For all that digital finance affords banks and their customers—an enhanced experience, the ability to conduct financial transactions across channels, and the real-time delivery of hyper-personalized products tailored to specific customer needs—its downside is the unprecedented acceleration of fraud created by generative artificial intelligence (GenAI). In fact, synthetic identity fraud is projected to account for at least $23 billion in annual losses by 2030.
This has created an urgency for banks to develop new systems that detect and prevent these increasingly sophisticated schemes – prioritizing identity-based fraud prevention and AI- and machine learning-powered tools.
Gasan Awad, SVP, Fraud Director, Enterprise Fraud Product Management at PNC Bank, Chris Briggs, Chief Product Officer at Mitek and Jay Leal, CIO at Vantage Bank discuss how network analytics, GenAI modeling and biometric technology are expected to have a significant impact on detecting and preventing digital fraud.
Topics discussed include:
- The growing frequency and increasing sophistication of the various types of digital fraud
- What technologies are empowering fraudsters and where the greatest impacts will be felt
- A deep dive on the influence of GenAI and how it's leveraged to create convincing deepfakes
- How banks can create a security culture that relies on adaptability and collaboration
- The roadmap needed to implement AI-driven tools, biometrics and analytics to combat fraud
Transcription:
Transcripts are generated using a combination of speech recognition software and human transcribers, and may contain errors. Please check the corresponding audio for the authoritative record.
Penny Crosman (00:20):
Welcome to Leaders. I'm Penny Crosman, technology editor at American Banker. Fraud instances have been growing every year and the amount that banks spend on fraud has been rising every year at the same time. In a recent survey, American Banker conducted 61% of bankers said they're not confident in their company's ability to combat fraud. We are here with an expert panel. We have Jay Leal, who is Chief Information Officer at Vantage Bank in San Antonio, Texas. It's got about 5 billion of assets with Chris Briggs, who is chief Product Officer at Miek, which is a company that provides document capture for check capture, for capturing identity documents and software around that. And we have Gasan Awad, who is enterprise fraud product management head at PNC Bank in Pittsburgh. So thank you all for joining us. Gusan is also a fraud junkie. So let's start with this. What are the three types of fraud or scams that you are all seeing most or most worried about, or are causing the most damage, whichever seems most important to you. Let's start with you, gusan.
Gasan Awad (01:41):
Great question. I think when I think of what's pressing today first party fraud or what you would call where the actual consumers involved, citizen fraud, you may hear about it, I think is a challenge not only at account opening when they're starting to come in through the front door, but also when they're in your bank or institution because of things around dispute, chargebacks, abuse, transactional fraud. So something that we're trying to continuously battling. The other thing that I would say, it's hard to believe, we've been talking about the death of checks. Checks are still challenging the industry. If you look at some of the stats year over year, check fraud, losses are up still something we're looking at and trying to battle. And then I do think scams, and I say scams across the board, employment scams, romance scams, charity scams, pig butchering, you could list everything there. And I think the challenge there, it's a human nature problem because people are actually taking advantage of vulnerabilities from a human perspective and it makes it very hard to detect. So those are some of the things I would say pressing. And then around the corner you'll see things that are emerging around deep fakes and things of that nature, but we'll talk, but those are at least in a concise manner, what we're dealing with on a daily basis.
Chris Briggs (03:11):
Yeah, I mean, I would agree with you that scams is really a hard problem for us to deal with as well, because you actually don't know whether that person is who they say they are at all. And even if they are, they likely could be who they say they are, but acting on behalf of someone else. So it's really hard when you start to think about how do I prove that this person is doing something that they intend to do or want to do on their own? They're not under duress, and you can actually identify that as some type of trend inside of the financials or what they're charging or how they're charging or where they're going. That's right.
Jay Leal (03:45):
Yeah, I would agree with that. The scams are our biggest concern, advantage. I think that that includes Cato account takeover fraud. We see a lot of folks that are in businesses that are falling victim to people stealing credentials or using some fraud in some way to gain access to their accounts. And then going back to your point, making sure that we have the metrics and the information to determine if this is actually the customer doing the transaction or is somebody doing it under duress or under false pretenses. Yeah, it happens all the time. Every
Chris Briggs (04:24):
Time.
Jay Leal (04:24):
More than we'd like to admit, I think
Chris Briggs (04:26):
Zach.
Jay Leal (04:27):
Yeah.
Penny Crosman (04:27):
So data and analytics are obviously one sort of weapon that banks use. Try to analyze all this activity and figure out what's legitimate, what's fraud, what are some of the things you are thinking about doing in this area? Are there new kinds of data, new kinds of analytics that can be brought to bear to more precisely identify what's sketchy and what's not?
