Despite financial institutions’ unwavering efforts to safeguard their customers, scammers continually evolve to exploit advancements in technology. For example, the number of scams and cybercrimes reported to the police in Singapore increased by a staggering 49.6% to 50,376 at an estimated cost of USD 482M in 2023. GenAI represents the latest challenge to the industry, providing fraudsters with new avenues for deception.
Ecosystm research shows that BFSI organisations in Asia Pacific are spending more on technologies to authenticate customer identity and prevent fraud, than they are in their Know Your Customer (KYC) processes.
The Evolution of the Threat Landscape in BFSI
Synthetic Identity Fraud. This involves the creation of fictitious identities by combining real and fake information, distinct from traditional identity theft where personal data is stolen. These synthetic identities are then exploited to open fraudulent accounts, obtain credit, or engage in financial crimes, often evading detection due to their lack of association with real individuals. The Deloitte Centre for Financial Services predicts that synthetic identity fraud will result in USD 23B in losses by 2030. Synthetic fraud is posing significant challenges for financial institutions and law enforcement agencies, especially with the emergence of advanced technologies like GenAI being used to produce realistic documents blending genuine and false information, undermining Know Your Customer (KYC) protocols.
AI-Enhanced Phishing. Ecosystm research reveals that in Asia Pacific, 71% of customer interactions in BFSI occur across multiple digital channels, including mobile apps, emails, messaging, web chats, and conversational AI. In fact, 57% of organisations plan to further improve customer self-service capabilities to meet the demand for flexible and convenient service delivery. The proliferation of digital channels brings with it an increased risk of phishing attacks.
While these organisations continue to educate their customers on how to secure their accounts in a digital world, GenAI poses an escalating threat here as well. Phishing schemes will employ widely available LLMs to generate convincing text and even images. For many potential victims, misspellings and strangely worded appeals are the only hint that an email from their bank is not what it seems. The maturing of deepfake technology will also make it possible for malicious agents to create personalised voice and video attacks.
Identity Fraud Detection and Prevention
Although fraudsters are exploiting every new vulnerability, financial organisations also have new tools to protect their customers. Organisations should build a layered defence to prevent increasingly sophisticated attempts at fraud.
- Behavioural analytics. Using machine learning, financial organisations can differentiate between standard activities and suspicious behaviour at the account level. Data that can be analysed includes purchase patterns, unusual transaction values, VPN use, browser choice, log-in times, and impossible travel. Anomalies can be flagged, and additional security measures initiated to stem the attack.
- Passive authentication. Accounts can be protected even before password or biometric authentication by analysing additional data, such as phone number and IP address. This approach can be enhanced by comparing databases populated with the details of suspicious actors.
- SIM swap detection. SMS-based MFA is vulnerable to SIM swap attacks where a customer’s phone number is transferred to the fraudster’s own device. This can be prevented by using an authenticator app rather than SMS. Alternatively, SIM swap history can be detected before sending one-time passwords (OTPs).
- Breached password detection. Although customers are strongly discouraged to reuse passwords across sites, some inevitably will. By employing a service that maintains a database of credentials leaked during third-party breaches, it is possible to compare with active customer passwords and initiate a reset.
- Stronger biometrics. Phone-based fingerprint recognition has helped financial organisations safeguard against fraud and simplify the authentication experience. Advances in biometrics continue with recognition for faces, retina, iris, palm print, and voice making multimodal biometric protection possible. Liveness detection will grow in importance to combat against AI-generated content.
- Step-up validation. Authentication requirements can be differentiated according to risk level. Lower risk activities, such as balance check or internal transfer, may only require minimal authentication while higher risk ones, like international or cryptocurrency transactions may require a step up in validation. When anomalous behaviour is detected, even greater levels of security can be initiated.
Recommendations
- Reduce friction. While it may be tempting to implement heavy handed approaches to prevent fraud, it is also important to minimise friction in the authentication system. Frustrated users may abandon services or find risky ways to circumvent security. An effective layered defence should act in the background to prevent attackers getting close.
- AI Phishing Awareness. Even the savviest of customers could fall prey to advanced phishing attacks that are using GenAI. Social engineering at scale becomes increasingly more possible with each advance in AI. Monitor emerging global phishing activities and remind customers to be ever vigilant of more polished and personalised phishing attempts.
- Deploy an authenticator app. Consider shifting away from OTP SMS as an MFA method and implement either an authenticator app or one embedded in the financial app instead.
- Integrate authentication with fraud analytics. Select an authentication provider that can integrate its offering with analytics to identify fraud or unusual behaviour during account creation, log in, and transactions. The two systems should work in tandem.
