Pace of growth scut­tles anti-fraud mea­sures

The Asia Pa­cific Fraud Man­age­ment In­sights - 2017, pre­pared by Ex­pe­rian in as­so­ci­a­tion with IDC, high­lights the preva­lence of iden­tity theft and other fraud trends in In­dia. Vaishali Kas­ture, MD, Ex­pe­rian Credit Bureau and coun­try head, Ex­pe­rian In­dia, di

Banking Frontiers - - News - mo­han@bank­ingfron­tiers.com

Vaishali Kas­ture, MD, Ex­pe­rian Credit Bureau and coun­try head, Ex­pe­rian In­dia, dis­cusses The Asia Pa­cific Fraud Man­age­ment In­sights - 2017

N. Mo­han: Vis a vis the find­ings in the Asia Pa­cific Fraud In­sights Re­port -2017, where do In­dian banks and fi­nan­cial in­sti­tu­tions stand in terms of their ca­pa­bil­ity to fight frauds?

Vaishali Kas­ture: I think when we look at the var­i­ous sec­tors, In­dian banks have taken cue from their global coun­ter­parts. They have set up ded­i­cated teams and in­stalled nec­es­sary hard­ware/soft­ware be­cause they are aware of frauds and they know that they need to in­vest in anti-fraud sys­tems as they have suf­fered be­cause of frauds. The BFSI sec­tor is usu­ally the guid­ing bea­con of all the changes that hap­pen and the other sec­tors sort of just fol­low in any kind of change, es­pe­cially in tech­nol­ogy, in terms of fraud, in terms of an­a­lyt­ics. So, it is at the fore­front of this change. I think there is lot of in­vest­ment and thought go­ing into fraud man­age­ment and they rec­og­nize that fraud is key, and fraud is im­per­a­tive es­pe­cially in a sce­nario of mod­ern­iza­tion of the bank­ing sys­tem, dig­i­ti­za­tion, their want­ing to be­come pa­per­less, fric­tion-free, etc. It is ob­vi­ous that there are el­e­ments of this which makes the bank­ing sys­tem more open to frauds. Even in pa­per-based sys­tems, there are lot of frauds hap­pen­ing. So, I am of the view that banks to­day are pre­pared, they are in­vest­ing in sys­tems and they know no mat­ter how much you do, the fraud­sters are one step ahead.

As bank­ing sys­tems get more in­tel­li­gent, so do the hack­ers. There is a re­al­iza­tion of this as­pect. Of course, there are la­cu­nae. They are also aware of so­lu­tions avail­able i - for ex­am­ple at Ex­pe­rian, we have a fraud de­tec­tion tool Hunter, which can pre­dict fraud pat­terns and alert banks of a seem­ingly likely fraud hap­pen­ing. Hunter works by telling banks and in­sur­ance com­pa­nies that there is an in­ten­tion to com­mit a fraud on the part of a cus­tomer.

Do you think In­dian banks are lag­ging their

in­ter­na­tional coun­ter­parts?

I do not think you can paint all the banks in the same color. For ex­am­ple, a few banks in In­dia are per­haps a bit more ad­vanced in their thought pro­cesses and have gone dig­i­tal faster than the other banks who are yet to start their dig­i­tal jour­ney in full steam. But, there is a huge amount of aware­ness among banks that fraud is preva­lent and they need to pro­tect their sys­tems, their data, in­for­ma­tion and their cus­tomer in­ter­ests. Some banks are ahead in the game be­cause they adopted new method­olo­gies faster than the oth­ers. In the last 4 to 5 years, there have been in­stances that have em­pha­sized on the need for ro­bust data se­cu­rity mea­sure. Be­cause though banks are be­com­ing tech savvy, the hack­ers are be­com­ing more tac­ti­cal and in­tel­li­gent as well.

The sec­ond point I would like to com­pare is that the pop­u­la­tion in the US or any of the coun­tries in Europe, it is just a cou­ple of mil­lions but in In­dia it is nearly 1.3 bil­lion. So, the amount of data that is avail­able with In­dian banks is typ­i­cally very huge com­pared to the global banks. Even if you com­pare data that we credit in­for­ma­tion com­pa­nies col­lect and process, it may be much big­ger than say the whole of Europe put to­gether. There­fore, the pace at which the re­tail in­dus­try is grow­ing, the pace at which dig­i­tal is grow­ing, the pace at which ap­pli­ca­tions are grow­ing is enor­mous. Peo­ple say in 5 years, the re­tail book will dou­ble. And when you have so many chan­nels in op­er­a­tion and oth­ers are com­ing, your growth be­comes so fast that the op­por­tu­ni­ties to fraud at var­i­ous lev­els are more. It is not static frauds that are hap­pen­ing, but frauds are dy­namic in na­ture.

