Online Banking: Tools Curb Fraud LossesUsing Predictive Analytics for Detection, Prevention
Pacific Continental Bank is relying on sophisticated behavioral analytics to not only detect but also curb fraud losses. Ocampo, the e-commerce manager at Pacific Continental Bank, says phishing attacks and spoofed web sites continue to plague online users and banking institutions.
In this interview, Ocampo discusses:
- The advantages of signing with a third-party rather than building an in-house analytical tool;
- How detecting online fraud can curb incidents that occur via other channels; and
- Why identity theft protection is a priority.
Ocampo is the e-commerce manager of Pacific Continental Bank, where she has worked for 14 years. She worked as a teller, office manager and call-center manager before to moving to Internet-banking product management in 2002. Since 2002, she has been involved in the bank's strategic e-commerce planning. She holds a degree in American studies from San Francisco State University and is a graduate of Western General Banking School.
Predictive Analytics to Curb FraudTRACY KITTEN: The use of predictive analytics is helping financial institutions curb fraud, and ultimately losses. One west coast financial institution has opted to sign with a third party provider to help catch sophisticated fraud schemes that manual processes might overlook. Mellani Ocampo, eCommerce Manager of Pacific Continental Bank, a $1.2 billion community bank that targets the needs of community-based businesses, healthcare professionals, professional service providers and nonprofit organizations. Pacific Continental recently deployed FraudMAP, to bolster its security and overall fraud detection.
MELLANI OCAMPO: We actually began looking at the FraudMAP product over a year ago. We were interested in the fact that it was not a rules-based fraud detection product, so we didn't have to guess what criminals were going to do before it would be detected. It's an intelligent product that learns from what it sees. At the time that we started looking, it was a little bit prohibitive, cost-wise, so we kept it on the back burner and waited. When Guardian Analytics released the service desk software option, which is significantly less expensive, and less hardware for our folks to manage, we decided to go forward with it.
Outsourcing to a Third PartyKITTEN: Did the bank consider designing its own in-house analytical tools before signing with a third party for an off-the-shelf solution?
OCAMPO: No, we really didn't. We do a lot of other things, and this is just one more piece of a really complex puzzle that is part of our fraud-protection tools. And, for a bank our size, with the expertise that we have, building our own in-house tools is not really an option.
Online Banking: Monitoring TransactionsKITTEN: Give us a little background on how this solution works. For instance, is it in the cloud, or is it something that can be customized that you could manage in-house if you wanted to?
OCAMPO: It is, essentially, a log monkey. That is what some of the IT folks call it. It is a database that brings in every item of activity for online banking and users. So, it is building a file of where those folks are logging in, and what they are doing when they log in, when they are logging in; and it is building a giant database that begins to notice "unusual activity," and it builds alerts based on those types of unusual items, and then it allows a human being to take a look and decide whether or not it really is something that looks like fraud.
Online Banking: Tracking the IPKITTEN: What types of fraud does FraudMAP solution detect? And, it sounds like it probably takes a couple of months for the system to actually build up some of these analytics and behaviors of your online users before it can even detect fraud.
OCAMPO: We started with about five weeks of data. So, as of today, I think we're seven weeks in with the user information. And I do expect that by the time we get to month No. 2, it will be a pretty smart system. It attempts to detect virtually every type of fraud that we are reading about in the paper. So, it's the man-in-the-browser, and it's the malware and the spyware and the keystroke-loggers and all the viruses that we're hearing about being installed on workstations, in companies and in homes all around. It tells us if a user is doing something unusual, something they've never done, or doing something that they don't usually do, and where they are doing it. So, it attempts to use the IP information to give a geographic location for where a user is logging in, and it will point out if someone is in New York at 7 a.m. and log in; and then, 25 minutes later, if they log in from a location in Santa Monica, it's going to say, "Hmm. That's not physically possible," so you'll want to take a look at that.
Monitoring Fraud Across Multiple ChannelsKITTEN: It's tracking online banking fraud, but what about other banking channels, such as the emerging mobile channel? Does it capture behavior habits or usage habits there as well?
OCAMPO: You know, I suspect that it would. Pacific Continental Bank has not introduced any banking via the mobile channel yet. It's something that is under consideration, but it is not something that we offer. So, I suspect if there are logs that show customer activity, then it probably would be in the billed data, based on those logs.
KITTEN: And so, would it track other channels, like the ATM channel, for instance?
OCAMPO: Not at this time, no. And there are actually similar fraud-protection tools in place on almost every other channel. So, Guardian Analytics and their FraudMAP tool are really filling a space that needed some filling. There are lots of other options on the other channels.
Fraud Begins OnlineKITTEN: When you decided to sign with FraudMAP, and I'm sure you looked at a number of solutions before going with Guardian Analytics, what other areas or what points of potential compromise was the bank most concerned about?
OCAMPO: Well, the over-the-counter fraud is always a concern. You know, identity thieves are stealing mail from mailboxes all the time, and they are creating signatures fraudulently; but, interestingly enough, some of that fraud begins online, and one of the things that the Guardian Analytics FraudMAP tool will point out is if a person logs in and looks at a check image that they have never looked at before, or maybe they have never looked at a check image before; so part of our traditional fraud detection is going to look back at the online channel, to try to identify whether fraud that happens over-the-counter in a branch actually started with an online issue.
Online is No. 1 concernKITTEN: And has the bank been able, Mellani, to reduce staff or costs associated with fraud detection by signing with a third party?
OCAMPO: You know, not yet. We didn't replace anything. This is just an additional tool. And so far, it is not requiring any additional FTE, so we're staying even, and that's good.
KITTEN: Before we wrap up, could give our audience any points of advice, to banking institutions that may be considering similar solutions?
OCAMPO: Every bank understands that online fraud is up and coming. I think there was a 600 percent increase in activity from 2009 over 2008, and the only advice that I would give is that it takes a very complex puzzle, with lots of different pieces, for us to detect fraud. It a matter of getting all those pieces to fit together for us to make it work. So, we feel like this is just another piece in our puzzle.