At BioCatch, our passion lies in combating fraud on a global scale. Recognising that no universal solution is applicable to all retail banks worldwide, we acknowledge the need to tailor our approach to each unique challenge. To truly address their issues, we invest time in comprehending the intricacies of these challenges. That's why our dedicated team of Global Advisors, Threat Analysts, and Pre-Sales consultants embarked on a journey across EMEA. Their mission? To delve into the diverse threat landscapes specific to different countries.
In this blog post, I'll guide you through the nine places we visited, and give you a snapshot of our key takeaways. I personally participated in the session in Copenhagen, allowing me to share my insights about Denmark. However, for the countries I couldn't personally attend, I've compiled feedback from my colleagues who were present. The very first leg of our tour was Madrid in Spain.
Before the session, armed with BioCatch data, we had insights into the widespread occurrence of phishing and smishing attacks in Spain. Additionally, we were well-informed about the swift rise of malware and remote access attacks in the region. Present in the session was Thomas Peacock, our Director of Customer Data Intelligence. When I discussed the four-hour session with him, he mentioned:
“In Madrid we had representatives from all our customers in Spain, along with attendees from other key banks in the country. It was great to see those yet to implement BioCatch chat about their pain points and learn from our customers of whom can happily state that those issues are long past them. Everyone in the room agreed that combating the mule accounts is key to making fraudsters’ lives more difficult, particularly in the changing landscape with increased scams and regulatory changes proposed with PSD3.”
Following Madrid, the team proceeded to Paris. Based on our data, France is a hotbed for phishing, OTP vishing, and ATO attacks. Moreover, there are significant amounts of spoofing taking place. One of our Threat Analysts, Oceane Lhuillier covered multiple agenda points on the day. Firstly Oceane ran through some comprehensive fraud threat intelligence relevant to France and then she covered an insightful, interactive slot on how to spot scams in real-time during the online banking session. Oceane said the following about the session:
“During the event in Paris, our capabilities in addressing scams and mules gathered significant interest among the attendees. What resonated most with them was the video reconstruction and the visual representation of swipes in mobile sessions. These elements vividly illustrated how behaviours can be utilised to detect fraudulent and criminal activities. The presentation of our working methodology sparked engaging conversations both during and after the event. Many participants appreciated the distinctive perspective and insights we offer, not only from a raw data standpoint but also through the powerful visualization tools available to our clients.”
During our international tour, we visited Frankfurt in Germany as well where we received great support from the German Banking Club. The session was attended by a large number of people, and Wiebe Fokma, one of our Directors of Global Advisory in EMEA shared his thoughts on the day:
“During the session, we encouraged the audience to speak up, so it was hard to predict the direction of the conversation. However, in Frankfurt, the discussion mainly focused on the limitations of video identification due to deep-fake fraud and its impact on account opening. However, later on the session, the conversation shifted towards the extensive issues caused by mule accounts. It was emphasized that it is crucial to identify these accounts before any transactions are made, to avoid any potential liability.”
BioCatch intelligence has unveiled a concerning trend in retail banks across the Nordics. The persistent threat of social engineering voice scams and vishing is casting a dark shadow over this region. Adding to the complexity, fraudsters are exploiting remote access tools to surreptitiously seize control of unsuspecting victims' accounts, with the ultimate aim of a full account takeover.
This very issue took centre stage in Copenhagen, prompting my realisation that not all countries and retail banks have grasped the transformative potential of behavioural biometric intelligence and its profound impact on fortifying the fraud defence system. At BioCatch, it is our belief that fraud defence systems must transcend traditional factors like device, network, application, and transaction intelligence. And by adopting behavioural biometric intelligence, banks can effectively employ a powerful magnifying lens on digital banking sessions, enabling fraud teams to truly understand the intentions of the user.
Iain Swaine one of our Directors of Global Advisory attended the Threat Talk Live session in Stockholm. He said:
“Sweden, much like the rest of the Nordics, has traditionally placed reliance on a robust identification system. This system, whether dispensed by banks for federated use across various platforms as a trusted ID validator or as a centralized ID provider, has served as a stalwart defence against unauthorized attacks for many years. However, in line with global trends, the escalating frequency of data breaches has rendered this system vulnerable to circumvention in social engineering attacks and voice scams. I will say that Sweden stands as an exemplary model of the potency of data sharing, particularly in the context of combating money laundering—an aspect that other European countries would be wise to examine and adopt. This proactive approach has been a response to money laundering challenges associated with subsidiaries in Baltic countries, and Sweden has effectively translated these experiences into advancements in their Anti-Money Laundering (AML) capabilities.”
