View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Uncategorized
November 23, 2011updated 04 Apr 2017 4:15pm

Ahead of the game

The new online security rules announced last year by the Federal Financial Institutions Examination Council have seen financial institutions scrambling to keep pace. But one US bank National Penn Bancshares is a long way ahead of the rest of the field, writes Charles Davis.

By Charles Davis

The new online security rules announced last year by the Federal Financial Institutions Examination Council have seen financial institutions scrambling to keep pace. But one US bank – National Penn Bancshares – is a long way ahead of the rest of the field, writes Charles Davis.


Online fraud is, of course, an increasingly biting issue for the retail banking sector. There is a rush to find the right processes, and the right technology partner, to meet the Federal Financial Institutions Examination Council (FFIEC) rules.

Some two years ago, before those rules were announced, National Penn Bancshares – a 123-branch, $9bn regional bank – began working with Memento, a fraud prevention platform that uses a mix of human and technological intervention to detect fraud.

Since then, the bank has experienced a significant reduction in fraud, according to Steve Kunkel, senior vice-president of operational risk management and loss prevention.

“We have embedded a system in our ACH and wire processes that performs analytics on transactions before they leave the bank,” Kunkel says. “The system generally is looking for unique, unusual patterns. We are finding transactions that need more review, and then working with our customers to determine whether or not they are fraudulent.”


Working to rule

Memento’s Enterprise Platform addresses all of the layered security guidelines required in the FFIEC’s latest guidance, including multiple controls and technologies.

The FFIEC said financial institutions must combine endpoint security with transaction monitoring across all transfer mechanisms used to move funds into and from a deposit account.

That’s where Enterprise Platform’s analytics kick in, Kunkel says. Each account and customer has a unique behaviour profile which, if analysed intelligently, can be used to identify suspicious activity.

“Customer and account level transaction monitoring is one of the most effective fraud prevention approaches available,” Kunkel says. “It is the last line of defence, and it is powerful because the fraudster has no way of detecting what we are doing.

“It is a dynamic system, one that allows for a great deal of customisation and real-time adjustments, which is critical to fraud detection in electronic payments.”

The system’s sophisticated analytical techniques look for anomalies and patterns that investigators are not aware of yet.

Employing a rich mix of statistical techniques and algorithms – including Bayesian networks, learning models and behaviour profiling – the Enterprise Platform allows National Penn to examine their overall customer and account base, identify outliers and tracking potentially harmful patterns.

These alerts provide an opportunity to detect previously unknown patterns of fraud, catching them earlier and reducing their impact. And they help fine-tune scenarios for greater accuracy.

Most importantly, the platform enables customers to employ business rules and advanced analytics in tandem. Users routinely prosecute cases based on business rules with a low ‘false positive’ rate. And as soon as they identify a new, previously unknown pattern using advanced analytics, they are alerted to a potential new threat.

The more data National Penn collects, the better the analysis, Kunkel says, as the system learns to reduce false positives that slow down payments and distract bankers from core tasks.


The helping hand

It is not all automated analytics, however. Kunkel insists the real power of the Memento platform lies in combining technology with human hands.

While detecting fraud was once the sole responsibility of the bank’s fraud protection unit, the new system spreads fraud detection throughout the institution.

National Penn’s relationship managers now play an active role in sniffing out suspicious transactions, since they work more closely with the business customers at the other end of the transaction.

“We have made fraud detection an enterprise-wide effort,” Kunkel says. “It is extremely important to educate customers in advance, to empower them to protect themselves, to communicate with our customers as we go so they will expect a call from our ACH customer manager with a question about a transaction.”

Kunkel describes the response from clients as “extremely positive”. He says the frequent interaction between bankers and business clients helps spark discussion about steps businesses can take to improve payments security at their end as well.

“It is important to drive the message home that, while we are tweaking the analytics to improve transaction security, we are in this together,” Kunkel adds. “As new payment forms emerge, and as the payment mix of our business customers changes, it is important to work collaboratively on security.”

Kunkel’s team has trained staff the basics of ACH payments, patterns of suspicious activity and the bank’s requirements for timely decision-making. A protocol for inquiries about suspicious or anomalous transactions also helped to smooth the transition to a more robust monitoring environment.

Memento’s system helps National Penn tackle the enormous task of effectively analysing transactions spanning product lines and channels. This data must then be assembled into intelligent customer profiles that can be studied across time and within the customer’s own transaction history.

“You have to look at the transaction in the context of the person’s overall transaction history, so we are looking for things that are unusual for that customer,” Kunkel says. “It could be a threshold set for hard-dollar amounts, but most of the time it involves looking for things that are derivations from the mean. We are looking for degrees of abnormality for this customer… how unusual, statistically, is this transaction?”

The system’s flexibility is key, says Kunkel, because one thing is certain: fraud will continue to evolve, and the bank’s fraud detection efforts must keep pace.

“Straightforward phishing has evolved to ‘man-in-the-middle’ fraud where the fraudster has taken control of the computer or account, and so to us, it looks just like our customer making the transaction,” he says.

“That makes the combination of analytics and a human touch even more crucial. The great thing about the Memento system is that we can adjust it on the fly. We are adjusting daily to events on the ground.”

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy


Thank you for subscribing to Electronic Payments International