Over the last two years, risk landscape has changed. There have been a number of high profile attacks across the globe which has been financially motivated. Nature of attackers has also changed from individual attackers to hacker syndicates working towards significant financial gains. These hacker syndicates are using a combination of domain (Banking, Telecom) knowledge, technology and insider information to execute fraudulent transactions.

Traditional controls including firewalls, IDS, infrastructure attack monitoring, URL filters, application security controls are not effective in detecting and mitigating these new risks. Hence, transaction monitoring has emerged as a critical function in banks given the increase in fraud from internal and external sources.

Banks are used to the concept of transaction monitoring for credit cards. However hacker syndicates are now targeting other channels, including Internet banking, ATM, mobile banking and hence transaction monitoring needs to be extended to other channels. In the following sections we discuss the role of transaction monitoring in managing these risks and also look at the possible options for transaction monitoring.

Detecting Fraud using Transaction Analytics

Transaction monitoring serves the objective of detecting suspicious transactions early, thereby containing large scale fraud. Using transaction monitoring all banking channels including branch can be monitored for suspicious transactions. Suspicious transactions can be detected using exact rule match or using advanced technique of neural networks for learning the transaction patterns and detecting deviations. Though neural networks based detection is beneficial, one needs to exercise caution since these systems do not deliver the right results unless the volume of transactions matches the data required for learning algorithms to work. More pragmatic approach is to go for rule based matching systems. Some examples of fraud rules across Internet Banking, ATM and other channels can be-