To­day, more than 75% of frauds that hap­pen at the ap­pli­ca­tion level are ma­jorly be­cause of iden­tity theft. This would mean that one should be very care­ful in us­ing and then dis­pos­ing copies of their PAN card or Aad­haar or any such per­sonal iden­ti­fi­ca­tion doc­u­ments.

But, banks claim they have ef­fec­tive sys­tems in place to counter this, like KYC, back­ground checks. Do you think these are suf­fi­cient?

When you are go­ing on the dig­i­tal chan­nel, you can do your eKYC, or Aad­haar ver­i­fi­ca­tion. But, when you are do­ing pa­per­based ap­pli­ca­tions, you have to take a copy of your iden­ti­fi­ca­tion proof. The rea­son why fraud is be­ing caught is be­cause lend­ing in­sti­tu­tions are do­ing these checks. If you look at Ex­pe­rian’s Hunter’s data­base to­day, over the last 5 years, we have taken ap­pli­ca­tions from 90 in­sti­tu­tions, shared this in­for­ma­tion with banks and fi­nan­cial ser­vices in­sti­tu­tions in a closed user group for­mat and are cur­rently, we are screen­ing 3.2 mil­lion ap­pli­ca­tions monthly

on Hunter. Thus, through this ro­bust fraud de­tec­tion frame­work, we have saved BFSI com­pa­nies from po­ten­tial fraud worth Rs 10,200 crore in FY17.

Though the iden­ti­fi­ca­tion of these frauds were based on the com­par­i­son of PAN cards, Aad­haar cards or other mul­ti­ple such at­tributes, there can also be in­stances of in­tel­li­gent fraud. It can be done in a way where the PAN card, Aad­haar card and email ad­dress all match. There are so­lu­tions and tools avail­able to do this which we of­fer and the in­dus­try is look­ing at these so­lu­tions in pos­i­tive light. Ev­ery­one is not do­ing a bio­met­ric check. Just hav­ing your PAN num­ber or Aad­haar num­ber, one can only check whether the PAN or Aad­haar ex­ists and not the bearer’s au­then­tic­ity.

What could be the so­lu­tion?

If you go to a telco out­let and sub­mit your Aad­haar card, you are sub­mit­ting your bio­met­rics. The mo­ment you use the dig­i­tal method of ver­i­fi­ca­tion, you can know that the per­son who is walk­ing in is the real per­son. There is op­por­tu­nity then for frauds to re­duce. But for ev­ery in­ter­net trans­ac­tion to hap­pen it is not prac­ti­cal to do a bio­met­ric ver­i­fi­ca­tion.

How­ever, there are so­lu­tions like our pro­posed dig­i­tal fraud de­tec­tion tool Fraud­net, which is go­ing to help you map a user’s de­vice. So to­day, if I am go­ing to do my bank trans­ac­tion us­ing a mo­bile de­vice, and if to­mor­row I am go­ing to use an­other de­vice, there can be an alert sent to the bank. Al­ter­na­tively, if a fraud has been de­tected while us­ing one de­vice, this de­vice can be black­listed. The user group may be the same but this de­vice through which the trans­ac­tion has taken place can be sus­pected. There are such sys­tems in the mar­ket in the west which re­ally help pre­vent frauds. Since the fu­ture is all dig­i­tal and since all trans­ac­tions - whether tak­ing a loan, or mak­ing a pay­ment or open­ing an ac­count - are go­ing to be on the de­vice, the fo­cus would need to be on the de­vice that is be­ing used.

Do you think bio­met­rics can be pos­si­ble on de­vices that are be­ing used for trans­ac­tions?

I am sure this will de­velop and could be a re­al­ity. You have sys­tems that are ca­pa­ble of face recog­ni­tion or voice recog­ni­tion. But the fact re­mains that pen­e­tra­tion of the smart­phones only will al­low you to do fin­ger print scan­ning or iris scan­ning. So, even these de­vices need to pen­e­trate. In­dia has some 500 mil­lion in­ter­net con­nec­tions, but I do not know how many of them have smart­phones. In In­dia when a new tech­nol­ogy comes in, we are very adept at leapfrog­ging. We can eas­ily skip a cou­ple of stages in its devel­op­ment. But, when you leapfrog through tech­nolo­gies, there are al­ways gaps, and these can fur­ther lead to fraud.

