Counter Fraud Management provides a tightly integrated package of the advanced analytics and investigative capabilities needed for optimal fraud management.
It’s an unprecedented richness of capabilities, all packaged in a single, integrated solution.
We believe that modern fraud and compliance challenges require the flexibility to apply the right blend of capabilities to each problem, and to adapt easily, without being constrained to a specific use case, payment type, or analytical technique.
With Counter Fraud Management, you get an vast array of analytical and investigative tools [ shown in slide ], working together in a common framework and data model, and can mix-and-match them to apply to any fraud or compliance (financial crime) use case.
Start with one use case or fraud typology (AML, wire, ach, check, debit, internal, claims, etc) and expand to others. Extend across multiple use cases, users, transactions, data, or servers.
Reduce implementation risk by deploying operational benchmarks, use cases and templates harvested from across the vast IBM ecosystem.
Leverage our professional services fraud practice as a partner to evolve your roadmap, align with your strategies, and apply their expertise to implement and tailor solutions to your business.
Notably:
-- Single SKU for the entire counter fraud offering, priced based on the size of the business they are protecting from fraud . It will be unique to each industry. So for each industry, you get all you need in terms of capacity, to implement the protection you want to put in place for that industry; all of the analytics, all of the case management, all of the analysis tools in one offering.
Let me emphasize, this is not a loose collection of capabilities and offerings. This is a single INTEGRATED solution, with a single price point.
Currently we have Four value priced, industry-specific offerings for Banking/Financial Crimes, Insurance, Healthcare and Government
(*)
Prevent/Cyber components are sold separately, but designed to work together with CFM.
Some Big Data exploratory tools are also sold separately, but work together with CFM when required to handle very large volumes or varieties of data.
We talked about the different layers of defense provided by Trusteer to prevent cyber-attacks and credential theft.
Trusteer is extremely effective in preventing malware attacks, spotting phishing attempts, and proactively eliminating sources of fraudulent activity.
[ CLICK to get green box]
And the next line of defense is to counter any threats that get through the front door by looking at multiple types of payment transactions and customer behavior.
[ CLICK to connect them ]
When we connect the two, we make both of them more effective.
Trusteer sends accurate fraud risk indicators to Counter Fraud Management to further strengthen accuracy of detection and investigation.
[ CLICK to show feedback loop]
CFM can then send confirmed fraud indicators back to Trusteer to inform future decisions about that customer or device.
Summary: Both solutions are effective on their own, but IBM believes that a smarter approach is to connect the cyber and transactional fraud dimensions.
Lets discuss some examples where combining cyber and fraud tools helps increase effectiveness and lower false positives
When looking at the full range of data and capabilities, each solution contributes insight and data towards a better decision. Trusteer can flag fraud risk (which may or may not result in actual fraud, but does increase the likelihood), and CFM can look at the actual transactions and highlight anomalous transactions as truly higher risk.
Smarter Counter fraud combines
Account compromise history (malware/phishing)
Device risk (device ID, locations, proxy usage, remote access tools, mobile fraud risk like Jailbreak)
All from Trusteer
With:
3. user/account activity information (e.g. change of password, address, or beneficiary)
4. Anomalous transactions across all channels.
To create a higher quality risk assessment that flags truly high risk transactions.
Layering in security intelligence from QRadar, Guardium, ISAM…as well as web session information from Tealeaf can provided added benefit.
Another mobile scenario:
Credentials stolen or purchased in underground
Fraudster goes to mobile app (where Trusteer SDK may be embedded)
Fraudster logs in with stolen credentials using phone (if SDK in place, we have a unique device ID for this phone),
Trusteer can see its a new device and/or unusual location, including mobile intelligence like if the device is jailbroken
Fraudster accesses check images via phone and submits new large deposit a check via mobile banking app with cash out
We know there’s a risk, so can trigger a check fraud alert and investigate appropriately.
Solution
Trusteer Mobile Risk Engine is really powerful as a way to see at the device level if someone has taken over the device, but it is a *probability* not a certainty, which means there are false positives.
Combining the information from Trusteer (e.g. jailbroken or rooted device, rogue app, new device ID, geo-location, etc) with the payments and user/account information in CounterFraud allows us to make smarter decisions.
A Basic Scenario: Trusteer PinPoint Malware Detection Sees Malware on the Device
Trusteer detects malware on the device. Credentials may or may not have been compromised, but…
This is a definitive risk, so client can choose to block immediate high risk transactions (e.g. large int’l wire on business acct)
This information can also be passed to Counter Fraud so that other activity on the account can be seen in context
For instance, several days or weeks later, unusual activity for that account may receive a higher risk score/scrutiny
The cyber information helps inform risk models
It also helps inform investigations into fraud that is triggered/suspected from other channels.
Seeing the potential nexus of fraud and cyber intelligence gives investigators additional insight into what happened, and allows them to identify patterns that can be built into rules and models for future.
Set SLAs to manage account activity and/or trigger alerts accordingly
Solution
Trusteer Pinpoint monitors for malware. But how should we treat transactions that happen downstream?
Combining the information from Trusteer with the payments and user/account information in CounterFraud allows us to make smarter decisions.
Another ATO scenario (Phishing):
Credentials phished (not stolen via malware)
Fraudster goes to online banking website
Fraudster logs in with stolen credentials and looks like good customer…but…
Trusteer knows credentials were phished, some some risk,
Fraudster transacts (e.g. change password)
Depending how much time has passed since the phishing attack, its not clear yet if we should block the transaction based on the device data or transaction data alone
But when we look at the cyber and payment data together, it’s clear there is a risk
Set SLAs to manage account activity and/or trigger alerts accordingly
Solution
Trusteer Rapport monitors for phishing. But how should we treat transactions that happen downstream?
Combining the information from Trusteer with the payments and user/account information in CounterFraud allows us to make smarter decisions.
How Cyber Data + Counter Fraud Together Help Stop New Account Fraud:
Credentials purchased in underground
Fraudster goes to online banking website
Fraudster uses stolen credentials to set up a new account
Trusteer Pinpoint ATO knows the device is new, proxy has some risk, location/time is unusual
By itself this information isn’t definitive, so its passed to Counter Fraud
Fraudster transacts (e.g. set up new account)
Look at anomalous patterns of activity directly after setting up the new account (e.g. ACH, line of credit immediately after)
Helps in investigation too (and in discovering new patterns) because in i2 you can see relationships/patterns.
Counter Fraud can use the information from Trusteer in evaluating the risk
Cyber + other information together = better visibility into risk