Long reads

Best practices for neobanks utilising machine learning to prevent fraud

Madhvi Mavadiya

Madhvi Mavadiya

Head of Content, Finextra

Unburdened by legacy technology, physical branches and stringent regulatory requirements, digital financial outfits — otherwise known as neobanks — can disrupt the status quo, scale retail propositions, and expand into lucrative spaces such as business banking with a streamlined model. 

With over 250 neobanks operating worldwide and many more on the cusp of launching, their flexible and efficient platforms are unfortunately attractive to fraudsters searching for new infiltration methods. Neobanks recognise that holistic fraud prevention processes are a prerequisite to offering financial services, but figuring out how to implement technologies to deploy digital trust and safety is another story. 

Finextra spoke to Jane Lee, trust and safety architect at Sift; Phil Coole, MLRO at OakNorth Bank; Bernadette Smith, compliance director and MLRO at Cynergy Bank; and Guy Harding, chief risk officer at 86 400 about how neobanks can prevent financial loss while also facilitating efficient user experiences, whether automation is a core competency in the prevention of financial crime and how neobanks can empower teams to make data-driven decisions with machine learning. 

The foundation of digital trust

According to Lee, there are three elements of digital trust and safety that neobanks and all fintech businesses need to introduce into their strategy: automation, context, and actionable data. Although a thorough audit of current processes and technologies will be required later, examining current strategy will provide a neobank with an idea of the maturity of their fraud prevention operation. 

Smith takes this further and explores the three critical tasks required for fraud prevention and ensuring only genuine accounts are opened. “During the digital customer onboarding processes for account opening, a customer is not required to go to a bank branch to open a bank account and may open an account quickly via digital channels, regardless of location. Therefore, it is essential that the bank gets adequate information from the customer prior to account opening, so as to undertake proper fraud checks. 

“Two, once the account is opened, behind the scenes monitoring of account activity is an important element of fraud prevention to proactively spot indicators of fraudulent behaviour. Good analytical investigative resource will assist in getting case resolution to fraud incidents in a timely manner.

“Three, ongoing awareness campaigns should take place to educate customers of fraud risks. In addition, customers should be able to easily contact the bank as required when faced with fraud incidents, via a variety of different mechanisms and without a time lapse, due to long call waiting times.”

Harding echoes this and reveals that 86 400’s approach has been to “start with the customer experience and make the security regime as near to invisible for the user as possible. An example of this is clever technology that recognises the identity of the particular device being used to access our system as a form of two factor authentication.”

In a recent Gartner report, it was revealed that by 2023, 30% of banks and digital commerce businesses will have dedicated trust and safety teams to protect the integrity of all online brand and customer interaction, which is an increase from fewer than 5% today. Lee stated that with neobanks leveraging digital trust and safety platforms, and in turn, establishing proactive fraud prevention teams, “there’s no longer this trade off between risk and revenue.”

She continued: “If you look at more historical, archaic fraud prevention systems, they’re strictly rules-based; if a fraudster signed up using an email address, that email address is blocked. However, when considering machine learning, it is not just about looking at the email address, but everything within that email such as the consonant to vowel ratio. Fraud has become sophisticated, so these older systems that are rules-based are no longer effective in fighting fraud.”

Coole adds that preventing customers and themselves from fraud is of critical importance, making it essential that neobanks invest the right time and resource to manage risk appropriately. “We always assess the customer impact of any controls we implement — fraud or otherwise — to ensure customers can continue interacting with us in a user-friendly way whilst also being confident that saving with us is safe and secure.”

He adds: “When assessing our control environment, particularly when we look to enhance it, one of the key measures is effectiveness vs impact: if we deem new measures to counter fraud potentially negatively impacting customers without delivering meaningful effectiveness then we need to reshape and reassess how we’re looking to implement changes. It goes without saying that the more we can automate without it impacting on the customer journey or experience, the better.”

Shifting mindsets and balancing growth with security

Neobanks must prioritise establishing an efficient customer experience and increasing user engagement on the same level as reducing risk and blocking fraud. Moreover, fraud prevention teams must not take a narrow view; a strategic mindset shift is required so that these digital financial players can start analysing customer behaviour, rather than customer transactions, and fraudsters’ behaviour rather than fraudulent chargebacks. 

This change in attitude can act as a competitive differentiator, allowing neobanks to experiment and roll out profitable initiatives. Lee believes that neobanks have a unique value proposition as they “serve the underserved, lower barriers to entry, stimulate high growth and facilitate seamless experiences with their app technology and web presence.” 

Alongside this, with a web presence, the tens of thousands of signals that are behind powering that technology can then be analysed into making accurate assessments of a particular behaviour, deciphering whether it is fraudulent or not. For this to be conducted effectively, as Coole explores, “business teams and risk teams have to have a harmonious relationship in order for any neobank to grow effectively. The regulators are extremely interested in how we partner together to ensure decisions made on growth are made in the right way.”