What about the ser­vice In­dian banks of­fer post-fraud?

From our re­cent Fraud Man­age­ment In­sights 2017, we have found that In­dia is grow­ing at a fast pace in dig­i­tal adop­tion as com­pared to the rest of Asia-Pa­cific. We are grow­ing so fast that in­stances of frauds are also quite high than the rest of Asia. How­ever, In­dia’s dig­i­tal trust in­dex is sur­pris­ingly higher than the rest of the coun­tries in the APAC re­gion. If we look at bank­ing, the score is 5.12 for In­dia as com­pared to 4.95 for the re­gion on a scale of 10. This is de­spite the high rate of frauds. It is be­cause when a fraud takes place, the con­cerned bank will nor­mally bend back­wards to make sure that the ex­pe­ri­ence that af­fected the cus­tomer is not trau­matic and amended. The banks will also make sure that the cus­tomer is not hurt fi­nan­cially, they will reach out to the cus­tomer and talk to him and ar­range to file com­plaints and make re­funds.

How would you fore­see the fu­ture in the light of the in­creas­ing dig­i­ti­za­tion?

I think we have a long way to go. I keep say­ing that whether it is in­sur­ance com­pany or a telco or a bank, the fact that they are so fast on dig­i­ti­za­tion makes frauds also grow in par­al­lel. It is only by adopt­ing new tech­nolo­gies and con­stantly try­ing to check one’s own data­bases and fraud preven­tion sys­tems these in­sti­tu­tions can over­come frauds to some ex­tent. In fact, there are 2 parts - one when you are a bank and a cus­tomer con­tacts you whether on­line or in per­son, there is al­ways a chance for a fraud. Sec­ond, is your own data­bases should be strong enough to pre­vent frauds. In­dia will con­tinue to grow at a very fast pace, es­pe­cially since the gov­ern­ment is en­cour­ag­ing dig­i­tal adop­tion. De­vel­op­ments like the cre­ation of tech­nol­ogy stacks have hap­pened in the last 2 or 3 years and we believe that the banks and the gov­ern­ment should con­tinue to in­vest in mak­ing our sys­tems safe. It has to be a daily ex­er­cise to come in and to make sure your sys­tems and cus­tomers are safe.One thing I want to em­pha­size is that it is not just the bank’s re­spon­si­bil­ity to pro­tect a cus­tomer’s dig­i­tal iden­tity. It is the cus­tomer’s job as well. I believe in In­dia, peo­ple are a lit­tle care­less while shar­ing vi­tal per­sonal in­for­ma­tion - like shar­ing pass­words, stor­ing pass­words on mo­biles or do­ing bank­ing trans­ac­tions in pub­lic Wi-Fi con­nec­tions, or even copy­ing Aad­haar or PAN cards and keep­ing them ac­ces­si­ble to un­known en­ti­ties. A sim­ple step a per­son can do in this

re­gard is to ob­tain his or her bureau re­ports pe­ri­od­i­cally, which give ex­ten­sive in­for­ma­tion like the trans­ac­tions he or she has made, loan ap­pli­ca­tions he or she has filed and other open items un­der his or her name. For ex­am­ple, if some­one else has gone and got a credit card or a per­sonal loan in his or her name, the re­port will clearly say so. The per­son can then im­me­di­ately point out to the bank or the con­cerned en­tity about this fraud. Like how you do your health check-up to pro­tect your health and pre­vent fur­ther is­sues, you must have an iden­tity check-up to pro­tect your iden­tity from be­ing stolen or mis­used.

What holds good for fraud preven­tion in the fu­ture - ar­ti­fi­cial in­tel­li­gence, ma­chine learn­ing, an­a­lyt­ics?

I am of the view that it will be a com­bi­na­tion of a lot of tech­nolo­gies com­ing to­gether. When it comes to con­sumer level fraud, since the coun­try is go­ing to be­come more dig­i­tal, a lot of the frauds can be pre­vented by track­ing down peo­ple’s de­vices where fraud­u­lent trans­ac­tions have taken place. It is go­ing to be a com­bi­na­tion of hard­ware and soft­ware. Things like ma­chine learn­ing will help be­cause it is learn­ing from prior be­hav­ior. Credit in­for­ma­tion com­pa­nies will also have a role to play. Be­cause such com­pa­nies sit on in­for­ma­tion of about 350 mil­lion peo­ple in the coun­try. We un­der­stand con­sumer be­hav­ior as well.