Chris Briggs (04:50):
For us, we typically are looking at, I like to describe it, what's old as new. You used to walk down the street and you would look at Joe or you would look at Jane and you would say, oh, I know Joe or I know Jane. But in the digital world, you have to treat people in a very different way. You don't necessarily know them. So you have to try and collected the data assets that allows you to be able to understand who they are and why they're doing something in general. So that means if I'm looking at credit card fraud, do they shop in a specific location? Are they far from their home? Had they put two credit card transactions at different places that hit two IP addresses within a very short period of time, and maybe it's not an authorized user on the account, or maybe it's something else that's happening.
(05:34):
And then using that data to be able to create as these guys will attest to fraud scores or some other type of metric that allows you to be able to judge what's the relative risk to this credit card. If it's $2 and I'm paying for a toll as I'm going through the subway, is it that big of a deal? But if I'm buying a $1,500 MacBook, then maybe I need to stop and take a different track on that being outside of sort of this normal, what I'm expecting from an individual. So a lot is about velocity, A lot is about transactions and a lot is about consumer behavior.
Penny Crosman (06:10):
Now, often a bank only sees so much they see the accounts that this customer has with them. They might have a little bit of visibility into other things, but they're not seeing the accounts the person has elsewhere. They're also not seeing if somebody has stolen an identity, they're not seeing that they're using that identity at six other banks and a mortgage company and telecom company. How can banks have better visibility into everything a person or a stolen identity is doing?
Gasan Awad (06:46):
I think that's a very good question and one that everyone's still trying to figure out because when you're talking about something like that, about seeing activity outside your own four walls, starting to get into data sharing consortiums, what can you do now within your own four walls? You need to break down silos. So not only are you seeing this activity in credit card, debit card mortgage everywhere in your business, small business commercial, but then if you talk about broader, are there things that you're doing at an industry level through associations or certain vendors? And really the game here with this is how many signals can you get and how early can you get the signals? And while we also talk about all of this for fraud purposes, and that's a big deal, let's catch the bad guys. Let's remind ourselves the bad guys are 2% of the problem, the other real reason for these signals and the power behind ai.
(07:46):
And looking at the data even beyond your four walls, how can you reduce the friction? How can you make this a smoother process for the 98% of the good customers? And at the end of the day, we're all here in business to keep our good customers happy. So I think even though we're talking about fraud, it's two sides of the same coin. You got to be able to do the fraud piece and making sure that you're driving and optimizing transactions, customer experience, revenue for you. And I think when you talk about the information sharing or the data sharing, at the end of the day in fraud, our business, we have a common enemy. We got to knock out the bad actors as quickly as we can. So I think that's why you're going to see a little bit more what I think a shift to people being more willing to do this. We have a ways to go. We don't see some of the schemes or the collaboration that you may see in some countries like Australia and the uk, but I think it's coming and there's an appetite to do more here.
Penny Crosman (08:49):
Jay, what do you think about that challenge of trying to strengthen your defenses without making online banking or mobile banking too difficult with too many authentication layers or too many hurdles to go over?
Jay Leal (09:05):
Well, I think that you do have to balance security against the customer experience. We were talking about that earlier, that we want to make sure that the experience that the customer has doesn't penalize them for making use of the security tools. We want to incentivize it. I know we recently had an experience where we rolled out some new digital banking tools that featured some enhanced security technology. And we talked about, oh, well, we can do passwordless, do device authentication and see better patterns of fraud if we roll out this technology. And we had some business owners and unit owners saying, Hey, yeah, but I want a token. I want a physical token. What we've always used, I'm accustomed to getting the one-time use token on my phone. That's the expectation. And so a lot of that is talking to those business owners and saying, Hey, this is what you, you're getting, you're getting a better experience. You're getting stronger fraud controls. And so it's constantly educating customers about how the circumstances are changing, how we're not the same fraud that happened years ago. With the advent of ai, things are getting easier for these fraudsters to scale their scams to a larger front. And so we have to constantly innovate and adapt and change to respond to that.
Penny Crosman (10:36):
And you have to deal with people who have different expectations. Because we were talking earlier about there are older people who don't necessarily want to take a selfie during a transaction or go through other kinds of ramifications. I just want to go back to what Gasan said about first party fraud being looming large these days. And what do you guys think in terms of how do you distinguish between somebody who legitimately buys something and then maybe they don't recognize the merchant name on the transaction or they legitimately forgot they bought it, or maybe is a victim of a scam versus somebody who's deliberately playing you and buying things and then pretending that they didn't intend to. How do you determine malicious intent in those cases?
