Fraud monitoring is an essential part of our financial institution’s online fraud detection and prevention program.
Continuous transaction monitoring considers all user actions – monetary and non-monetary, sensitive and non-sensitive – from the login attempt to the transaction. As part of this continuous monitoring, the anti-fraud system looks at actions and events like making changes to an account owner’s profile, adding a new beneficiary or payee, and registering a new device. The fraud prevention system also looks at the attempt and the outcome, either successful or failed. This builds a historical profile for each user action before, during, and after the action takes place. Having such a detailed historical profile helps the system identify anomalies (behaviors inconsistent with the account owner’s typical banking behavior) that indicate fraud may be occurring.
The second reason a fraud prevention system should perform continuous transaction monitoring is to detect fraud patterns. For example, a simple pattern indicative of account takeover would be:
- Check balance
- Add a new payee or beneficiary
- Send the maximum allowed transfer
- Refresh & check the balance
- Transfer any outstanding funds in the account
- A fraud prevention system that uses continuous transaction monitoring will be able to detect account takeover, malware attacks, and other types of cyberfraud - and intervene to stop it.
Continuous session monitoring is similar, but the monitoring only applies to the banking session. Continuous session monitoring analyzes all events within a banking session and tracks how the behavior of the user or the device has changed within the session to determine, for example, if there’s an indication of the session being taken over by an attacker (i.e., session hijacking).
Continuous session monitoring is done across channels and devices to identify potential risks. For example, if the banking session started on a PC but was authenticated with a mobile device. Or, if the user initiates a payment from one country and authenticates it in another, the bank can help prevent fraud by forcing authentication with the device that was used to initiate the session.