Coole believes that “it makes absolute sense to ensure strategic decisions about growth are properly assessed from a risk perspective. Risk teams are now much more commercially aware than previously, whilst continuing to retain rational and robust views on how strategic decisions could negatively impact customers, the bank, or our investors. Strategic decisions made without risk input can severely harm businesses due to possible oversight on legal or regulatory breaches or customer impacts.”

While Smith agrees that strategic firm-wide risk assessments and considering the strength of both automated and manual controls allows banks to make strategic and commercial decisions in the face of potential fraud risk, Harding states that “there is a balance to be struck between managing risk and optimising other elements, such as user experience and revenue.”

Harding continues: “That balance necessarily favours the management of risk, as an insecure business will inevitably fail, but there is naturally an inflection point that has to be recognised. Our approach has been to provide a smaller range of solutions compared with our traditional peers but deliver them really well and in a very secure fashion. The key balance is less about which security systems we will adopt, but more around which customers we serve and what products we provide.”

Remaining proactive for prevention

Adopting the right technology is the key to maintaining a proactive fraud prevention model because it allows neobanks to operate on a similarly sophisticated level as their criminal counterparts. As Harding and Smith clarify respectively, a “proactive rather than a reactive approach to fraud is essential for all banks,” especially as “this is not a unique issue for neobanks.”

Lee revealed that fraudsters are using automation, in addition to other methods, to exploit businesses. “They don’t sleep. We see this in the chatter that we see on Telegram and dark web forums where they are exchanging methods and strategies to financially extort your business.”

Reiterating the importance of utilising the right technology, Lee said that this is the only way to scale a business. “Relying solely on manual review is potentially the worst-case scenario as it is time-consuming, expensive and definitely not as effective as a technology can be. Machines have the advantage: there are so many avenues where fraud can enter, and that’s why it’s important to have the right technology so you can be proactive and identify when it shows up at your door.”

Neobanks must be able to adapt to changing conditions. While a reliance on manual review could potentially be disastrous and result in customers leaving or criminals overwhelming fraud teams, it must be recognised that remaining proactive also unlocks growth at scale. On this, Coole says that neobanks should first “understand their business and assess the risk they face from different forms of financial crime, including fraud.

“This will help define what controls are needed where and when in the customer journey, and where more resource and focus is needed to counter the threats. Where possible neobanks need to consider how controls, both automated and manual, can be used for multiple purposes e.g., to prevent fraud and money laundering, for instance. This can generate economies of scale and can of course be helpful when considering system implementation.”

A recent Sift report explored this. “High levels of automation are critical for creating seamless experiences for trustworthy customers and erecting real-time roadblocks for potentially fraudulent actions. Legitimate customers have come to expect speed and, unfortunately, manual processes are anything but speedy. If delivering fast, frictionless experiences for users and building brand loyalty are important (which they should be), this leaves companies with only one choice if they wish to delight their customer base—automate as many processes as possible.”

Driving data-driven decisions 

As Lee highlights: “Data is a powerful resource that can be leveraged to effectively empower trust and safety teams. However, businesses’ fraud prevention strategies are only as good as the data they utilise and the tools they employ to analyse it. It is important to focus on scale, stability, and accuracy of the data at hand.”

Coole shares this view. “For fraud teams to make accurate and data-driven decisions they of course must be afforded the requisite investment in technology that can adequately ingest data from multiple data sources and provide useful insights and overviews over the business’s fraud landscape. That said, the data going in has to be good data, otherwise the systems will churn out bad results.” 

Neobanks must be able to provide such systems with sound and accurate data for any output to be usable. As Lee highlights, “one of the main advantages of partnering with a fraud prevention solution provider that specialises in digital trust and safety is that they leverage data from robust global networks to ensure data quality and diversity and have the processing capability to analyse it within fractions of a second. Additionally, having the appropriate tooling for trust and safety teams to understand what is happening in the ecosystem is equally as pertinent.

Lee adds: “Having transparent and user-friendly tooling allows teams to stay continuously informed about what is going on in their ecosystem and remain proactive in ensuring they are keeping up with key performance indicators.” Coole explains that “performance metrics not only show immediate financial impact, but it also serves to highlight such things as: which products are most exposed to fraud, which ways we interact with customers are most at risk (mobile, online etc.), whether criminals are targeting certain times of day, or whether the institution is receiving high volumes of applications from certain post codes. 

“All manner of trends can be garnered through system indicators that therefore enable banks to better proactively tackle fraud risk as well as reacting quickly to crystallised events. The other positive of metrics is quickly identifying if a fraud system isn’t working correctly, which might lead to better calibration or tuning or indeed moving to a new system altogether.”

Lee concluded by saying that as fraud prevention teams use data to make small improvements to various KPIs that can have a significant impact on bottom line performance and top line growth, access to the appropriate performance metrics and indicators must be granted. 

“Key performance indicators show your team’s value. Historically, trust and safety teams have often been under-resourced to fight fraud so there is always this battle of showing value. Keeping track of metrics like false positive rate, block rates, and chargeback rates help in demonstrating the financial value your team brings to upper management, and in turn, results in more long-term investment from them.”

Comments: (0)