Chris Briggs (11:31):
How do you guys do it? There's a secret sauce, right?
Gasan Awad (11:34):
No, I think some of that though is you have to have the right engagement when you think of investigations and when you're engaging with the customer, and I would say this in a couple places. One, there's some things around behavioral analytics modeling that might help, and you have to do a little trial and error. You're learning. But I also think this is where the human loop is important. You are going to have to have conversations with some of these people. And let's face it, you said willing or unwilling, sometimes the unwilling people when you're talking to them and to really understand that they've been fraudulently abused or taken advantage of, some of that can't be done through an algorithm. It can't be done through a model. Some things you can, but then I think there's, when you say you're being taken advantage of, is it repeat behavior?
(12:29):
Are you seeing certain information that's always tied to it? There are signals that you can look for, and I think we do, but I do want to make sure on that one where I think our investigators do a heck of a job when they're talking to people and bringing it up. Also, you said educating. You can't do this in a vacuum with just the fraud team. How are you educating your customer service reps on the front end? How are you helping the disputes, chargebacks teams? And I think that collaboration is another thing that you say, how do you get there? You do that through some secret sauce, and that's really the secret sauce is the corroboration across the universe. And you're going to learn, you might have to take the first punch or two, but then how are you closing that gap moving forward is important.
Chris Briggs (13:15):
It's also embarrassing for a consumer to admit it, right? Oh, I got scammed. Oh, we hear stories all the time. I thought my mom thought that we had one the other day. She was like, my mom thought that I had been arrested. I need bail money. Can you go get some money and hand it to this guy that's going to drive up and take your bag of gift cards? I mean, it sounds ridiculous, but that stuff happens all the time. And then afterwards, what people will say is, wow, I'm embarrassed that I did that. I'm sorry. And so there's this element of having to admit it as well, both to yourself as well as someone from the bank that calls you up and said, Hey, what happened here? Right. Yeah, exactly. It's tough.
Jay Leal (13:56):
Well, and following up on that, in some instances, the consumers expect that the bank should have better controls to stop them from being victimized from these fraudsters. And it's so hard for banks to figure out what is legitimate activity when there's scammers involved. And so we do have to use analytics to see patterns and trends to get a better resolution for our customers because they may not like that we deny transaction because we suspect there's fraud, but we're trying to prevent these scammers from taking their money.
Penny Crosman (14:38):
Do you need some training or collaboration with the branch people for these cases? So if somebody comes in with a bag of gift cards or a box of cash, a branch person might say, hang on here. What exactly is going on here? And it's not a high tech solution, but
Gasan Awad (14:55):
I think the collaborations across the board, it's a branch for sure. And then the other thing that we have to remember, how can you deputize as many people as you can in this fight? So what we mean by that is how are you educating your communities, your clients? There's things that all financial institutions can be doing around be on the lookout, or hey, during the holidays, remind everyone there's going to be some heightened attention around this during certain times of the year. So I think that's something that I see a lot of the financial institutions doing a lot better job of. But how do we continue to do that? We can say we're training all our folks at the branch within our operations group, but the more people you can get on this to know what's right or wrong, I think that helps the whole ecosystem.
Chris Briggs (15:41):
Even us.
Gasan Awad (15:42):
Yes. Right.
Chris Briggs (15:43):
Yeah. I mean, we talk to our families about it. I don't know if you guys do, but sitting at Christmas dinner and everybody's like, should I send a chat for my reps or should I actually do something that has to do with the mortgage? So it's pervasive and it does require a lot of education and some broad-based understanding.
Jay Leal (16:00):
And I think advantage, we've got a very strong culture around security, cybersecurity and education. So our fraud team, our financial crimes team and our cybersecurity teams are constantly sending out information to everybody, the branches, back office people saying, Hey, these are the patterns that we're seeing. These are the scams that we're seeing. And so I think that you have to do that to make sure that everybody's prepared for what's happening in the fraud industry
Penny Crosman (16:34):
And where do you get those updates from the FBI or from other bankers or from,
Jay Leal (16:39):
It comes from different places. So there are threat feeds that our cyber team receives and can enable directly into our tools. Our fraud team has a partnership with different folks. When you talk about BSA, those folks all collaborate with each other and can share some of those worldwide scams that are happening, but it's really about being engaged and being connected to other bankers, especially in your markets, to make sure that you are able to share and you're able to call people up and say, Hey, I'm seeing this. This came from your bank, this came from something. Do you have any insights that you can share? So it is about relationship building too.
