Managing Risk With Big Data & Analytics

There is no question that the sheer volume of available information has made countless industries more efficient and more effective.

Big data has transformed the way organizations analyze and optimize their internal and external business processes. For banks, data analytics tools and technologies have been particularly effective, especially for combatting risk and fraud.

Predictive analytics has been a part of most banks’ risk and fraud management systems for some time -- either via third-party identity verification and transaction risk-assessment solutions or through internally developed big-data engines. In both cases, these systems aggregate information from multiple sources so it can be analyzed in new, more effective ways. These solutions allow banks and issuers to gain greater visibility into customer behaviors and better assess the potential for risk. The information from these systems can provide fraud teams with real-time risk intelligence, which allows them to make better decisions based on hundreds or even thousands of risk variables.

Mike Gross, 41st Parameter

Over time, greater data accessibility and better analytic capabilities have changed -- and continue to change -- the way banks measure and calculate risk. While most large financial institutions were already considering stronger online authentication controls, the 2011 supplement to the Federal Financial Institutions Examination Council (FFIEC), "Authentication in an Internet Banking Environment," essentially mandated that organizations implement layered security models to help curb the risk of account takeover. This pushed corporations to implement new systems that offered unique insights into customer behaviors and hardened defenses against increasingly sophisticated and persistent attackers.

Of course, this drive for more data had a drawback -- many institutions added tools or risk attributes without a plan for integrating the functionality into existing data sources. This approach stranded much of the potential benefit in a single fraud prevention silo. In recent years, banks have taken enormous steps forward in integrating systems and connecting disparate data sources into large data warehouses that use big-data tools to bring together insights from all customer channels instantaneously. This represents a game-changing evolution in risk management, since organizations now have much broader and deeper visibility into customer relationships and can better target both marketing and fraud prevention efforts by leveraging this integrated data view.

While traditional data sources like identity verification, transaction history, and information from credit bureaus continue to be essential for risk management and compliance, attackers have become increasingly creative about devising new methods to defeat customer-identity based security. In addition, large data breaches have become so widespread that criminal rings have a virtually unlimited supply of compromised identity data -- including usernames and passwords -- that allows them to pass simple authentication methods.

This reality has driven many banks and e–commerce merchants to deploy complementary solutions like device intelligence, anomaly detection, and malware detection as additional layers in their risk evaluation process. These tools are fundamentally different from standard identity or credit–based systems because they assume that all identity data and account credentials have been compromised. As a result, these systems are used to evaluate risk based on device attributes, a consumer’s typical purchasing or credit behaviors, or signatures indicating the presence of malware.

However, scale continues to be an issue. Recent mega-breaches are often precursors to large-scale attacks that are identified by network monitors, systems, or individuals responsible for managing risk. But because there is such a high volume of attacks against major corporations, important clues may be missed, and the most critical threat information may not reach the team or executive responsible for protecting the organization in a timely fashion.

To combat this problem many institutions have brought information security professionals into the boardroom. Whether they have a chief risk officer or chief information security officer, executives recognize that big data and its real-time intelligence capabilities are incredible assets if the insights they enable are immediately available to be applied through new processes, risk rules, and defense mechanisms. That is why it is so important for organizations to have cross-enterprise visibility into customer activities whether online, via mobile devices, through call centers, in-branch, or through the millions of online and POS transactions.

Attackers can take advantage of even the single smallest lapse in security, leaving an organization vulnerable to fraud or the compromise of customer data. Integrating large volumes of customer data seamlessly and in real-time will be an ongoing challenge for large corporations. There are some effective approaches that highlight how putting the right information in front of the appropriate team can make a world of difference.

Data and analytics tools will undoubtedly create new opportunities for improving risk detection and prevention, so it's never been more critical for financial institutions to continue their leadership in adopting these technologies to stay a step ahead of cyber criminals.

-- Mike Gross is Global Risk Strategy Director at 41st Parameter.