The best thing about living in the digital age, DataVisor CEO and Co-Founder Yinglian Xie told Karen Webster in a recent conversation, is the convenient access to financial services that it has created for everyone, everywhere in the world.
In the not so distant past, Xie noted, getting a bank account was only possible if someone showed up in person at a bank branch. Today, almost anyone can gain access to an account that allows them to transact online.
However, like all good things, it has an unfortunate and costly downside: Those open doors have created an opportunity for fraudsters and money launderers, who use that convenient access to advance their ill-intentioned criminal ends. It’s a costly free ride that has caught many high-profile financial institutions (FIs) — such as the European Central Bank (ECB), ING Group and Danske Bank — in its trap, generating fines and shaking the confidence of regulators that seek stepped-up enforcement.
According to the United Nations Office on Drugs and Crime,“the estimated amount of money laundered globally in one year is about 2 percent to 5 percent of global GDP, [some] $800 billion to $2 trillion in current U.S. dollars.”
Those costs are likely to go up before they go down, Xie told Webster, because fraud is not done by one-off criminals scheming in isolation in their basements. The people behind these large-scale attacks and massive money-laundering rings are global, criminal networks leveraging cloud infrastructure to boost their computer power, using cutting-edge device technology of their own, and working around the clock in a meticulous and coordinated way to make “the whole of their activities look legitimate.”
They’re smart, organized and extremely focused, Xie noted, because there are huge financial incentives in play.
“There is an arms race between the attackers and us,” she said. “They can, and do, constantly test and work against systems — they have a lot of time, they have sleeper cells working for them, they fly under the radar and they are constantly working on what financial institutions’ defense mechanisms are so they [can] launch more effective attacks.”
Thinking Past The Rules
The problem with many existing anti-money laundering (AML) solutions, Xie noted, is that they are rules-based systems focused on a narrow swatch of transaction information.
“If that is the primary tool that we are using to fight the fraudsters, we will always find ourselves behind,” she said.
The problem is twofold. The first is that, from an attacker’s point of view, “rules are made to be broken” isn’t a cute little aphorism; it’s pretty much a mission statement for the fraudster’s typical work day. Using networks of fraudulently created accounts, criminal networks will infiltrate systems and use techniques to start testing the bank’s rules engine. They can learn a lot about what kinds of transactions the engine does and doesn’t like, all while staying happily under the radar.
When they know enough, Xie said, they begin coordinating larger actions and become successful at extracting financial value from them. Eventually, FIs notice and react, then add something new to their rules engine to stop those kinds of attacks. At that point, she noted, the damage is done and the fraud ring is back at the drawing board dispatching new sleeper cells, testing and learning their way across the next vulnerability to exploit.
“The first thing we help companies understand when we look at money laundering and fraud issues,” Xie said, “is that the issues themselves are not static — they are dynamic. There needs to be a mindset about constant change there.”
Companies will always be at a disadvantage if they are trying to figure out what the bad guys are doing and trying to react to them, she added. The better approach is to use technology that doesn’t wait for these sleeper cells to emerge and attack, but is smart enough to adapt to subtle changes in transaction patterns either in real time or, better yet, ahead of their attempts.
That approach, first and foremost, has a wider purview, Xie said. It’s not about just looking at transaction data and figuring them out one at a time, but trying to get a broader picture of where the problem is coming from. That means collecting a more holistic data set about the user, beyond the transaction level to the account level. The ability to look at information across — and the relationship between — accounts, then catch patterns and similarities emerging, is where systems can detect changes before they become problems.
Xie cautioned that more data on its own isn’t really helpful — making the haystack bigger is not a great way to find the needle, but rather giving artificial intelligence (AI) and machine learning (ML) the ability to essentially self-govern. Unsupervised machine learning, she noted, comes with the built-in advantage of being designed for proactivity, and for detecting new attacks (or proto-attacks) without requiring human input, labeled data or historical trends.
“This approach gives us the ability to see the digital fingerprints of an attack.” Xie explained. With that, she said, fraudsters and money launderers can be kicked out of the system before they can ever launch a major attack.
A Collaborative Effort
Criminals, she said, have learned to work very effectively in teams, and fighting fraud will require a similar amount of teamwork within FIs. Attackers bring a huge level of sophistication to the techniques they use in hiding the true nature of their origin, using virtual private networks (VPNs), emulators of devices, stolen identities and, of which is at their disposal, using account information found on the Dark Web.
Technology, which is quick to point out, is only part of the equation. Making the fight winnable, she noted, is a collaborative effort across the business units using that technology to find attackers before they can inflict harm.
“Perpetrator networks are sophisticated, and they are getting more sophisticated. The good news is [that] so is the technology to fight them,” Xie said. “We have a great deal of faith in how machine learning and early detection can make a dramatic change.”