Financial Fraud Detection is the Key to Safety
Fraud and scams are everywhere, and it’s essential to remain alert. Scammers and criminals are exploiting new technology to trick us and steal our money, but the faster we can do things with our money, the more opportunities there are for fraud. There are tools out there that can help us as consumers keep our accounts safe. But there’s two sides to the fraud-fighting game. Consumers need to use the tools available to us to protect ourselves. And companies need to get better (and faster) at financial fraud detection.
See Understanding and Avoiding Triangulation Fraud with Soups Ranjan for a complete transcript of the Easy Prey podcast episode.
Soups Ranjan is the CEO and co-founder of Sardine, a venture-backed startup that helps over 350 companies in financial services and online commerce with compliance and fraud detection. On the compliance side, they do identity verification, Know Your Business, and anti-money laundering work. On the fraud side, they work on behavior-based fraud prevention – using information like how you’re typing or swiping and how you hold your phone to figure out if it’s really you logging in. Before Sardine, Soups worked to prevent financial crime and fraud at one of the UK’s largest neobanks and the cryptocurrency trading platform Coinbase. He is a machine learning engineer by training and has spent his twenty-year career using machine learning to fight bad guys.
Even Experts Get Scammed
To the best of his knowledge, Soups has never been a victim of an online scam. But he has gotten caught by one in person. It’s a scam called the Irish Home Scam. In this one, he was approached by a couple of young guys with a pressure-washing machine. They said they had been doing the pavement of the house next door, and they offered to do his driveway, too. Soups agreed. Then they upsold him. He just had to give them some money for the paint, and they’d go get it and paint his fence while they were there. Soups agreed to this, too, and gave them the cash. They never came back.
The moral of the story here is that you should always do a Know Your Business (KYB) check on anyone offering to do work for you. Most of us are aware that we should be doing KYB checks online to see if a company is real and trustworthy. But how many of us think to do that for a contractor working around our homes? It’s a blind spot we often overlook and can leave us vulnerable.
Always do a KYB, or Know Your Business, check on anyone who is offering to do any work for you.
Soups Ranjan
Financial Fraud Detection, Prevention, and Trends
Sardine works with a diverse set of clients, which means they get to see a wide variety of frauds across a wide variety of companies. This has helped them spot some trends in online fraud.
Triangulation Fraud
One of the types of fraud that’s on the rise right now is called “triangulation fraud.” To understand how it works, imagine you want to buy an airline ticket. You get on your favorite search engine, land on a site that looks decent, and purchase your ticket. However, it’s actually a phishing site. What makes it a challenge from a financial fraud detection perspective is that you do actually get your ticket. When you enter your card number, the fraudster takes that information and uses it to buy a real ticket from another site. They deliver you the ticket, but they also add some sort of surcharge or extra fee.
What’s in it for the fraudster? They get your card details and they also have the money from that extra fee. Chances are good you won’t notice the fee. If you do and call the site, they can cancel and refund your ticket on the real website, but they won’t refund the fake fee or surcharge. This type of fraud can be applied to all sorts of online shopping.
Another version works specifically with tickets. You want a ticket to your favorite game, and find someone online selling a $500 ticket for $250. You think you’re getting a good deal, so you buy. What really happens is that the fraudster used a stolen card to buy the $500 ticket and sell it to you. You’ve technically bought stolen goods. But chances are good that you’ll never know – and you’re not motivated to report it as suspicious regardless because you got a good deal.
Contactless Tap-To-Pay Fraud
Another type of fraud on the rise is fraud through contactless tap-to-pay features on cards. If you’re paying with a tap-to-pay-enabled card at a restaurant or store, it’s best to keep the card in your possession at all times. If the shopkeeper takes your card, they could tap it against a second payment terminal and charge you twice. This kind of fraud happens all over the country.
It is becoming increasingly difficult to verify identities of merchants.