What are the fraud-preven­tion prod­ucts that Ex­pe­rian in­tends to bring to In­dia?

We are in the process of in­tro­duc­ing a tool, which is a dig­i­tal iden­tity pro­tec­tion tool for the con­sumers. It is very pop­u­lar in the west, but it is yet to come to In­dia. If a cus­tomer buys this tool, the cus­tomer can say he wants to pro­tect email ID, Face­book pro­file and 2 credit cards and post that he shares data with Ex­pe­rian. What Ex­pe­rian will do is it will con­stantly mon­i­tor the dark web, where stolen iden­ti­ties are sold. So, at any time his iden­tity finds men­tions in the dark web, he knows that his iden­tity has been stolen or com­pro­mised. Any per­son can call Ex­pe­rian and get this tool. This is a sub­scrip­tion-based tool. Even banks can pur­chase this prod­uct and of­fer it to their high value cus­tomers. In In­dia-spe­cific searches, we were sur­prised to find that there were lot of in­for­ma­tion float­ing on the dark web. In­dia has a great pen­e­tra­tion of mo­bile apps - there are on an av­er­age of 3 apps per per­son on the re­tail side, which is the high­est com­pared to any other coun­try in APAC re­gion.

What is Ex­pe­rian’s edge in the In­dia sce­nario? How does it stand out?

Un­for­tu­nately, peo­ple still think Ex­pe­rian is only as a credit in­for­ma­tion bureau. When we look at In­dia, given the pace at which credit growth is hap­pen­ing in the light of the fi­nan­cial in­clu­sion agenda of the gov­ern­ment, and given the growth of dig­i­tal, I think we are well placed in terms of how we pro­vide a so­lu­tion to a client. If the client needs a one­point so­lu­tion that can help it in its lend­ing jour­ney - whether it is a bank or a NBFC or a P2P lend­ing in­sti­tu­tion or any other en­tity - cov­er­ing the full life cy­cle of the loan from orig­i­na­tion to res­o­lu­tion, we can be of help. When lenders are try­ing to give loans, we can help them scan the mar­ket and do a mar­ket study for them.

We have con­sult­ing ser­vices in In­dia and these ser­vices are ef­fec­tive be­cause we un­der­stand con­sumer be­hav­ior. So, when a com­pany is plan­ning to get into the re­tail lend­ing space in any man­ner, we can help it to map the mar­ket. Then, we can give it sys­tems that can han­dle tasks right from orig­i­na­tion to de­ci­sion mak­ing to col­lec­tion and walk it through the en­tire jour­ney. We can help it to build cus­tom­ized score cards that are rel­e­vant to their prod­ucts. We can host those score cards. So, if a client needs a two-wheeler score card, we can build it and host it for the client, if it is a small com­pany, and if it is a big com­pany we can give the li­cense. We can do a dy­namic main­te­nance of the score card and keep tweak­ing it as re­quired.

When it comes to col­lec­tion, we have a sys­tem which is best in class, which will help an in­sti­tu­tion by con­nect­ing to the orig­i­na­tion sys­tem, run­ning the score card, de­vis­ing strate­gies on how to do col­lec­tions and pro­vid­ing a mo­bile app for the field col­lec­tions. And of course, we are a bureau.

There is a lot of in­no­va­tion we are do­ing in the space of al­ter­nate data to help un­banked/ new to credit con­sumers get ac­cess to credit or build a credit his­tory even if there is no im­me­di­ate need of loan. This is very crit­i­cal con­sid­er­ing the dig­i­ti­za­tion and fi­nan­cial in­clu­sion in the coun­try help­ing or­ga­ni­za­tions tap a large base of un­banked pop­u­la­tion.

If I look at com­pe­ti­tion, I do not think any other en­tity has this range, this end to end model of data, which has the bureau at the cen­ter, soft­ware, an­a­lyt­ics and con­sult­ing. I think that is our dif­fer­en­tia­tor.

Vaishali Kas­ture points out that more than 75% of frauds that hap­pen at ap­pli­ca­tion lev­els are be­cause of iden­tity thefts

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.