JuicyConf 2021 was held 8-10 September, it was devoted to the new trends and risks in digital risk management. All the guests who attended the event — risk managers from Banks and Microfinance organizations — presented reports and discussed the topics related to the most relevant and burning problems regarding to fraud prevention market, current and expected trends of online business and the best ways of preventing the new types of online fraud. Today we would like to tell you about the most relevant topics that we managed to discuss, share with you the key results, some interesting conclusions and photos of our event.
We are really proud to announce that, according to the results of a survey we conducted right after JuicyConf 2021, all the respondents pointed out that the topics discussed during the conference were extremely useful and rather relevant. Companies' case studies, virtual machines and device randomization, a demonstration of fake digital fingerprint creating turned out to be the most interesting. A lot of the attendees noted that it was rather useful to communicate with the colleagues in an informal setting within the framework of the further business development.
Pavel Bolshakov, JuicyScore CEO and Founder initiated the discussion under agenda about randomizers issues. In recent years many financial institutions have witnessed the rapid growth of online fraud along with the damage caused by it. The increase in risks occurs due to several factors:
- manipulations with a digital fingerprint;
- the rate of darknet expansion, including fraudsters' technological skills - the process of randomizers creating has been simplified greatly.
Many fraudsters know how to bypass banking authentication systems, so there is a growing need for new fraud prevention solutions that would allow business owners to fight online fraud rather than its consequences. However, the emergence of new risk management technologies inevitably leads to the new fraudulent technologies and randomizers development.
In fact, one of the main problems is that online business losses caused by fraud amount to a significant proportion of companies' revenues and the numbers tend to grow (according acfe.com, financial institutions and other online companies lose from 5 to 15% of their income annually due to damage caused by online fraud. The growth of losses may increase subsequent to the growth rates in online banking and fintech markets (CAGR is approximately 14% per year).
According to JuicyScore, the growth of losses caused by online fraud is rather disturbing. Speaking about the new risks, business owners should pay great attention to the problem of randomizers and anti-detection tools, since they are one of the reasons for the sharp increase in the level of risk. According to our data, over 3 years the proportion of randomizers using cases has increased from 0.5-1% to 1.5-2% (in addition, the traffic itself has grown, and, consequently, the number of cases; the volume of using randomization tools can reach 5-10% on peak days). Moreover, about 60-70% of social fraud schemes occur with the use of various anti-detection/randomization tools during the money withdrawal/transfer. In the Russian Federation we observe 170+ thousand incidents per year, which involve randomizers in order to obtain loans. It is 20 times more than 5 years ago. The total amount of prevented damage over the past 12 months amounted to 3+ billion rubles.
The head of risks in ID Finance in Spain and Latin American countries Timofey Kostin presented the report related to the criteria of choosing a provider. Among the most important criteria he named reliability, efficiency, interaction and functionality. With JuicyScore data attributes, the company was able to identify 0.5-3% of high risk population in the issued loans portfolio, to subset the low risk segment 1.5-3 times better than the average. In addition to that JuicyScore data vector attributes allow enriching internal risk score models and define new types of fraud patterns.
Among the main components of the fraud assessment process, Timofey noted the device, network and fraudster's behavior. Great attention should be given to devices overlap or duplication, rare combinations with high risk level, combinations of connection parameters with high risk level, type of use (basing on IP address).
Marina Avramenko, Head of the Anti-Fraud Projects Department at Home Credit Bank in Russia, told to the audience about the big surge in social engineeringfraud in banks online channels in 2020. The fraud scheme is arranged in the following way: the client receives a call from an unknown person (fraudster often introduces himself as a bank employee or an employee of the Ministry of Internal Affairs/Central Bank etc., he also often uses number spoofing, imitation of call center and IVR). Fraudsters mislead the client, informing him about a suspicious transaction or application for a cash loan, after that they persistently offer to cancel the operation, saying that they act solely in the interests of the client, trying to imitate the bank's support service ("transferring the conversation" to another employee). Next, the fraudster asks the client to send his personal data - card details and a code from SMS. The client often does not read the text of the SMS messages, where the purpose of the codes and passwords is indicated, and gives out all the personal data to the scammers. According to Home Credit, in case when a fraudster constitutes a loan agreement with a withdrawal of funds to a debit card, on average, the client gives away about 5 codes.
Analyzing JuicyScore data and creating derived attributes, Home Credit Russia was able to expand the data that could identify anomalies in online customer behavior. In addition, significant results were achieved due to the configuration of the architecture and integration, in particular, making improvements in the processes and the big data platform. Among the most effective data and effective rules Marina noted digital fingerprint, device models, operating systems, tracking user activity by session.
A lot of guests noted the demonstration of creating a fake digital fingerprint, which was presented by our partners from NN2 - Alexey Orekhov and Maxim Klimashevich. In addition, they touched such issues as multi-accounting, compromised credentials and spoofing of a legal user. The table below shows the main stages of attacks and protective measures for online business:
In addition, a detailed analysis and examples of the most common inventory tools of online fraudsters were presented, as well as the degree of its hazard to financial institutions.
JuicyConf 2021 is a way to understand our customers' needs better and make our technology even more effective for your business. We were very glad to see all of you and talk about the topics and current issues you are interested in. It was nice to hear that our solution is one of the best on the risk-management market and one of the most efficient ones.
In preparation for the next event we are planning to focus on the following steps:
- Further development of randomizer fingerprints identification and solutions on system virtualization;
- Improvement of the efficiency of remote access detection via user behavior analyzing technologies;
- Creation of a platform/solution for joint traffic filtering for financial institutions and marketplaces;
- Development of automatic decision making component by adding a third method of self-learning of the system;
- Improving of the device matching technologies;
- Dynamic authentication.
Thank you for helping us to improve our solutions. See you on our next conference!