Chris Briggs (17:23):
Yeah, for sure. One of the problems though that you guys both probably find at least is what I've heard is you're sort of a drop in an ocean. So if you had one of the banks that we were recently talking to basically said, if you took all the communications that we had to all of our customers on an annualized basis, their total communications outside of what we're sending to them are a hundred x from scammers, a hundred x. So if you think about they're only going to see one of every 99, I mean, how are they even going to be able to ascertain that what's coming from you is even real? So then there's this issue that you have to deal with of is this real or not real as well, particularly when you're moving from physical to digital. And that's tough.
Penny Crosman (18:10):
Good point. I've spoken with some Zelle fraud customers, and it often starts with a text or a call that looks like it's from your bank, it's got the right phone number, the right caller id, it's got that right? For sure go everything. And then banks will say, well, we'll never email you for this. We'll never text you for that. But then what will they do?
Chris Briggs (18:33):
Banks
Penny Crosman (18:34):
Do reach out.
Chris Briggs (18:34):
How do you get to me? I'm blocking every phone call, but I don't know. Right? So how are they going to call me?
Gasan Awad (18:40):
I think that's been one of the biggest things with ai. We talk about it here. It's a tool that we've always used and are going to continue to use, but now it's become readily available, relatively inexpensive for the fraudsters to use. And I think what you're seeing when you bring up the example you did, Chris, it's you're talking about fraudsters at an industrialized scale and these type of attacks, now you're talking about farms. When they do this on the scam side, fishing, impersonations, I think it's going to continue to explode. But I do think that is one of the challenges when we say that is, Hey, this isn't slowing down anytime soon. And if anything, we'll probably speed up and get even more sophisticated because some of the red flags we used to look at, like grammatically errors, spelling errors, you have the wrong bank or the wrong email. It's become so good. And then the IDs that they can create, the synthetic identities that they can create, that's where the challenge of the AI thing is becoming really at the forefront and why we have to start thinking about, Hey, what are you doing about it? And we can't just say battle AI with ai, it's part of the solution, but you got to have other layers and other strategies in combination to really be able to do this successful.
Chris Briggs (20:01):
Think about how many have people have gotten the tag scam. I guarantee you everybody that I know that lives on the east coast has gotten one of those scam emails or scam texts, only a few people have to click it. And the fraudsters being successful,
Jay Leal (20:20):
I think people also need to put it into perspective. We've got different roles in our organization. Our bank has many business functions that we have to do. These fraudsters have set up a business model where their entire job is committing fraud. And so they are working to perfect it, just like we work at perfecting the things that we do on a day-to-day basis. And so they figure out what works, what doesn't work, and they adapt and shift their models. And AI is really accelerating that because they can pivot quickly and scale quickly. And
Chris Briggs (20:54):
They're not regulated. And they're not
Jay Leal (20:56):
Regulated, let's be honest, critical.
Chris Briggs (20:57):
Hey, you have to play by the rules.
Jay Leal (21:00):
They
Chris Briggs (21:00):
Don't. That's right. That's right. I know that sounds very trite, but it's true. They don't have model governance they have to go through, which is a thing that we all have to work with for the benefit of the consumer. But the flip side is that the bad guys don't, right? And it makes it easier.
Penny Crosman (21:15):
So what are some of the biggest internal challenges for you in trying to keep up with this? Is it budget constraints? Is it maybe challenges with getting the right data from the right external from your peers or from other sources? Is it keeping up to date, having the right machine learning or the right AI models to analyze it? What are some of the things, or is it people on the business line don't necessarily want you to make life harder for the customers? What are some of the things that come up for you that make this a harder challenge?
Jay Leal (21:53):
I would say that for us, having access to the data, as much data as we would like, we're on the larger side of being a community bank, but just having access to the data points to be able to do our own analysis is a challenge. I can't imagine what it's like for a much smaller community bank to do this. So then they're relying on partners like MI Tech and others to do this work for them so they're left without that data and that information. So for us, we want to take more ownership of that so that we can relate that to data that we have from our other business units and collaborate and correlate this information between them.
Chris Briggs (22:41):
Let me pick up on something that you were just saying, Jay, this idea of data and it's data, but it's the right kind of data because keep in mind you've got a bunch of fraudsters that are industrializing the fraud. So I'm out there and I'm pummeling your website, or I have a bunch of people sending you texts. You don't even really know many times what the right data signal is A and B with ai, you're seeing how that's changing over time. It could be a in one scenario, B in another scenario, it could be actually off the wall in another scenario and something completely different. So I think it's a combination of having data, the right data at the right time, but being able to ascertain whether that data is proving that someone is acting either abnormally or in a nefarious way that actually constitutes some type of fraud changing.
