Behavioural analysis can help predict cyber fraud

Posted on December 3, 2014 03:24 pm

In East African region, recent cases of cyber fraud, including the hacking of a few bank ATMs that saw the losses of around three million dollars, have raised public concern about our cyber security. Ultimately, security experts have said that cyber security is everyone’s responsibility. While governments, organizations and corporations, especially critical infrastructure like utilities, telecommunications and banking institutions, need to beef up their cyber security measures, consumers also need to keep vigilant and protect themselves from cyber threats. A challenge is that cyber crime evolves too rapidly. Many banks now are using the two-factor authentication device that generates a one-time password for their customers’ online transactions. This is giving consumers an added layer of security, but some cyber criminals have found a way to break even that using what has been dubbed as ‘vishing’ attack. In several cases reported in Europe this year, some criminals used a recorded voice message to call customers and got them to use the device to generate a password and passed to them to get it verified. What they did was to phish earlier for the person’s details to hack into his account, and in one instance at the time of the call they were literally at the computer on the bank account waiting for the password from the person to complete the transaction.

Crucial in the fight against cyber crime is the co-operation between the different stakeholders that include government, financial institutions, organizations and corporations, among others.In East African countries, there is need to build own intelligence on what’s happening in cyber world, who’s perpetrating cyber attacks and from where, as well as the types of attacks so that they can come up with a hotlist or blacklist of the dangerous ‘things’ on cyberspace which they can share with each other to track the culprits and protect themselves. In the past, someone will walk up to the counter to do their transaction and the bank personnel can meet them and get to know them. Now, with online banking, you are physically not there, so it is difficult for the banks to know if it is really you doing the transaction. The only way they can validate you is to look at the data of your banking behaviour time of logon, what you usually do and how you do it. While some banks in the region are using technology that can detect if a customer’s machine has been compromised or infected when they try to conduct an online transaction, many banks are starting to focus on behavioural analysis to protect their customers against cyber attacks. As customers tend to behave in certain ways when interacting and conducting transactions with their bank, it is possible today for banks, with the use of predictive analytics technology, to analyse their behaviour and use the information to better predict fraud ahead of the crime and stop it before it happens.

How this works is that banks can use the programme to read what the normal behaviour of a customer is to build his or her profile.Behavioural analysis data is difficult to crack and will not be of interest to cyber criminals compared to personal data.With cyber crime constantly evolving, this is a good way for banks to stay one step ahead of the cyber crooks.Although the problem of cyber crime is not unique to East African region, it is urgent that they improve their level of fraud detection capability in the banks to fight the threat. There definitely seems to be more targeting of Africa by cyber criminals, especially China, with its growing number of cyber and mobile technology users and with the growing volume of people moving towards Internet banking and the like. At the same time, more cyber crime toolkits are being developed and made easily accessible to the public, making more consumers vulnerable to the threats. In East African countries, banks are a little behind compared to their Western and other developed counterparts in their cyber crime fight effort and security. Contador Harrison experience working with banks and other institutions,is that in territories that are developing rapidly, the banks are more interested in customer acquisition and they see fraud as a cost of doing business.

Contador Harrison