Soups Ranjan
If a storekeeper tapped your card on a fake terminal, that means they must have gotten a second terminal from a second processor or bank. Somewhere along the line, someone failed to do a KYB (or, in this case, Know Your Merchant) check to determine they already had a terminal. It may be a while before financial fraud detection kicks in and someone notices there’s something shady happening.
What Sardine Does for Financial Fraud Detection
There are two major things missing in financial fraud detection and protection, which is where Sardine comes in. It’s difficult to verify identities online, especially with deepfake technology. And there’s a huge need for real-time monitoring for financial fraud detection. Most of our systems aren’t built to do things in real time, but with the speed of fraud these days, that’s what we need. Doing things in real time is complicated and requires bringing a lot of data together, but that’s what Sardine specializes in.
Sardine Helps Banks Detect Financial Fraud
Banking specifically is seeing a huge rise in scams. They are adopting real-time payment methods like Zelle and the soon-to-come RTP and FedNow, and the biggest attack vector is shifting from fraud to scams. And there’s a huge variety of them, from romance scams to voice cloning to investment scams and more.
The biggest attack vector is now shifting away from fraud over to scams.
Soups Ranjan
In all of these, the basic tactic is the same. The scammers contact the victim and socially engineer them into sending money somewhere else. Once the money is gone via a fast payment method, it’s just gone, and there’s no recourse for the bank to get it back for them. It’s considered different from fraud because the criminal never got access to the victim’s account – they just tricked them into sending the money.
With the right financial fraud detection technology, though, there are ways that banks can spot these kinds of problems. Using patterns of behavior, algorithms can spot signs of hesitation and uncertainty or warning signs like being on the phone while doing a transaction, taking screenshots or recording the screen, or the presence of a team sharing tool like AnyDesk or TeamViewer that scammers often use to control victims’ screens and make transactions.
Every fraudster has a tell, which means they always slip up, they always make a mistake, and that’s how you catch them.
Soups Ranjan
Sardine builds device intelligence and behavioral biometrics SDKs, which is a long and complicated name for what is basically a small piece of code on a bank’s website or app that can detect these things. If a bank installs this and watches it, they can take steps to spot and prevent scams before they happen.
Escalating Warning Signs
Sardine doesn’t want to be a “black box” like other fraud prevention companies. When they escalate a transaction as potentially fraudulent, they give the reasoning behind the score. Since it works in real time, customers often use those scores as a basis to either approve the transaction, decline the transaction or “step up.” Stepping up adds an additional step of verification into the transaction.
Sardine has their own suite of step-ups that a company could choose to use. Or if a bank has 3D Secure enabled, they can use a 3D Secure verification. Some may ask the customer to upload their driver’s license and take a selfie. Or if the transaction involves a card, they may do “penny drop” transactions where they deposit, then withdraw, a tiny amount of money on the account associated with the card and ask the customer to enter the amount to verify the card.
In reality, step ups shouldn’t have to happen very often. If the financial fraud detection is working well and the machine learning is doing its job, most of the transactions should be easy to approve or deny. It brings a lot of data in to fight fraud, which is a huge benefit. And sometimes it’s just those little pieces of data that can make an impact. Sardine recently launched a tool to match the name of the cardholder with the card number. Most of the time, when you enter your card number, nobody is checking the name. But setting up a system where the name, phone number, and address entered as billing information has to match what’s on file with the card reduces 25%-35% of fraud by itself.
3D Secure for Financial Fraud Protection and Detection
3D Secure is a system used in many places outside the United States, especially in Europe. It’s a system where if a payment processor picks up signs of potential fraud, they send a text message to the phone linked to the bank account the card belongs to. If you’re really using the card, you can approve it easily. If it’s someone trying to use it fraudulently, it will keep the transaction from going through.
In reality, not a lot of people in the United States have a phone number linked to their bank accounts. And most banks don’t give people the option to enroll in 3D Secure. If it’s adopted, it could be an easy way to step up transactions and stop a lot of fraud. Fraud rates in Europe are a lot lower because they’re using 3D Secure.
