23 September 2017
John Cant

John Cant

John Cant - MPI Europe Ltd

41Posts 190,267Views 21Comments
Innovation in Financial Services

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.
A post relating to this item from Finextra:

Swift's Perez-Tasso warns of defining cybersecurity moment

16 June 2016  |  8684 views  |  0
bubble.jpg
As Swift grapples with the fallout from a spate of recent attacks on bank websites, the messaging network's chief executive of the Americas and UK, Javier Perez-Tasso, has warned that the financial se...

Imagine a miniature financial crime fighter in every router

16 June 2016  |  8161 views  |  0

It is well known that financial criminals are adept at finding the weakest link in a bank’s, or the banking systems, defence to attack. They can often do this by avoiding the immediate defensive measures in applications and getting transactions into the banks payments systems, even on a trusted network such as Swift. Once on the network, criminals have a window of opportunity. There may be a few additional checks beyond applications, but other than the entry points, a large part of the crime intelligence is located centrally in institutions. These central checks will typically happen as a batch at the end of the day, or later … potentially too late. So, one of the main challenges that banks face in tackling fraud and crime beyond tightening application security is being able to deploy pragmatic defence measures to address this gap.

To date, real time finCrime checks across a network have been difficult to implement other than on a restricted application basis. However, with the advent of web technology advances and some innovative thinking there is a new possible approach. If we consider a major bank or other financial institution as a large network of devices, we can see there are parallels with the internet of things (IoT). However, the challenge is that from a fraud or financial crime fighting perspective most of those things are relatively dumb. So what if a router (or indeed an ATM or other device on the banks network) knew just enough about finCrime that it was able to identify a suspect transaction before it sent it to a system. In this way they would act as a miniature crime fighter.

Building this type of behaviour into the network independent of major applications is now possible using new IoT software that allows the distribution of intelligence across a major network. This could be programmed to detect suspicious behaviour from the data, or patterns of data, passing across it and then block, delay or flag suspicious behaviour in a flexible way. The exact mechanisms would vary from financial institution to institution but would likely have the following advantages:

-          Earlier/real-time detection of suspect activity – no waiting for end of day/batch cycles

-          Increased efficiency – flagging suspect activity prior to further checks should lead to optimisation, i.e. prioritising the activities such as transactions fitting patterns of potential AML or Sanctions breaches which are more likely to require investigation

-          More ability to check in context/place – the earlier in the cycle and closer to the transaction that suspicion is raised, the more likely additional information can be sought and criminals identified/detained

-          Reduced application vulnerability – a fraudster can plan to hack a single generating application and exploit one loophole to achieve their aims. The overall task then becomes significantly more difficult if they also have to compromise a number of network devices

-          Distributed processing – reducing the burden on the central processing checks where processing optimisation has particular challenges

There are obviously limitations to what an intelligent network could, or indeed should, do. For example, the full finCrime rule set should not be embedded in the network – criminals would then attempt to get their hands on the exact checks by stealing a physical network component. They could then decode the rules and modify their behaviour to better avoid detection – e.g. sending through transactions just below test thresholds. Also, there are limitations on how much can be done efficiently at the network component level. However, we are now seeing innovative institutions adding this finTech weapon to their arsenal and making the criminal’s task significantly harder. 

 

TagsSecurityPayments

Comments: (0)

Comment on this story (membership required)

Latest posts from John

Imagine a miniature financial crime fighter in every router

16 June 2016  |  8161 views  |  0 comments | recomends Recommends 0 TagsSecurityPaymentsGroupInnovation in Financial Services

Will MiFID II bring Evolution or Revolution to investment research?

08 June 2016  |  8078 views  |  0 comments | recomends Recommends 0 TagsTrade executionRisk & regulationGroupMiFID

Fraud ain’t what it used to be

18 May 2016  |  2582 views  |  1 comments | recomends Recommends 1 TagsPaymentsInnovationGroupTrends in Financial Services

Beware the financial crime bite of the back book

26 April 2016  |  3782 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationGroupTrends in Financial Services

John's profile

job title Managing Director
location London
member since 2007
Summary profile See full profile »
I lead MPI Europe a niche financial sector consulting firm focussing on regulatory driven, risk, technology and operational change

John's expertise

Member since 2004
41 posts21 comments

Who's commenting on John's posts