Saryu Nayyar | Toolbox.com »
Customer concerns with the anti-money laundering (AML) and know your customer (KYC) use cases focus on preventing financial fraud, but existing tools don’t see the whole picture, says Saryu Nayyar, CEO of Gurucul. Deploying an advanced behavioral analytics solution offers a comprehensive view needed to identify aberrant behavior.
Today, multiple industry verticals have concerns about anti-money laundering (AML) and know your customer (KYC) use cases, with a particular focus on preventing financial fraud. Existing tools may be limited by a lack of context in that they do not see the whole picture. Deploying an advanced behavioral analytics solution can give an organization the comprehensive view necessary to identify aberrant behavior.
AML and KYC use cases, while different, share some characteristics. The need to validate user identity and assure transactions as per approved policies and regulations is common to both. However, different tools are used to perform user validation and verification and transaction verification for AML purposes. However, those tools often lack a comprehensive view that can reveal unauthorized, malicious, or restricted activities.
Behavioral analytics gives a comprehensive view of the situation, consolidating events from all available sources to deliver a unified risk score. That risk score gives automated systems and live analysts a starting point to act immediately and the deeper underlying data needed to properly investigate the incident. Rather than seeing a stream of isolated incidents that may or may not indicate a problem, the system delivers the context necessary to put things into perspective.
Knowing Your Customer
Being able to validate or “know” your customer can be vital in some verticals. While it may be of little consequence for a web-based video game or sandwich shop loyalty card, many industries need to make sure the customers are who they say they are and are appropriately qualified to access the organization’s services. For example, insurance agents who may be accessing the company’s dedicated portal need to be fully vetted. Or medical offices that may have access to a pharmaceutical company’s sales portal. In either case, it is vital to assure only authorized, and qualified people have access to the systems.
There are many other cases where the customer needs to be validated, and existing validation schemes may not be adequate to assure that the user has not been compromised.
An example of this could be sales agents using borrowed credentials to access data for other regions under another agent’s identity to pull competitive information or book policies they would not be authorized to do. While an initial validation would authorize the account, it requires additional tools to make sure the account is not being abused. The same thing could apply in several other cases where credentials are misused after their initial creation and validation.
Behavioral Analytics for Validating Customer Activities
Behavioral analytics provides an extra layer of defense that is not available through other means. While multiple tools exist for access control, monitoring, etc., they often operate in silos and rarely share data. And while isolated events may not be seen as a specific threat, the reality can be quite different. Without a skilled analyst to piece the situation together, using their own experience and knowledge of the environment and the processes within, security events can pass under the radar until long after the event or series of events have happened.
By consolidating all of the available data sources, getting disparate security information out of their silos, AI-based behavioral analytics can provide a unified risk score and the context needed to quickly and efficiently identify the behaviors associated with unauthorized activities. Further, by applying machine learning algorithms, a behavioral analytics system can learn what is considered normal in the operating environment. This capability lets the system spot outliers without having to rely on custom tuning for each specific case. It adapts automatically and rapidly to the unique conditions it encounters in each installation.
For example, sales agents may have specific limitations on the kind of transactions they can perform. However, it may not be unknown for agents in different regions to share credentials and abuse the system. By monitoring where and when user credentials are employed and for which transactions, it’s possible for a behavioral analytics system to recognize the unusual activity and flag it for further investigation.
Similarly, each agent will tend to have a pattern of activity that is unique to them. What they do, when they do it, what kinds of transactions they engage in all form a pattern of behavior that is unique. When an agent significantly deviates from their usual pattern, it may indicate nothing more than a normal change in work habits, expansion of their customer base, or a special event for the organization. In each of those cases, multiple indicators would point to a normal change. However, those indicators could point to account compromise, unintentional misuse, account sharing, or conscious malicious activity.
With artificial intelligence and machine learning, each customer’s behavior is tracked individually and compared against established baseline expectations and peers. While it is possible for a skilled security analyst to accomplish this, they rarely have the time or resources to delve into individual user behaviors. Even a team of skilled analysts cannot scale enough to cover an entire organization and its customer space. Here, behavioral analytics lets the security operations team scale to protect the entire organization by giving them unified risk scores up front, backed by the details needed to fully analyze a threat.
Behavioral Analytics Against Fraud
Detecting money laundering, a form of financial fraud poses similar challenges to those outlined for customer vetting and transaction validation. In this case, the suspect activity is within the pattern of transactions that constitute the incident.
While financial institutions have systems to detect fraud, they are often siloed and may not include the full range of security information that can give proper context and identify fraudulent behavior. This problem may also arise in the retail sector, especially when the retailer serves as a marketplace for third-party vendors.
For example, a marketplace needs to validate their vendors are selling goods they claim with legitimate transactions and not using the system for fraudulent activity. Behavioral analytics could consolidate the known transactions with data from the distribution system, combined with known returns and final customer responses verifying the transactions. From that data, patterns emerge, and vendors abusing the system become obvious.
Advanced behavioral analytics provides a valuable tool for KYC and AML use cases by combining data across all available sources to deliver a unified risk score. The risk score can identify suspect users, customers, or vendors, that engage in inappropriate activities by their composite behaviors, not just single unrelated events.
Gurucul’s Unified Security and Risk Analytics platform is uniquely suited to this application. Combining a vendor-agnostic data lake that can accept data from any source can pull information out of silos to present a contextual view of the security situation. By employing artificial intelligence and machine learning, the system can generate an accurate picture of the entire environment and apply peer group analysis to note when individual users stray beyond expected norms while simultaneously giving each user their own context to know the difference between a range of normal behaviors and a true aberration.