Digital FCU Uses 'Dynamic Account Modeling' in Battle With Fraudsters
That's according to Craig Roy, senior vice president of support services at the $4.5 billion credit union in Marlborough, Mass., where a sophisticated activity modeling solution is part of the array of anti-fraudster solutions put into play.
The FraudMap 2.0 solution from Guardian Analytics of Los Altos, Calif., uses what the company has trademarked as its Dynamic Account Modeling technology to model online behavior session by session, from login to logout, and flag behaviors inconsistent with what would be expected from that individual user.
Then, back at the ranch, a team of 10 employees devote the equivalent of four full-time positions to research and, if necessary, act on the alerts the system generates, Roy said.
Digital FCU has an online penetration rate of about 50% of its 379,000 members logging in at least once a month at www.dcu.org, and with its roots in the high-tech industry, they're generally a tech-savvy group.
But so are those who steal online, "and with increasingly sophisticated tools being used by fraudsters, we really have to always be ramping up in terms of being proactive," Roy said.
He added that "keyloggers and Trojans are currently our biggest problem and, along with social engineering and phishing and those kinds of issues, when you look at the fraud we've had, most is not related to breaches at DCU. It occurs primarily at the individual PC users' level. And while we encourage our members to keep up with their spam blockers and virus protections, there's no way to ensure that that's going to happen. That's why we need to take these kinds of proactive, multichannel approaches."
"There's no overstating how important electronic delivery is to our credit union and to our members, and one thing we did after the FFIEC guidelines on secondary authentication came down was spend a lot of time doing risk assessments while we continued trying to identify ways to protect our members and the credit union from financial loss and damage to our reputation," he said.
As a result, DCU still uses traditional authentication methods but also has added layered security that assesses risk and puts the focus on potentially the most suspicious activities.
"Now, when someone tries to do a wire transfer from home banking, they're presented a series of questions that could not be answered out of wallet, that would not be something likely to come out of public databases," Roy said.
"We don't want our security to be intrusive, but there are times we also have to act. An example might be if a member hadn't let us know in advance that he would be traveling and making transfers and withdrawals. While we may do nothing, we also may reach out to the member in some way, or we may even suspend access to the account if the alert would justify that," he said.
Determinations are made using the Guardian Analytics device's analysis of that member's history of online account behavior, including typically benign actions such as viewing check images and updating contact information.
That's because "any number of things" can add up to a problem that otherwise might go undetected, said the company's vice president of marketing, Craig Priess.
"That also can include the type of machine they use, the frequency with which they use it, their money transfer patterns, the account maintenance things they typically do...all these and many more go into what we describe as the typical behavior of a member," Priess said.
The more deviation there is from those patterns, the higher the suspicion of foul play, and alerts are generated.
"Here's an extreme example," Priess said. "I'm a member of DCU, and all I ever do is log in once a month and check balances, using Internet Explorer on my Windows 2000 machine in Boston through a Comcast account. Then, all of a sudden, I'm logging in five times a day using a Mac running Safari from Iowa using what appears to be an anonymous proxy, and I set up a bunch of ACH transfers."
"We do see that kind of stuff happen."
In fact, Priess said, his customers are reporting a spike in fraud attempts that he attributes primarily to two factors: an ailing economy and "the evolution in tools and techniques that fraudsters have at their disposal."
"It's really a kind of perfect storm for fraud," he said. "You don't have to be as much a technical expert to acquire some malware these days and execute them. It's very easy to attempt fraud now."
Keeping up with every new threat is time consuming and not always possible, and Priess added that while his company's solution does bear some resemblance to competitors in the market, "we do take a different approach."
"Others start with the premise that one knows what a fraud scheme, or a whole universe of them, looks like and writes rules to detect those patterns. That creates a never-ending arms race to keep up," he said.
"Our approach is to stay very focused on the behavior of each individual member, of each online banker user, and to watch for deviations from what to expect from them," Priess said. "That way you don't have to know every iteration of every new attack out there."
Priess said pricing for the Guardian Analytics solution begins at about $35,000 and is based on the number of accounts it's deployed to protect.
While return on investment can be hard to pinpoint on these types of deployments, Roy said he can already point to one specific incident that could have been very costly at his credit union.
"In January we identified a compromise that had a ripple-down effect on a good number of our members, maybe about a hundred accounts," the DCU executive said. "Had we not identified this, we could have exposed several millions of dollars to fraudsters. But with the Guardian tool, not only did we identify the initial problem, we were able to go back and look at other things and identify other potential compromises. It's pretty remarkable."