As the world of financial services accelerates its latency between order, execution and settlement the risks of fraud
and theft are on the increase. Although financial institutions have had systems in place for years to monitor account activity
and to detect possible criminal action, they traditionally have had in house or silo systems to monitor individual payment
channels like card fraud. Now they are looking to implement across enterprise or account based systems, but this still falls
short of providing total customer protection. To date much of the onus of prevention and detection of criminal activity
has ultimately been with the individual rather than the service supplier. For example if a debit card is lost or stolen it’s
been the responsibility of the card owner to report and block further use. In most cases providing the report is made in good
time the supplier will indemnify against the loss. However, failure by the customer to take adequate protection of their accounts
and cards can lead to severe loss. This has been evident most recently with incidents of identity theft where the money is
stolen before the customer has had time to take the own protective measures. Banks have not been reimbursing the customer
and therefore putting the entire onus on the customer to ensure their own protection.
The criminal is now a much smarter animal than in previous years with high degrees
of technical proficiency and a complete understanding of the FS industry and its weak spots. They are often able to steal
the identity of the card holder without the card holder being aware until it is too late. The question that is now being asked
is how the FS supplier can now offer their customers a security package against fraud and theft? This is a vital question
and goes to the heart of the financial services industry and one that a good chunk of current regulatory change is trying
to achieve. It is important for the FS firm that to protect both their clients and their business.
It has to be noted that there are huge regional differences in the UK, which has had
monitoring systems for years, which some of the emerging markets are only now looking at.
The problem of how to secure the assets of the client is growing for the financial
services industry as the increase in remote orders over the web continue to swell and the processing infrastructures harmonise
to gain efficiency and cost reductions. It is not possible to expect the unaware client to shoulder the burden of detecting
or preventing the criminal. The sheer speed of execution and settlement within the financial services market make it an impossibility.
Therefore the accountability has to be taken by the financial services supplier or the finance industry as a whole.
Could there be some form of co-operative insurance fund created that is paid for by
the global financial services industry to pay out to clients against any proven failures of the industry to protect the accounts
and assets of the client? It may be possible to insure such a fund against the increase in numbers and size of criminal success.
This type of solution would be popular with the world’s financial customers and may be overall, a cheaper solution to
investing in any number of systems within every financial services supplier. The financial services criminal insurance fund
could be based on the Lloyds of London principle, where the global finance industry would be able to gain statistical evidence
of the scale of the problem and take out their own particular insurance against increased premiums. This may be a utopian
and fanciful notion and highly unlikely to be implemented as most of the global finance industry is not united on the extent
of the criminal problem or their own liability to protect their clients, let alone their own business.
That idea aside, a more likely and obvious solution is with a heavy investment in
new technology by financial service suppliers, to begin to tackle the dilemma before the customers begin to lose confidence
in the suppliers’ ability to protect their accounts and assets. It is here that ACI are leading the way and producing
technology that should be at the forefront of strategic planning for all types of financial service supplier. It does not
matter if the service supplied is a debit/credit card, retail banking or fund management and broking it is evident that if
there is a electronic account to be attacked today’s criminal has the knowledge and capability to cause catastrophic
damage.
ACI has gone the extra half mile and produced a number of different systems functionality
that combined produce one of the best criminal defence mechanisms in the market today. ACI answer the industry problem by
offering an end to end risk solution across the payments network. They call this integrated risk management, where they
have systems to manage risk across the payments lifecycle.
With the latest European regulations putting enormous emphasis on ‘know your
client’ (KYC) account opening, which is taking profiling down to another couple of detailed notches, the financial services
firm today is in dire need of technological assistance. Indeed the KYC requirements may be further enhanced if banks utilise
the services of professional profilers much as the various legal agencies do?
Once the KYC information is captured there still needs a degree of verification to
ensure the correct profile information of the customer is kept on the database. After all from this base information the appropriateness
and suitability of the client is going to be set.
If the base information profile is set the next step is to produce a life style picture
of the customer and this is where ACI has come up with the neural profile concept. This concept can only be created over a
period of time as the customer habits are logged and his life style picture emerges and where variations or unusual activity
will indicate a possible intervention by a criminal.
There is little doubt that these neural picture profiles once stored into a database
will be an excellent tool to eventually produce the ultimate security for the customer and their supplier. However, when does
the protection of the individuals interests move into an intrusion of the human’s right to privacy and maintenance of
their own individuality? Is the cure worse than the illness? Is the ultimate prevention for the good of the consumer a total
infringement on their right to remain outside of a system or database?
ACI are right to present the potentially ultimate technology solution and there is
sure to be much interest from the financial services community to utilise such imaginative systems to solve regulatory and
legal burdens, that are increasing, but any total solution may hit snags when challenged by human rights groups. As the debate
continues on identity theft prevention and the arguments rage between human rights and the industry’s’ need to
protect the customer and their businesses, its certainly going to be ingenious software firms like ACI that will eventually
be key to the answer.
By Gary Wright
