The new online security
rules announced last year by the Federal Financial Institutions
Examination Council have seen financial institutions scrambling to
keep pace. But one US bank – National Penn Bancshares – is a long
way ahead of the rest of the field, writes Charles
Davis.

Online fraud is, of course,
an increasingly biting issue for the retail banking sector. There
is a rush to find the right processes, and the right technology
partner, to meet the Federal Financial Institutions Examination
Council (FFIEC) rules.

Some two years ago, before
those rules were announced, National Penn Bancshares – a
123-branch, $9bn regional bank – began working with Memento, a
fraud prevention platform that uses a mix of human and
technological intervention to detect fraud.

Since then, the bank has
experienced a significant reduction in fraud, according to Steve
Kunkel, senior vice-president of operational risk management and
loss prevention.

“We have embedded a system in
our ACH and wire processes that performs analytics on transactions
before they leave the bank,” Kunkel says. “The system generally is
looking for unique, unusual patterns. We are finding transactions
that need more review, and then working with our customers to
determine whether or not they are fraudulent.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Electronic Payments International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Working to
rule

Memento’s Enterprise Platform
addresses all of the layered security guidelines required in the
FFIEC’s latest guidance, including multiple controls and
technologies.

The FFIEC said financial
institutions must combine endpoint security with transaction
monitoring across all transfer mechanisms used to move funds into
and from a deposit account.

That’s where Enterprise
Platform’s analytics kick in, Kunkel says. Each account and
customer has a unique behaviour profile which, if analysed
intelligently, can be used to identify suspicious
activity.

“Customer and account level
transaction monitoring is one of the most effective fraud
prevention approaches available,” Kunkel says. “It is the last line
of defence, and it is powerful because the fraudster has no way of
detecting what we are doing.

“It is a dynamic system, one
that allows for a great deal of customisation and real-time
adjustments, which is critical to fraud detection in electronic
payments.”

The system’s sophisticated
analytical techniques look for anomalies and patterns that
investigators are not aware of yet.

Employing a rich mix of
statistical techniques and algorithms – including Bayesian
networks, learning models and behaviour profiling – the Enterprise
Platform allows National Penn to examine their overall customer and
account base, identify outliers and tracking potentially harmful
patterns.

These alerts provide an
opportunity to detect previously unknown patterns of fraud,
catching them earlier and reducing their impact. And they help
fine-tune scenarios for greater accuracy.

Most importantly, the
platform enables customers to employ business rules and advanced
analytics in tandem. Users routinely prosecute cases based on
business rules with a low ‘false positive’ rate. And as soon as
they identify a new, previously unknown pattern using advanced
analytics, they are alerted to a potential new threat.

The more data National Penn
collects, the better the analysis, Kunkel says, as the system
learns to reduce false positives that slow down payments and
distract bankers from core tasks.

The helping
hand

It is not all automated
analytics, however. Kunkel insists the real power of the Memento
platform lies in combining technology with human hands.

While detecting fraud was
once the sole responsibility of the bank’s fraud protection unit,
the new system spreads fraud detection throughout the
institution.

National Penn’s relationship
managers now play an active role in sniffing out suspicious
transactions, since they work more closely with the business
customers at the other end of the transaction.

“We have made fraud detection
an enterprise-wide effort,” Kunkel says. “It is extremely important
to educate customers in advance, to empower them to protect
themselves, to communicate with our customers as we go so they will
expect a call from our ACH customer manager with a question about a
transaction.”

Kunkel describes the response
from clients as “extremely positive”. He says the frequent
interaction between bankers and business clients helps spark
discussion about steps businesses can take to improve payments
security at their end as well.

“It is important to drive the
message home that, while we are tweaking the analytics to improve
transaction security, we are in this together,” Kunkel adds. “As
new payment forms emerge, and as the payment mix of our business
customers changes, it is important to work collaboratively on
security.”

Kunkel’s team has trained
staff the basics of ACH payments, patterns of suspicious activity
and the bank’s requirements for timely decision-making. A protocol
for inquiries about suspicious or anomalous transactions also
helped to smooth the transition to a more robust monitoring
environment.

Memento’s system helps
National Penn tackle the enormous task of effectively analysing
transactions spanning product lines and channels. This data must
then be assembled into intelligent customer profiles that can be
studied across time and within the customer’s own transaction
history.

“You have to look at the
transaction in the context of the person’s overall transaction
history, so we are looking for things that are unusual for that
customer,” Kunkel says. “It could be a threshold set for
hard-dollar amounts, but most of the time it involves looking for
things that are derivations from the mean. We are looking for
degrees of abnormality for this customer… how unusual,
statistically, is this transaction?”

The system’s flexibility is
key, says Kunkel, because one thing is certain: fraud will continue
to evolve, and the bank’s fraud detection efforts must keep
pace.

“Straightforward phishing has
evolved to ‘man-in-the-middle’ fraud where the fraudster has taken
control of the computer or account, and so to us, it looks just
like our customer making the transaction,” he says.

“That makes the combination of analytics and a human touch
even more crucial. The great thing about the Memento system is that
we can adjust it on the fly. We are adjusting daily to events on
the ground.”

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up