to the bank that the account is compromised, enabling them to intervene and catch the fraudster before the fraud. The elegance of behavioral biometrics is that it doesn't matter what other people do in their online banking. The only thing that matters is what you do. In other words, it's all about you.
We use necessary cookies to make our site work and analytics cookies to help us improve it. We will not collect any personal identifiable information unless you enable us to do so. For more detailed information about the cookies we use, see our cookies policy & settings page.