• silicon.com
• Management
• CIO Insights

By Tim Ferguson, 28 May 2009 16:34

NEWS

HSBC is fighting financial fraud by overhauling its approach to transaction monitoring and examining how emerging technologies could improve security.

The bank is looking to bring all of its fraud detection systems onto a single platform, its head of group fraud risk at HSBC, Derek Wylde, told silicon.com.

"This really stems from a desire by HSBC two or three years ago to rationalise the number of different fraud solutions we have around the group," he said.

"As you can imagine, in a group our size, which has grown up as a result of a lot of acquisitions, we have a lot of legacy systems and vendor solutions deployed in different countries," Wylde added.

The bank chose to implement the real-time fraud detection system from business analytics company SAS for card-present transactions.

While 80 per cent of HSBC-issued cards are now covered for such transactions, other types of transactions are monitored by a range of other systems - including offerings from ACI, Fair Isaac and MasterCard.

In the future, HSBC will use the SAS technology to monitor all transactions - be they card-present, phone or online. This would mean that if, for example, a card was used in a supermarket and in an online transaction at the same time it would be flagged up much more quickly.

"We're monitoring [transaction] activity by channel. What we want to do with the SAS solution is to monitor activity at a customer level," Wylde added.

The cross-transaction SAS system is due to be piloted in Asia in the near future, after which it should be rolled out across the bank globally.

The technology works by screening every transaction and matching it to previously recorded fraudster and customer behaviour - such as how often an individual uses their card, what kind of items they purchase and where they buy them from. If a transaction is deemed likely to be fraudulent, HSBC can actually block it in real-time to avoid further fraudulent activity taking place.

Wylde explained: "Crooks are quite smart because if they've got a card, they're not always sure whether that card is live or not, whether it's already been blocked, so they'll undertake testing of that card. A low value online transaction quickly followed by a series of face-to-face transactions is indicative of fraud. Our systems pick up that sort of pattern."

Although the heart of the fraud technology is the SAS software, Wylde said technology from Detica and Experian also plays an important role.

HSBC is also looking at other ways to combat fraud including two-factor authentication devices that create unique transaction codes to verify online banking transactions. The technology is currently used by RBS among others, and HSBC has already implemented it in Asia and for UK business customers.

While a wider rollout to UK consumers remains under consideration, other more convenient methods of two-factor authentication are also being looked at, according to Wylde.

"I think there are slightly more flexible solutions now, so you could potentially use your mobile phone or BlackBerry to generate that password by downloading a small application onto it," he said.