Wire transfers, previously one of the more secure environments within a financial institution’s operations, pose the greatest risk of loss to a financial institution.
The transfer speed, potential size of such losses and the inability to recover funds once they are transferred to the destination institution all leave financial institutions vulnerable to significant risk.
To fully understand wire transfer risk, it is important to analyze the origin and the destination of the wire transfer. Many financial institutions allow business and consumer customers to initiate wire transfers in-branch, over the phone or online.
In general, wire transfers originating from branch locations are the least risky as fraudsters are generally reluctant to put in a personal appearance. Despite this, it is important that branches have a documented authentication process, including requirements for multiple forms of ID or signature verification.
Financial institutions usually require individuals initiating a wire transfer request over the telephone – typically corporate customers – to be authorized to initiate wires on behalf of the company for the particular accounts. These individuals must be able to provide appropriate security codes or correctly answer previously established security questions.
Yet, internal employees, both within the bank and the corporation, may gain access to account information and passwords to overcome such security barriers.
Similarly, financial institutions that allow customers to initiate wire transfers online open themselves to risk by fraudsters who are able to circumvent online authentication measures.
Many banks are turning to multi-factor authentication techniques such as “something you have” (e.g. a token), “something you are” (e.g biometrics) as well as “something you know” (e.g. a password) to help prevent fraud of this type.
They also are using techniques such as IP profiling to identify fraudulent access. In fact, multi-factor authentication becomes a critical weapon in a bank’s arsenal as criminals continue to develop increasingly sophisticated techniques to conduct fraud.
Criminals have figured out ways to bypass the need to “break” a user’s authentication, such as deploying a Trojan or some other type of malware to perform man-in-the-browser attacks.
These can be completely invisible to the user, who accesses the online bank account and makes a payment as they normally would, but behind the scenes the fraudster can redirect the funds to their own account and even change the amount of money being transferred.
So how can banks best protect their customers from the multiple entry points of today’s wire transfer risks?
The key is an enterprise risk management system that tracks customer behavior patterns such as time, frequency, amounts and destinations of activity. Then when customer activities show variances or anomalies, the system can issue an alert to stop the suspicious transaction in its tracks.
Such a strategy delivers an optimum detection rate and minimum false positive ratio.
Financial institutions face a growing burden to protect their customers from fraud, protect themselves from fraud losses and comply with mounting national and international regulations.
Ironically, while combating fraud, financial institutions are also being pressured by customers and regulators to improve the speed at which payments and transfers reach beneficiaries’ accounts, with many countries now at a near- or real-time process.
This rapid availability and transfer of funds creates additional challenges in terms of recognizing and shutting down fraud before it is too late. Are you prepared to guard against today’s wire transfer risks?