By Maksym Bieliai, BA Team Leader, Fintech Market Analyst
Financial companies face exposure to a greater variety of attack vectors than ever before. The advent of affordable cloud computing and easily deployed AI has leveled the playing field. In 2021, fraudsters scored a $35 million take by deepfaking the voice of a company director in Dubai. Similar attacks took place in 2019 and 2020 against a major energy company and bank.
Fighting fire with fire, in this case, might be the best solution. More sophisticated AI-enabled attacks mean that AI also needs to be more robust in defence. Following the latest artificial intelligence trends, let’s find out how exactly this technology can help your company manage security risks.
The Benefits of Using AI in Сyber Security
Artificial intelligence is particularly well-oriented toward any task which requires it to pull out useful insights from a vast amount of data. The algorithms are capable of processing huge volumes of information in real time, uncovering patterns that would take human agents months to find. Accelerating threat detection means a faster response to these risks, which reduces the vulnerability of your entire security system.
Another advantage of AI-based security mechanisms is that they are flexible enough to learn and improve. Engineers can train models on new data and implement them in new scenarios and cases. This means that your security algorithms will be constantly improved and respond quickly to new threats.
While AI often does require some human supervision, it can work in concert with human agents to help include more data points that inform the decision-making process, making inferences that might otherwise not be imagined.
Let’s look at more specific cases of how the introduction of artificial intelligence can affect the effectiveness of the security system of fintech companies.
Fraud Prevention
The fraud detection process in a fintech company can become much easier thanks to the ability of AI algorithms to process data quickly and efficiently. Machines can run 24/7 without interruption, performing repeated tasks to detect threats such as suspicious logins, identity theft, or fraudulent transactions and react in a timely manner. Also, unlike the rule-based approach, the application of machine learning allows you to discover new correlations between customer behavior and potential fraud activity.
There are several approaches to achieving this. For example, anomaly detection is based on dividing data into two groups: normal and potentially fraudulent. When a transaction deviates from the normal behavior of the dataset, it can be considered potentially fraudulent, and the algorithm must learn to detect such transactions and respond to them. For example, the system might ask the user to go through additional verification steps if the activity seems suspicious.
Another way to apply AI-based fraud prevention is a supervised learning approach where the model is trained on labeled historical data indicating fraud cases and learns to predict and block such cases in the future. This method is often used to detect credit card fraud since banks already have databases of possible fraud patterns based on past transactions. However, you should keep in mind that for the best performance, a company must have enough data about fraudulent transactions to train the model. Otherwise, the system will not be able to provide quality results.
The list of approaches is not limited to the above-mentioned options. The choice of a particular algorithm depends on the available data, the goals of the project, the specifics of the IT infrastructure, and other factors. That is why it is so important to work with an experienced development team capable of assessing all project risks and finding the most effective solution.
Transactions Monitoring
With the growth of digital transactions in recent years, the costs of monitoring transactions are increasing dramatically. AI can help reduce operational costs by automating the process of monitoring deposits, withdrawals, and money transfers and blocking any suspicious activity. For fintech companies involved in money transfers, this is also a necessary step to comply with anti-money laundering regulations.
A real-life example of such systems in action is Visa, which, has reported a historic low of less than 0.1% of fraudulent transactions globally since implementing AI as part of many of its solutions. The fraud monitoring system labels transactions as potentially fraudulent based on an internal algorithm and past fraud history. Without any manual intervention on Visa’s behalf, associated banks can create and read claims and disputes on behalf of end users, choosing to either resolve the transaction as legitimate or send it on to Visa for further investigation.
Identity Theft Detection
Identity theft is usually caused by unauthorized access to your financial card or account information. The use of traditional rule-based algorithms to prevent it has a significant drawback due to the fact that attackers only need to bypass the rule once. AI-based systems are more flexible and can detect fraud based on more criteria, such as customer behavior in past transactions, geolocation, IP addresses, and more.
One way fintech companies can add an extra layer to identity verification is through AI-powered biometrics. Facial recognition, iris recognition, fingerprint, or voice recognition allow relying on the identification of user features that are difficult to fake. Additional conditions for users to smile, wink, or nod allow checking the live presence of users to prevent spoof attacks.
For example, British startup IDcheck offers biometric identity and compliance solutions for financial services. The startup combines facial recognition algorithms, liveness checks, and motion analysis to verify customers’ identities. Traditional financial companies are also adopting biometrics technology to secure and improve the user identification process. Banks such as Bank of America, Citi, Wells Fargo and Chase have their own biometric solutions.
However, the implementation of such software has some challenges since the solution runs on user devices that can be hacked. One of the most popular ways to overcome this issue, which is used by financial companies, is to forbid the application from running on rooted and jailbroken phones.
Although cloud-based phones may seem as though they are safer to use, it is worth noting that cloud phone systems are at just as much of a security risk as regular phones.
Where to Start Implementing AI into a Security System
To successfully implement AI into your existing system, you first need to define the system’s scope and your unique business needs. Understanding your present capabilities (such as legacy modules that might need to be ported to more modern systems) helps a great deal in planning for an effective transition. Existing databases and raw data may need to be entirely re-configured so that AI can process and make use of the data.
The AI implementation process consists of the following steps:
- Discovery Phase – identifying the specific goals of the project, which business problem should be solved, and how to achieve it
- Data Collection Stage – verification of available data or generation of data necessary to achieve project goals from additional resources (open-source data, collection with a simpler product, scraping, etc.)
- PoC Development Stage helps to confirm the feasibility of the idea, identify limitations and determine the level of accuracy of the AI model.
- New interaction of PoC with further improvements or implementation of the module into the product if the first PoC met all the project requirements.
On top of all this, you’ll need to hire experienced developers to implement AI/ML into your existing toolchain properly. Each project has its characteristics and limitations, which require a deep understanding of implementing AI technology for different tasks. With the help of AI experts, you will significantly reduce the costs associated with the AI implementation process and achieve your business goals with less effort.
This article was originally published on December 5, 2022