Gasan Awad (23:33):
I think the data thing is definitely at the top, and not only is it changing, but do you have the governance to actually monitor and say, what can you use it for? When is it explainable? Is it not in a black box? Are you not being biased in the decisions? And then when you do get new signals, how are you adjusting for that? I think that and the model governance are one. I do think also how do you collaborate across your teams? Sometimes you try to bite this AI problem. AI is a big thing. Which part of ai? What are you going to do? Pick use cases first. And I think one of the challenges sometimes people have, they try to boil the ocean. I think it's more of like, Hey, pick a couple spots, learn, evolve, expand. There's going to be lessons learned. You don't get this right out of the gate all the time. I always tell people, you have skin, knees, right? Because you're going to fall down a couple times. But I think being able to really get that rhythm where you're testing, innovating, as you were saying, and learning is important, and it's not always the same risk appetite for every customer or every bank or every FinTech. There's a little bit of a different approach. And I think that's something you got to figure out your appetite and your pace too as well,
Chris Briggs (24:55):
And the risk as well. Absolutely. Because each financial institution, each organization is going to have a different appetite for risk and not just sort of financial institutions, but you got to think everybody that has consumers in any type of transaction, any type of retail transaction, whether you're picking up an Uber or whether you're going down the street and buying something at Best Buy on the corner, whatever it is, the fact of the matter is that each one of these organizations will have a different risk appetite. So you have to adjust what's my data? Then? How do I adjust that to what I'm seeing from a fraud perspective?
Gasan Awad (25:27):
And Penny, you mentioned what other things? I think investment is a key portion of it. And sometimes in the fraud world, it isn't like we have unlimited budgets. And I think that's important where if you think of a use case that you can partner with, the operations teams, partner with customer service, partner with chargebacks, and can you actually do more together? It's one thing that as you constantly think of the business cases, because you can't do this for free and it's a great investment, but there's got to be a return on it. And if you can get more people to the pie or more people to the party, I think it's an easier conversation that you can have with the teams. Yeah,
Jay Leal (26:07):
I think that makes a lot of sense because if you try and approach it the other way where you say, well, we're not experiencing fraud losses in this area, so we don't need to make an investment here. I don't see why we've got to do this. And you've wait until you have that event, it's too late. So partnering up with different operational areas and combining the opportunity to strengthen security or bring in additional data analytics together with delivering something meaningful to your customer is the way to go.
Penny Crosman (26:41):
Is that because sometimes it looks like credit losses because you don't realize it was fraud. You just think somebody didn't pay off their balance.
Jay Leal (26:51):
I know that in some instances, people see classify credit losses or losses as credit losses rather than the result of synthetic fraud or identity theft. But I think it's really around providing value because people are looking at the return on investment, what's the return on investment on these fraud tools? And that's hard to say sometimes, like, oh yeah, this tool saved us a gajillion dollars. Well, theoretically
Chris Briggs (27:24):
It's hard to say We kept 10 guys from getting in the bank yesterday. Right? Right,
Jay Leal (27:28):
Exactly right. And so being able to leverage that together with delivering value to another business unit is really,
Gasan Awad (27:36):
Value is the key word. We say positive outcomes a lot of times. And yes, here we do want to say fraud. The other reason you're partnering, you can say two other things. And I think one of them is efficiency, and are you actually being able to do some of this work at a very optimal manner where you can scale differently? So all of a sudden you have 10 people doing a thousand accounts, now you can have 10 people do 2000 accounts and you're growing the business. So anytime you can show that kind of impact, that's good. The other thing that I think about too is around how do you amplify your human capital? I can think about our most important resources, our people, we can't have armies, but can you get rid of some of the tedious, I have to go attach something, I have to go get this data. How about automating that and letting the people really be smart and investigate the emerging trends, investigate the harder cases, and be able to really get some progress there. I think those are the other things. When you're building the business case, yes, the fraud loss is important, but making people understand the efficiency, the scale, and the amplification of your human capital is not a bad thing to
Chris Briggs (28:52):
Solve. And don't you think that that's sort of where you guys use AI to fight ai?
Gasan Awad (28:58):
A hundred percent,
Chris Briggs (28:58):
Right?
Gasan Awad (28:59):
A hundred percent.
Chris Briggs (29:00):
You can take that human capital and you can amplify it by thinking about, Hey, if I can use AI to accomplish these 10 things and I can worry about these three things, then all of a sudden you can scale in the same way. To your point though, it requires working through a process, having a business case, educating your staff and your team and making sure that they're ready and prepared. That's right. Yeah.
Penny Crosman (29:21):
What are some of the things that AI is really good at in this work? Is it gathering the data and pulling it together for human to review that kind of thing? Or how much can the AI do for the human?
