Scott Neil – The Royal Gazette, December 9, 2019
Digitisation is changing the world in good, bad and ugly ways.
Exactly how was spelled out by Richard Hoehne, global leader, counter fraud and financial crimes, at IBM Global Business Services.
He said on the good side, digitisation is making life easier for everybody, such as allowing people to go online and with about ten attributes open a bank account.
“The other thing we are starting to see is the introduction of real-time payments — instantaneous payments, peer-to-peer payments,” he said.
“This is making it easier for businesses and consumers to conduct business and share money. The ability to wire money directly at the consumer level is going to make life a lot easier.”
However, there’s also a bad side to digitisation. Mr Hoehne said it was “like robotic process automation for the bad guys”.
He said: “Not only can you open an account in less than five minutes with ten attributes, so can the bad guys.
“What is scary is the amount of IDs that are available for next to nothing on the deep web.”
Thousands of identity profiles can be set up in a robotic process automation programme that then probes every bank with a digital interface, in a bid to open false accounts.
Mr Hoehne said if the bad guys open a false account they can then either combine it with the individual’s whose identity they have used, or they can create a “bust-out account”.
Explaining a bust-out account, he said it is an account operated for a short time and which probably has a credit card connected to it. A fraudulent cheque is paid into the chequing account to pay off the credit card. The bank will eventually find out what is going on and take action.
“But before then you have racked up $20,000 or $40,000 of credit that you’ll bust out and eventually walk away from,” Mr Hoehne said.
“This creates a very nice environment for the bad guys. They can be anonymous, they don’t have to expose themselves physically in a branch, plus (they) do it a thousand times faster.”
Mr Hoehne was the speaking at the International Cyber Risk Management Conference, held at the Hamilton Princess and Beach Club.
He said criminals can use peer-to-peer payment systems to move money to other accounts they control.
“Criminals and money launderers are going to enjoy this feature that has made our lives easier,” Mr Hoehne said.
Turning to the ugly side of digitisation, he said this was found when combining the ease of opening accounts and making peer-to-peer, real-time transactions, with other digital cyberthreats.
He said the emergence of social engineering is driving cyber coverage claims and payouts.
“The ability to conduct confidence scams, coupled with real-time, peer-to-peer payments, is creating a fairly significant risk for insurers and also the retailers, the banks, and others who may have to make good on some of the losses that occur.”
He warned that wire transfer fraud could multiply in the future, and also that social engineering is increasing in sophistication.
He spoke about the cyber-heist that hit the Bank of Bangladesh in 2016, where hackers studied and then mimicked legitimate transaction orders to transfer close to $1 billion from the Federal Reserve Bank of New York. The Fed bank blocked the majority of the orders as suspicions were raised, but the hackers managed to get away with $100 million, of which around $65 million has not been recovered.
Similar frauds on a much smaller scale can befall individuals. Mr Hoehne said a bad guy can listen and look for invoices going to a home account, and then present an e-mail that looks exactly like the genuine invoice the individual would expect to be paying, such as to cover a monthly fee.
“The only difference is when you click the link to pay it with your real-time payment, it’s going to the bad guys and not the person you bought the service from.”
Mr Hoehne also said liability is shifting and the onus is now on insurance companies to have adequate fraud protection against scams and deceptions.
In addition, clients increasingly expect insurance companies, banks and others to protect them from being tricked by fraudsters.
One ways to defend against cyberfraudsters is through account authentication, which has traditionally kept the “bad guys out”, said Mr Hoehne. Another way is with transaction monitoring, which can signal an alarm when something happens that is considered not normal behaviour for the individuals involved.
“If I start to understand what those normal behaviours look like and monitor those, I can hopefully spot transactions that seem anomalous, that are not consistent with the normal behaviour, and then I should be able to intercept and protect against those occurring,” he said.
Mr Hoehne made his comments during the conference’s fireside chat with moderator Adam Segal, director of cyberspace and digital policy programme, at the Council on Foreign Relations.
Link to original article: http://www.royalgazette.com/business/article/20191211/good-bad-and-ugly-of-digitisation