My goal: to stay one step ahead of cyber criminals at all times

News item -

As a great deal of criminal activity now takes place online, it is increasingly important for us, as a bank, to protect our clients. To do this we use cutting-edge technology, such as big data and machine learning. And when developing new products and services we make sure security is given priority from the outset.

By Bart*, Information Security Expert at ABN AMRO's Corporate Information Security Office

Debit card transactions in Indonesia

Imagine that you go to Indonesia for a fantastic holiday. After you return, you start to see money disappear from your account. The relevant transactions take place in Indonesia and are made using your debit card, even though you have been home for some time. You have become the victim of skimming, and our systems already know this, based on the data relating to your payments. After analysing the data, we apply certain rules. In this case, if a debit card transaction takes place in Indonesia less than 10 hours after you leave the country, your debit card has probably been skimmed. One of my colleagues is sent a notification and blocks your card to prevent further use.

Your PIN on the dark web

We send you a push notification explaining what has happened and how you can access your money through other channels. People sometimes think that the person who takes your money from your account is the person responsible for skimming your debit card, but this is not normally the case. Instead, skimmers sell the copy of the magnetic strip (the black stripe on the back of your debit card) and your PIN on the dark web to the highest bidder. This means that in practice, we also see cases where transactions involving the client's debit card take place in India or the US, even though the client has never been there.

Forewarned to protect against fraud

Our goal is to ensure our clients are even better protected against these forms of fraud, primarily by staying one step ahead of the criminals. By looking at data even more closely, analysing data even more quickly, and making use of machine learning, we can identify patterns in the data and take action. For example, we know which Indonesian point-of-sale terminals are used to skim people. If we see that you used one of those terminals, we take action to protect you. Make no mistake: when it comes to the kind of fraud we see on a daily basis, skimming is just the tip of the iceberg.

Artificial intelligence identifies suspicious situations

We are currently seeing an increase in cross-channel fraud, including a marked increase in phishing in recent years. This is no longer limited to African princes offering to share their inheritance with you. Phishing emails look much more genuine today, and cyber criminals also using other channels to contact clients. They are becoming more and more ingenious in how they work. For instance, the websites lurking behind the links you are asked to click on look dangerously convincing. We try to combat this kind of fraud by providing information and advice, but we can tell that this is not enough, which is why artificial intelligence constantly scans payment activities in current accounts. If we detect a strange debit entry or a fraudulent device, or the system recognises an account number that we have linked to phishing activities, we try, as a bank, to take preventative steps before fraud can be committed.

We may not be the first, but we offer the best security

In short, machine learning models learn from the data feeds that they have at their disposal. This means that, in addition to being able to identify more patterns, the system also recognises more ‘suspicious situations’. It can also respond by taking action. Our team therefore focuses on prevention and solutions that demand more creativity. After all, cyber criminals are not standing still, and the techniques they use are becoming more and more sophisticated. Cybersecurity is starting to be given greater prominence within the bank. As part of this, I'm involved in the development of new products at an early stage to ensure the principles of security by design are applied in practice. This means we may not be the first to introduce certain new innovative products, but when we do introduce products we offer the best security. It is vital that the client journey is mapped out and that the associated fraud risks are identified, as this allows mitigating measures to be taken. Protecting clients against day-to-day cybersecurity attacks is of utmost importance to us.

I wouldn't want to do anything else

My work involves a wide variety of activities. These include maintaining an ongoing dialogue on requirements with the business, identifying fraud risks associated with new technologies we want to offer our clients, resolving incidents, and developing rules and machine learning models. And sometimes when I arrive at the office it's all hands on deck, because we need to take immediate action in response to incidents. When that happens we really need to buckle down, but at the same time it's exciting. It makes my work highly stimulating and varied, and I wouldn't want to do anything else!

* 'Bart' is a fictitious name adopted for security reasons.


Filter on