Banks face a big challenge in performing the high degree of analysis required under new security rules for payments initiated online. Their options in meeting the challenge include retraining staff and tapping software that learns from customers' spending patterns.
National Penn Bancshares Inc, of Boyertown, Pa. claims to have had significant success fighting fraud in automated clearing house and wire transfers using a mixture of technology and human interaction.
Transaction analysis is "the last and most effective defense we can employ," says Steve Kunkel, senior vice president of operational risk management and loss prevention at National Penn.
Kunkel spoke Thursday in an online presentation sponsored by the security vendor Memento Inc. of Burlington, Mass.
In 2010, National Penn, which has $9 billion in assets and 123 branches, began using a Memento anti-fraud service to look across silos and channels and detect anomalies for ACH and wire transactions as they occur.
Banks should "gather data as soon as possible when implementing this, because the more historical data analysts have on hand, the fewer false positives there will be," Kunkel says.
It is almost impossible for fraudsters to guess the metrics National Penn applies to its transactions to detect aberrations, but the importance of human interactions can't be underestimated, he adds.
Rather than turn responsibility for potential problems over to the bank's fraud loss prevention unit, National Penn decided to make it the responsibility of the customer relationship managers, since they have close ties to businesses and individual clients.
That meant training staff concerning ACH payments, patterns of suspicious activity and the bank's requirements for timely decision-making. They also had to contact customers directly about suspicious activity and learn what to do when customers could not be reached before file submission deadlines.
"Detection has typically been done by the receiving bank for wires after the fact," said Tim Brady, an industry solution consultant for Memento. Once the money has left the bank, it is nearly impossible to get it back, Brady says.
The updated Federal Financial Institutions Examination Council mandates, released in June, stipulate that banks must conduct ongoing reviews of security procedures and watch for fraud at the transaction level.
Effectively analyzing transactions requires collecting large volumes of customer data that span product lines and channels. This data must then be assembled into intelligent customer profiles.
"The biggest impediment to getting ACH and wire fraud detection up quickly is data normalization," says Gartner Inc.'s Avivah Litan. Files from a single corporate customer might have a multitude of names and account numbers, making it difficult to link current and historical customer behavior, she says.
A number of security vendors are making strides in easing the data requirements necessary for good behavioral analysis, says Julie Conroy McNelley, a senior risk and fraud analyst at Aite Group LLC.
Some software products "are able to combine individual user behavior with demographics for a typical user within a particular customer segment, and many solutions provide preset models that can 'learn' in production," McNelley says.
One vendor is Guardian Analytics Inc., of Los Altos, Calif., which specializes in security products for smaller banks and credit unions, as well as some of the core processing vendors, like Fiserv Inc., of Brookfield, Wis., and Q2 Software Inc., of Austin, which have built behavioral analytics into their products, McNelley says.