After wrapping up in the Nordics the next stop was the beautiful city of Milan. Once again Tom Peacock our resident customer intelligence expert was in the room. He shared the following:
“The attendees heard from Ayleen Charlotte, a victim of the Tinder Swindler. They loved hearing a first-hand account of how scams impact human lives. And the session served as a stark reminder as to why we all do what we do. Also, one of our Spanish customers travelled to Milan to talk about their experience with BioCatch and how they believe behavioural biometric intelligence has revolutionised their fraud detection capabilities, particularly when it comes to remote access-based malware attacks – a key problem in Spain.”
Amsterdam, The Netherlands
Much like our experiences in other nations, the Netherlands and the broader Benelux region face their unique set of challenges in dealing with fraud. Particularly noteworthy are instances of Bank Help Desk fraud and the unauthorized takeover of accounts facilitated by remote access tools. After engaging in a conversation with Greig Burns, one of our Senior Threat Analysts who participated in the visit, it became clear that the discussions delved deeply into the importance of addressing challenges associated with data sharing. He expressed:
"The conversation extensively covered the actions and regulatory role of the government, as their decisions have a ripple effect on banks. While the regulatory framework is stringent in the realm of fraud, there seems to be more flexibility for sharing and collaboration in Anti-Money Laundering (AML). Representatives from different retail banks, who had not previously crossed paths, were present in the room. However, there was a palpable eagerness to foster more collaboration and sharing in the future. This is certainly an area to keep a close eye on in the Netherlands."
Following the conclusion of our activities in Amsterdam, the subsequent week saw the team flying to Zurich. Among the team members was Wiebe Fokma. Reflecting on the session, he said:
"Much like our experiences in Copenhagen, Zurich was marked by extensive conversations on scams and money laundering. The participants in the room appeared to be more acquainted with the practical application of behaviour insights in countering these types of threats. Additionally, there was a considerable discourse on how behaviour can play a crucial role in Know Your Customer (KYC) processes, ensuring that customers are legitimate and authenticating their claimed identities."
Over the past two years, the Middle East region, especially in the UAE, has witnessed a substantial rise in phishing incidents. In this country, fraudsters are displaying increased ingenuity through the use of deceptive tactics, such as fake job advertisements and holiday scams. Similarly, in neighbouring Saudi Arabia, similar trends are observed, including the persistence of issues related to money laundering accounts. Iain Swain, present at the session in Dubai, provided thoughts on what he witnessed:
“Dubai presents a fascinating blend of cultures and features a rapidly evolving architectural landscape, encompassing both physical structures and advancements in digital banking. The banking sector in Dubai encompasses a spectrum, ranging from major banking conglomerates to nimble, digitally focused smaller banks and traditional Islamic Banks. The digital capabilities and security measures employed by these institutions vary, leading to differing vulnerabilities.
There is an underlying concern regarding money laundering and financial activities, particularly following the Ukrainian conflict, which resulted in an increased flow of funds that would typically have transited through London. Questions arise about the adequacy of existing controls, prompting attendees to seek insights into best practices employed in Anti-Money Laundering (AML) and the handling of money mules in other regions.”
Key Takeaways for BioCatch and Retail Banks
In conclusion, our journey across EMEA has illuminated the diverse and evolving landscape of fraud challenges faced by retail banks. From the prevalence of phishing and smishing attacks in Spain to the sophisticated use of remote access tools in the Nordics, each region presented its unique set of threats.
- The discussions in Frankfurt highlighted concerns about deep-fake fraud and mule accounts, emphasizing the need for proactive identification.
- In Stockholm, Sweden's proactive approach to data sharing in combating money laundering served as a model for other nations.
- The Netherlands underscored the importance of collaboration in addressing challenges associated with data sharing, while Zurich delved into the practical application of behavioural biometric intelligence in countering threats.
- Dubai and Saudi Arabia revealed a surge in phishing and creative fraud tactics.
As we reflect on all these insights in the EMEA region, it becomes evident that a tailored, multifaceted approach, incorporating behavioural biometric intelligence is essential for fortifying global defences against fraud and AML in the ever-changing landscape of digital banking.
Therefore, if you work for a financial institution that is eager to strengthen its fraud and AML defences in 2024, and want to hear more about this multifaceted approach involving behavioural biometric intelligence please contact a member of our team and we will be happy to arrange an intelligence briefing.