In the wake of the interbank payments heists that exploited authentication and transaction verification weaknesses in SWIFT transactions, more banking institutions are shoring up their payment security practices, says Andrew Davies, a fraud prevention expert at core banking services provider Fiserv. One key move they're making, he says, is monitoring transactions for anomalous behavior in an attempt to catch fraud in real time.
After a series of SWIFT-related heists, including the February theft of $81 million from the central bank of Bangaledesh's New York Federal Reserve account, regulators have called into question banking institutions' interbank practices for verifying payments, Davies says.
In an interview with Information Security Media Group, Davies says that more U.S. banking institutions are improving their ability to analyze and monitor various transactions in an effort to prevent all types of fraudulent transactions. "They're really monitoring that historical behavior, looking for deviations, pulling data into consortium models provided by their vendors and looking at analyzing those transactions to make sure that if something is anomalous, they can stop the transaction before it's actually released into the settlement infrastructure," he says.
Banks need to go far beyond using multifactor authentication, Davies stresses. "There are really a number of risks that need to be dealt with, and probably the best way to do that is to ... look at some behavioral monitoring of the initiation of these high-value payments," he says.
Security Challenges of Real-Time Payments
Most SWIFT transactions that push funds from one bank account to another with no customer-facing approval are conducted in real time or near real time. So lessons learned from the SWIFT-related heists must be applied as the U.S. moves toward adopting faster payments for consumers, Davies says (see Gartner's Litan Analyzes SWIFT-Related Bank Heists).
"As we move to ... a faster payment network in the United States, we need to consider the fraud risks of introducing the real-time settlement of payments," Davies says. "You have to make sure that any deployment of a real-time payments system considers the broad risks."
During this interview (see audio player below photo), Davies also discusses:
Why the U.S. must consider establishing a centralized settlement system before deploying real-time payments; How core banking processors and vendors are helping institutions analyze data to predict fraud; How real-time payments could enhance commerce and improve security.At Fiserv, Davies serves as vice president of global market strategy within the company's financial crime risk management group. He has more than 20 years of experience in the software industry and has worked with many of the world's largest financial institutions, both private and public.