How Machine Learning Fights “Hypnofraud”
Blog: Enterprise Decision Management Blog
Financial fraudsters are now becoming more brazen and manipulative, a disturbing trait most apparent in their perpetration of social engineering fraud (SEF). At our recent FICO EMEA Fraud Forum, SEF came up as a pressing issue in today’s UK financial market; it’s a broad category of chicanery that fraudsters use to manipulate victims into disclosing confidential financial details such as login credential, or having the true account holder transferring money directly to them, a scam befittingly called “hypnofraud.”
The good news is that while social engineering fraud is on the rise, FICO is using advanced machine learning techniques to effectively combat SEF.
Phishing, Smishing, Hypnofraud and More
Fraudsters use a range of tactics to commit social engineering; email (phishing) and text message (smishing) are time-tested winners. Phone call SEF (vishing) is rising in popularity, showcasing fraudsters’ seductive interpersonal skills to manipulate victims (particularly and most sadly, the elderly) into making payments to an account controlled by fraudster.
Around tax season, hypnofraud spikes as fraudsters claim to be Internal Revenue Service (IRS) employees (or HM Revenue & Customs in the UK), using spoofing to make telephone calls look like they are coming from IRS phone numbers. Victims may be told they owe money to the IRS that must be paid promptly, or that a refund is due and account detail needs to be provided in order to make the transfer. Often, the ploy contains the threat that the account holder will be arrested if funds are not sent immediately.
Push Payment Fraud Is on the Rise
Depending on how the funds are moved from a victim’s demand deposit account (DDA) to a fraudster controlled account, there are two types of push payment fraud:
- Unauthorized push payment transactions are not authorized by the account holder; instead, they are carried out by a fraudster using compromised account authentication details given to them by the true account holder.
- Authorized push payment scams manipulate the account holder into making the payment to an account controlled by fraudster—hence the term ‘’
Social engineering is a leading driver for both unauthorised and authorized fraudulent push payments. In 2017, the UK market experienced a reported 34,743 unauthorized fraud case attempts from remote banking channels (internet, mobile and phone banking), valued at a total of £417.5 million. In the same period, authorized push payment cases hit 42,837, siphoning £236.1 million from personal and business accounts in all channels. These volumes illustrate the deceptive suggestive power of social engineering.
How FICO Uses Machine Learning to Fight SEF
I previously blogged about FICO’s Retail Banking models and how they can be used to tackle phishing fraud. To recap, these models are designed to detect a broad spectrum of fraud types that attack financial institutions today. They use patented profiling technology to build and update behavioral profiles online and in real time. As such, the models generate a strong signal when current transaction patterns deviate significantly from established transaction and non-monetary patterns; they detect both generic fraud characteristics and those patterns appearing only in certain fraud types, such as social engineering fraud.
Further to that, FICO’s advanced machine learning techniques specifically combat SEF. As in all other third-party frauds, social engineering fraudsters drain victims’ accounts fast. FICO’s machine learning techniques monitor many payment characteristics, such as how large the amounts are and how fast the payments were occurring.
In SEF scenarios these metrics would appear abnormal, leading to higher fraud scores. Further, we can utilize profiling of destination accounts and coordination of multiple SEF attempts ending in the fraudsters’ destination accounts, i.e., mule accounts.
B-LISTs Deliver A-List Insights
Another patented advanced model feature is the Behavior Sorted List (B-LIST). B-LISTs keep track of the way various common transactions intersect at either the customer or account level, such as:
- A list of beneficiary accounts that a payer pays regularly
- Devices that a payer has used in the past to make payments
- Foreign countries that a payer paid before
- A list of payers from which a payee regularly receives funds
- Typical amounts of new payment originations
FICO’s B-LIST technology empowers the Retail Banking model to detect “out of pattern” behaviors. In an unauthorized push payment fraud scenario, when the fraudster makes the payment; transactions would likely be made from a device not typically used by the legitimate account holder, and the funds would likely go to a strange beneficiary account. Based on FICO’s analysis, the transactions that are completely out of pattern are about 40-plus times riskier than the transactions that follow at least one established behavior.
After gaining access to a victim’s account, a fraudster might go one step further to carry out account takeover fraud. By hijacking the primary contact channels, the fraudster can effectively lock out the true owner and take over the entire account. FICO’s Retail Banking model tracks those risky non-monetary events, such as a change of email, address or phone number that often precede fraudulent monetary transactions.
Authorized push payments are in many ways more difficult, and tragic. Numerous cases exist of customers being so deeply hypnotized by the social engineering fraudster that when the bank intervenes, the customer is already influenced to distrust, ignore, or resist the bank’s efforts to protect the customer’s accounts.
In this scenario FICO utilizes deep knowledge of typical behaviors anticipated based on extensive behavioral profiling of the true customer’s past behaviors (particularly new money movement behaviors). We are incorporating collaborative profile technology to bring additional cross-customer understanding of new behaviors of similar banking customers. These methods may be used to hone in those individuals actively targeted for authorized push payments and have the bank’s very best analysts intervene.
We are continuing to enhance FICO’s Retail Banking DDA model in detecting hypofraud and other forms of social engineering fraud. In addition, our Falcon Intelligence Network consortium data has grown considerably in the retail banking payments space, so keep an eye out for FICO’s release of the Retail Banking consortium model.
Follow @ScottZoldi on Twitter and be mesmerized by my hypnotweets!