Financial services companies can do a better job battling online fraud if they share more information about suspect activity with one another.
That was a recurring message at several panels dedicated to cybersecurity and fraud at the Money20/20 conference in Las Vegas. The four-day show, expected to draw more than 11,000, is dedicated to the payments industry and the technology disrupting the financial industry. It runs through Wednesday at The Venetian.
Individual financial services firms, especially small banks, don’t have enough data on particular acts of fraud to build effective models to identify it, said Michael Reitblat, co-founder and CEO of Forter, which offers payment fraud prevention solutions.
Financial firms are investing billions of dollars in algorithms using artificial intelligence to identify fraudulent transactions in real time, Reitblat said, but the technology’s success relies on inputting millions of examples. Even if a bank had 10,000 cases of certain fraud, it wouldn’t be able to create a strong defense.
“AI has a fallacy problem. It is only as good as the data we feed into it. It is only as good as how we teach it. You can’t say (to the AI technology), ‘Here is a billion fraudulent transactions’, because they are all very, very different,” he said.
Banks’ efforts to deploy artificial intelligence effectively are also hindered by outdated legacy technology, Reitblat said, but that roadblock will disappear as banks continue to upgrade.
Nonetheless, he and Pedro Domingos, a professor at the University of Washington specializing in machine learning, said it will be toughfor banks to fully defeat fraud groups because some of those groups, including nation-state actors, are using artificial intelligence to breach financial institutions and their clients.
“It is really annoying to me that one person gets breached and then thousands more can be breached in exactly the same way. And the fact that big banks are talking to each other isn’t helping that aspect of the problem,” said Ellen Richey, chief enterprise risk officer at Visa.
Visa tracks suspicious transactions with a merchant back to their source, Richey said. It then notifies other merchants about the particular computer address.
Passwords and knowledge-based authentication — the questions companies ask to prove users’ identity, such as the name of their first pet — are not efficient tools, she said. There is enough information on social media about individuals for a fraudster to figure out the answers.
Richey said tokenization and biometrics will be deployed by more firms to fight fraud. Tokenization is the process of replacing sensitive account information sent over the internet, such as the 16-digit account number, with a unique digital identifier called a token. Examples of biometrics includes facial recognition and fingerprints.
Biometric authentication, though strong, can still be copied and should be used along with other security steps, she said.
The Review-Journal is owned by the family of Las Vegas Sands Corp. Chairman and CEO Sheldon Adelson. Las Vegas Sands operates The Venetian.