Gasan Awad (29:36):
I think there's use cases that you can look at. Obviously pulling an automating certain things around that is a critical piece. I also even think prioritizing the work. Think about when you get a thousand accounts in a queue. Well, what if the most important accounts number 840, can the AI move eight 40 to number one so that you're working at the quickest and giving you the option as you're setting it up? Was that most important because it has the most open to buy and you don't want to lose that? Or was it the most important because it's a million dollar transaction and not a $5 transaction? Those are some of the things that I think you can build in, and that's what makes it a lot better. We're even seeing things where now it can recommend the best rules. So sometimes when you're sitting there and doing champion and challenger and trying to figure it out, maybe you get a little headstart because it's being able to tell you, Hey, here are some of the optimal strategies that would get you the best return in terms of false positives, dollars saved and other criteria. But I think those are some of the things that we see the real wins come in at. Alright,
Penny Crosman (30:46):
So I want to talk about deepfake. Oh, sorry, want to,
Chris Briggs (30:49):
I was just going to say we kind of bucket that into what we call the catchphrases agen. So basically you're taking something that's going to be executed in a certain path and you basically say, okay, I'm going to automate that path. So that typically is where you see it. To your point about rules, what we're actually seeing is that it can actually be used to be able to detect DeepFakes to detect different types of AI that's being applied in different ways. You're seeing more and more template driven attacks. So people coming in and they'll pick up something from over here, they'll find a picture from over here, they'll inject it into a transaction over here that can be increasingly automated as well as the next evolution. So it really is sort of this almost call it an arms race of sorts, where basically you're taking this element of AI and you're using it to combat what's already in the marketplace that you know is hitting your front door, is what you talked about.
Penny Crosman (31:46):
Alright, so I want to ask you about deep fakes. I don't know if you guys saw Sam Altman's interview with Mickey Bowman this week in Washington DC. He said he is terrified about how generative artificial intelligence can be leveraged to impersonate people. He said, apparently there are still some financial institutions that accept the voice prompt as authentication to move a lot of money. This is a crazy thing to still be doing. I'm very nervous that we have an impending, significant impending fraud crisis. To what extent do you guys agree or disagree with that statement?
Jay Leal (32:21):
I agree. I think that the tools are going to get cheaper and faster and easier to use. And these fraudsters have these marketplaces where they can share successes and sell things. They can sell prompts and they can sell tools. And so I do think that it is going to get worsened to that specific comment about voice authentication. That's something that we've talked about internally too, and we're like, yeah, that's not going to work for us at all because of AI being able to replicate a voice. And so that's something that as we make decisions about future investments and future tools that we're going to employ, we do look at stuff like this and say, can AI beat this? Is AI is this tool that we're going to implement already obsolete because of the things that AI can do? So yes, I agree that we've got to develop better defenses around being able to combat this type of fraud.
Gasan Awad (33:25):
So Jay, I mean, I think you're spot on and I think the comment is, Hey, we're going to see more deep fakes, right? And not only is it a fraud issue, it's a reputational issue. Imagine your CEO, certain high ranking officials in your institutions impersonating or calling out to clients or employees to do things. But I think the one thing is, I don't believe anyone's going to say, Hey, it's just the voice prompt. That is the tool that I'm using. And I think most fraud operation folks, and most of us that are in this professional tell you, that's why you have defense in depth. That's why you want to be able to look at multiple signals before you make a decision. And I think that's going to be the challenge, is how are you combining those things to mitigate the risk? I don't think there's a silver bullet out there, and I don't think AI or the voice piece on its own can do it, but I think in combination with some of the other tools, other technologies we have, that's really the way you're going to beat it. So is it behavioral? Do you understand the IP that it came from? Do you understand the IVR usage patterns plus some of the other things around maybe a biometric or some of the deepfake technologies?
Chris Briggs (34:44):
It is a bit overstated though. I mean, let's be honest, it's not going to happen tomorrow. But I think it's a metaphor, right? If you think about it, a metaphor for where the market's going, where people can be impersonated, sort of living in sort of this alternative universe where all of a sudden almost in sci-fi fashion, I can be someone that I'm not, it's clear that that will become more of the, it's not an if it's a win when you can take on different types of roles and types of transactions. And let's be honest, it's hard for many organizations, ours and banks and many organizations to keep up with that. But the flip side is, is that in many cases, the fraudsters are also going to go for the lowest common denominator in a transaction. They're going to use maybe something that is a little bit more advanced. They may go for a high value fraud, but the opportunity for them to go out and perpetrate fraud is still, quite honestly probably walking into a retail branch and taking a forged check and just cashing it. Now, that will change over time. That will change.