The challenge for the US is that there are just so many different banks. There are over 4,000 banks in the US, including the small credit unions. And many of the smaller banks and credit unions don’t have the infrastructure or the technical staff to put a lot of those kinds of things in place. But on the other side, there are a lot of great things happening in the industry, and companies like Sardine have started to fill that gap.
Alarming Trends in Scams and Fraud
The big thing Soups is concerned about is how faster payments are just going to help the rise in scams. The UK has had faster payments for much longer than the US, and if you look at the statistics, dollars lost to scams have far surpassed dollars lost to fraud. In the US, we’ve adopted systems like Zelle and Venmo, and other systems like RTP and FedNow are coming. Consumers and businesses can move money faster, and that’s not always a good thing.
When money had to go through the bank, there were cutoff times. The money actually got sent one or two times a day. Banks had time to review transactions before they were completed and flag suspicious ones. With real-time payment systems, once that money is gone, it’s gone. We really have to step up our financial fraud detection game.
Many older banking systems also can’t handle real-time payments. So when banks start adopting tools like RTP and FedNow, they’re going to have to rethink both their payment technology and anti-fraud technology. As the tech gets adopted, faster payment will lead to faster fraud, so we’ll need to stop those in real time. But to stop it in real time, we’ll need new tech. That’s where companies like Sardine can come in and help fight this new, faster fraud.
Faster payment means faster fraud, so we’ve got to stop those in real time.
Soups Ranjan
What Consumers Can Do
It’s hard right now for consumers to understand financial fraud detection measures and what your bank is doing. We might someday see banks advertising that they are different, they’re going to introduce friction and slow you down in the name of safety. Many people, including Soups, would rather bank at a bank that takes fraud more seriously. Soups particularly can’t wait for a feature where you can “lock” your bank account and nobody, not even you, can put money in or take it out until you unlock it.
In the meantime, as consumers we need to be really careful. Watch for red flags of scams and fraud. If you get a text message promising you’ll get rich quickly or you won money, don’t trust it. If you get a text from the IRS saying you owe them or someone else money, don’t trust it. Similarly, when you get emails, don’t trust them. Be vigilant about the source – often you can hover your mouse over the sender and see what the real email address is. Are they sending it from irs.gov or from irsgov.com?
Protect your email like you protect your bank account.
Soups Ranjan
The other thing you can do is take your personal online security very seriously. Use a password manager, don’t share or reuse passwords, set up two-factor authentication on all your bank accounts. Text-message two-factor authentication is better than nothing, but go app-based if you can. Protect your email account just as well as you protect your bank accounts, too – if a criminal gets access to your email, they can reset your bank passwords and you’ll never know. Be vigilant, be prepared, and verify everything.
Learn more about Sardine online at sardine.ai or by following them on Twitter @sardine or on LinkedIn. You can also follow Soups Ranjan personally on Linkedin.
Related Articles
- All
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Networking Basics: Learn How Networks Work
- Online Privacy
- Online Safety
Your Online Order Never Arrived? Here’s What to Do Next
We’re getting into the holiday shopping season, and that means that you’re probably buying at least some…
[Read More]The Ultimate Privacy Gift Guide for 2024
The holidays are rapidly approaching – which means it’s time to think about holiday shopping. If you…
[Read More]How to Identify a Scammer Online: Spotting Digital Deception
Everyone is vulnerable to scams and fraud online, especially if you’re distracted or in a hurry. That…
[Read More]VPN Update: Is it still important to use a VPN?
Using a VPN (Virtual Private Network) when you’re online is still very wise and important and that’s...
[Read More]The “Red Flags” of a Scam Can Alert You to Pending Danger
We’re used to hearing “red flag” conditions. Hopefully, we know they indicate a dangerous situation or risky…
[Read More]Windscribe VPN
Windscribe VPN provides the ultimate privacy, security, and simplicity with an easy-to-use website interface.
[Read More]