Banks may have trouble performing the higher degree of analysis required by new security rules for payments initiated online, but their options include retraining staff and training software that learns from customers' spending patterns.
National Penn Bancshares Inc., of Boyertown, Penn., claims to have had significant success reducing fraud in automated clearing house and wire transfers, using a mixture of technology and human interaction.
"The benefits of transaction analysis are positive particularly because … [it is] the last and most effective defense we can employ," said Steve Kunkel, National Penn senior vice president of operational risk management and loss prevention.
Kunkel spoke Aug. 4 in an online presentation sponsored by the security vendor Memento Inc. of Burlington, Mass.
In 2010, National Penn, which has $9 billion in assets and 123 branches, began using a Memento antifraud service to look across silos and channels and detect anomalies for ACH and wire transactions as they occur.
Banks should "gather data as soon as possible when implementing this, because the more historical data analysts have on hand, the fewer false positives there will be," Kunkel said.
It is almost impossible for fraudsters to guess the metrics National Penn applies to its transactions to detect aberrations. But the importance of human interactions can't be underestimated, he added.
Rather than turn responsibility for potential problems over to the bank's fraud loss prevention unit, National Penn decided to make it the responsibility of the relationship managers, since they have closer ties with the businesses and customers involved.
That meant training staff about ACH payments, patterns of suspicious activity and the bank's requirements for timely decision making. They also had to contact the customers directly about suspicious activity and learn what to do when customers could not be reached before file submission deadlines.
"Detection has typically been done by the receiving bank for wires after the fact," said Tim Brady, an industry solution consultant for Memento. Once the money has left the bank, it is nearly impossible to get it back, he said.
The updated Federal Financial Institutions Examination Council mandates, released in June, say banks must conduct ongoing reviews of their security procedures and watch for fraud at the transaction level.
Effectively analyzing transactions requires collecting a great deal of customer data, spanning product lines and channels. This data must then be assembled into intelligent customer profiles.
"The biggest impediment to getting ACH and wire fraud detection up quickly is data normalization," says Gartner Inc.'s Avivah Litan. Files from a single corporate customer might have a multitude of names and account numbers, making it difficult to link current and historical customer behavior, she says.
A number of security vendors are making strides in easing the data requirements necessary for good behavioral analysis, says Julie Conroy McNelley, a senior risk and fraud analyst at Aite Group LLC.
"While there are certainly solutions that require a significant quantity of data to train, … there are others that are able to combine individual user behavior with demographics for a typical user within a particular customer segment, and many solutions provide preset models that can 'learn' in production," McNelley says.
One such vendor is Guardian Analytics Inc. of Los Altos, Calif., which specializes in security products for smaller banks and credit unions, as well as some of the core processing vendors, such as Fiserv Inc. of Brookfield, Wis., and Q2 Software Inc. of Austin, Texas, which have built behavioral analytics into their products, McNelley says.