Penny Crosman (35:46):
Yeah. I wanted to circle back to that because one of you brought up that check fraud is still a huge issue. So what are the modern answers to check fraud? I mean, you used to have people analyzing checks
Chris Briggs (35:59):
And there's still a lot people analyzing checks
Penny Crosman (36:01):
Because I guess it's mainly people stealing checks out of mailboxes and then altering the information on the checks.
Chris Briggs (36:09):
Two ways we'll see that. So they alter information or whitewash check because they just want the stock or it's relatively cheap for them to take the information that's on the check. Not that I'm encouraging fraud and create a driver's license off of it so that they basically can walk into a branch and just cash it. The bank branch in many cases would be able to look at a driver's license, but they probably have a little book in the back and they pull out the book and they're like, oh, it's somebody from Oklahoma. Unless there's a policy that says we don't basically deposit out of state checks or use out state identification, which could be a way that you're doing it. But the simple fact of the matter is a lot of this is just super block and tackle fraud is what we're saying. I'm not saying that defects aren't a problem, they're a huge problem and they're growing faster, but there's still a lot of very, very basic fraud because it's easy. You don't catch it till it's too late and it's after the fact. So yeah, check fraud, we're seeing a lot of it. And the values are going up. Treasury fraud checks are ones that people try and cash all the time.
Jay Leal (37:14):
Well, and a story that I frequently tell my coworkers at the bank is the majority of the fraud that we're going to see is not like the Hollywood movie type of thing where there's a guy pounding on his keyboard for a few seconds. It's not exactly right. Oh my gosh, I'm in into the network and breaking in the firewall. It's a lot of this, the human element is really the area where we're most vulnerable. And so yes, I think checks scams are still there, still prevalent. I think the scams are really the part where we're most vulnerable because people generally trust and these fraudsters come up with these really great stories to tell and are able to people into giving up information, delivering money, whatever their goal is. And that is always going to be the most weakest link in the layered security that we all have for our accounts.
Penny Crosman (38:21):
So when you think about check fraud and scams, what are the best offenses for check fraud specifically? What's the most efficient, effective way of catching net?
Chris Briggs (38:37):
So there are different products in the marketplace that allow you to be able to tackle it. There are a number of different vendors that actually allow you to be able to say, Hey, I've seen this check before, or I've seen this person before. So if you look at how you're reviewing the checks, whether you are looking at the ability to be able to clear it or the ability to even be able to take it, there are for example, ways that you can say, Hey, is this ID reel? Is the check reel is on the right check stock? Has someone else seen this before? We can put it into a consortia based product and basically say, has someone else seen this before? Not just us from a financial institution's perspective. And then beyond that, then you can start to use third party services like Gasan was mentioning, where you're actually taking and tracing some of the information that's on the check and checking to make sure or reviewing to make sure that it's legit. So if someone is whitewashed a check, you can check the maker line that's sitting at the bottom. You can check the bank account, you can run against an a b check to make sure that it's the right account. That person has an account. You can run a KIB or KYC check to make sure that if Chris is one of the people that are on the account that is listed at the financial institution, that I have the right to either cash a check or write a check.
Jay Leal (39:48):
And of course, businesses can opt into services like positive pay, which bring in that extra layer of security and the bank can authenticate the amount and who the check is written to.
Gasan Awad (40:01):
Yes, exactly.
Penny Crosman (40:02):
Alright, what's the next big thing in fraud? What do you think might be, these are your current concerns. What do you think might be your biggest concerns in the next few years?
Chris Briggs (40:17):
Sam Altman. I mean, he is the one that's actually starting things, right.
Penny Crosman (40:24):
Speaking of Sam Altman, do you think that banks need to incorporate more generative AI to kind of fight the increase of generative AI for deep fakes and old manner of things, agentic, ai, et cetera? Is gen AI going to have to be part of the fraud tool Tool book tool defense kit?
Gasan Awad (40:45):
Yeah, I think it should and will be. And I think the key word is part. It's not the only thing, and I think it might even have out weighted areas where it'll play, but I think the key thing is it's part of the solutions, but I think it's not going away. And you'll see more and more of it for
Chris Briggs (41:05):
Sure. It's part of layers, right? You're going to have multiple different layers, just like you think about someone coming in and if you think about someone who's trying to come inside your house, you would have multiple layers of security, physical and digital. You probably think about that all the time.
Jay Leal (41:20):
Absolutely. And so I do think that it's going to be one of the tools in the toolbox. It's going to be one of the things that will help us get better. But it is about layers of security. It's about multi-layers. And as you were just saying, you got a fence before you get to the house. Before you get into the house, you've got a door, and before you get to the lock or get to the door, you have a lock. So it is part of the solution, but it is not a silver bullet. It's not going to answer every single fraud attempt. So I think that holistically, you've got to look at this as a defense in depth as defense in layers. But yes, AI is important.
Penny Crosman (42:04):
How do you kind of brace yourself for the future? How do you keep up with the newest frauds that are coming down the pipe and the newest technologies and vetting those technologies to see if they're right for you?
Jay Leal (42:19):
There's a lot of companies out there that are selling something, and if they add AI to it, they're the best AI tool that can solve whatever problem you have. I think it's important for us to be open to the different technologies out there. I think it is a little bit of the wild west out there as far as tools that can assist in things like this. We are big on doing proof of concepts. Put your money where your mouth is and show us that your tool works the way that you say it's going to work. So I think we've done a lot of learning in providing a detailed POC and vetting different vendors as we go through this kind of new frontier.
Chris Briggs (43:06):
And you should experiment, right, experimentation, right? Because there's no secret sauce that hits, as we were talking about, secret sauce. There's no real secret sauce for every single situation. And as the fraud morphs and changes, and you think of it as like a river with a bunch of rocks in it, that's going to change over time. So the fraud will move around this rock or around that rock, metaphorically. And you have to be able to respond to that. And that requires sort of constantly reviewing what you have in place, testing it. Many organizations will have third parties that actually come in and help them test that sort of the penetration testing and scanning, and do we do everything and is anybody able to get through? And we do that with a lot of organizations as well. But it is a lot about experimentation to see what works and what doesn't work. Quite honestly. There's a bunch of basic building blocks, but then on top of that, you sort of have to figure it out piece by piece.
Gasan Awad (44:00):
If you think about fraud, how fluid it is,
(44:03):
If you're not experimenting, if you're not doing proofs of concept, proof of value, you're going to be in trouble. And you can't figure that you do it once and you set it aside and you say you're done because the way it's changing every three, six months, nine months, 12 months, there's a new attack vector. So how do you adjust? I definitely agree, and I think as we think of how do we innovate in the market, it's not only just the net new products or net new ideas, but how do you optimize some of the things you have? That's innovation too. And I think as things are changing, that's some of the things you need to look at is how can you kind of take what you have, optimize it, and then as you layer in some of the new things, that's great. And if you've been in this market for a while, just think in the last 10 years between biometrics, behavioral analytics, ai, all the tools that have come in, you could have said this was James Bond stuff a couple of years ago. It's now part of your day-to-day table stake. And I think you have to be open about it, do the trials, do the POC and look for every line of business. It's not going to make sense.
(45:11):
And you got to have choices, and you got to know where to apply it. Sometimes if you think one rule fits all or one thing fits all, that's where you're going to lie in a trap. Every business is a little different. You have to think about that. And
Chris Briggs (45:25):
Technology's going to change too. So I mean, let's talk about mobile driver's licenses and how they're starting to come in play and people are starting to show up at the bank or renting a car and they're like, oh, I've got a mobile driver's license from the state of California. Don't you take that, right? Well, there's coming a point in the future where many financial institutions in the US but also in Europe are going to have to take those by law. So you've got this fraud element, but then you also have this technology element, and it's really the two together that you guys I know in particular are having to create this balancing act. How do we think about friction, digital, physical, retail in branch, or even someone calling into a customer center versus using some other type of digital form that they're communicating with us?
Gasan Awad (46:10):
I think your comment about that trade off between friction fraud, you have to balance both. You can't do one at the expense of another nowadays, right? I think that's probably one of the things that people have now understand is, hey, I have to handle both and do it at an optimal pace. I can't sacrifice one for the other. Now, there are some things where you're going to introduce more friction, but you do it knowing and you go in, but you understand that there's that customer service, customer experience that you have to balance. And I think
Chris Briggs (46:41):
It's stable, safe, and even between the two of you guys, you have very different constituents. Absolutely. And so each one of yours is going to create a different sort of balance as you're working through that process.
Jay Leal (46:51):
Absolutely.
Chris Briggs (46:51):
Digital, non-digital branch, not branch. Are they calling in? Are they technologically savvy enough to be able to work through this themselves or do they have to come and go talk to somebody about it? Exactly.
Penny Crosman (47:03):
All right. Well, you've been a great panel. Thank you so much. And to all of you in the audience, I hope you learned a lot like I did. Thank you.
Gasan Awad (47:09):
Thanks, Ben. Thank you Penny.
LEADERS is a flagship channel that spotlights C-level executives and top experts as they discuss transformative topics for an audience of key decision-makers. We deliver thought leadership on the most pressing issues driving financial services. The LEADERS series is made possible by the support from top industry collaborators including Mitek.