- Take a zero-trust approach. Protecting both customers and employees is critical, particularly in the hybrid work era. Implement zero trust tools to prevent employees from falling victim to malicious attacks and minimising damage if they do.
The tech industry tends to move in waves, driven by the significant, disruptive changes in technology, such as cloud and smartphones. Sometimes, it is driven by external events that bring tech buyers into sync – such as Y2K and the more recent pandemic. Some tech providers, such as SAP and Microsoft, are big enough to create their own industry waves. The two primary factors shaping the current tech landscape are AI and the consequential layoffs triggered by AI advancements.
While many of the AI startups have been around for over five years, this will be the year they emerge as legitimate solutions providers to organisations. Amidst the acceleration of AI-driven layoffs, individuals from these startups will go on to start new companies, creating the next round of startups that will add value to businesses in the future.
Tech Sourcing Strategies Need to Change
The increase in startups implies a change in the way businesses manage and source their tech solutions. Many organisations are trying to reduce tech debt, by typically consolidating the number of providers and tech platforms. However, leveraging the numerous AI capabilities may mean looking beyond current providers towards some of the many AI startups that are emerging in the region and globally.
The ripple effect of these decisions is significant. If organisations opt to enhance the complexity of their technology architecture and increase the number of vendors under management, the business case must be watertight. There will be less of the trial-and-error approach towards AI from 2023, with a heightened emphasis on clear and measurable value.
AI Startups Worth Monitoring
Here is a selection of AI startups that are already starting to make waves across Asia Pacific and the globe.
- ADVANCE.AI provides digital transformation, fraud prevention, and process automation solutions for enterprise clients. The company offers services in security and compliance, digital identity verification, and biometric solutions. They partner with over 1,000 enterprise clients across Southeast Asia and India across sectors, such as Banking, Fintech, Retail, and eCommerce.
- Megvii is a technology company based in China that specialises in AI, particularly deep learning. The company offers full-stack solutions integrating algorithms, software, hardware, and AI-empowered IoT devices. Products include facial recognition software, image recognition, and deep learning technology for applications such as consumer IoT, city IoT, and supply chain IoT.
- I’mCloud is based in South Korea and specialises in AI, big data, and cloud storage solutions. The company has become a significant player in the AI and big data industry in South Korea. They offer high-quality AI-powered chatbots, including for call centres and interactive educational services.
- H2O.ai provides an AI platform, the H2O AI Cloud, to help businesses, government entities, non-profits, and academic institutions create, deploy, monitor, and share data models or AI applications for various use cases. The platform offers automated machine learning capabilities powered by H2O-3, H2O Hydrogen Torch, and Driverless AI, and is designed to help organisations work more efficiently on their AI projects.
- Frame AI provides an AI-powered customer intelligence platform. The software analyses human interactions and uses AI to understand the driving factors of business outcomes within customer service. It aims to assist executives in making real-time decisions about the customer experience by combining data about customer interactions across various platforms, such as helpdesks, contact centres, and CRM transcripts.
- Uizard offers a rapid, AI-powered UI design tool for designing wireframes, mockups, and prototypes in minutes. The company’s mission is to democratise design and empower non-designers to build digital, interactive products. Uizard’s AI features allow users to generate UI designs from text prompts, convert hand-drawn sketches into wireframes, and transform screenshots into editable designs.
- Moveworks provides an AI platform that is designed to automate employee support. The platform helps employees to automate tasks, find information, query data, receive notifications, and create content across multiple business applications.
- Tome develops a storytelling tool designed to reduce the time required for creating slides. The company’s online platform creates or emphasises points with narration or adds interactive embeds with live data or content from anywhere on the web, 3D renderings, and prototypes.
- Jasper is an AI writing tool designed to assist in generating marketing copy, such as blog posts, product descriptions, company bios, ad copy, and social media captions. It offers features such as text and image AI generation, integration with Grammarly and other Chrome extensions, revision history, auto-save, document sharing, multi-user login, and a plagiarism checker.
- Eightfold AI provides an AI-powered Talent Intelligence Platform to help organisations recruit, retain, and grow a diverse global workforce. The platform uses AI to match the right people to the right projects, based on their skills, potential, and learning ability, enabling organisations to make informed talent decisions. They also offer solutions for diversity, equity, and inclusion (DEI), skills intelligence, and governance, among others.
- Arthur provides a centralised platform for model monitoring. The company’s platform is model and platform agnostic, and monitors machine learning models to ensure they deliver accurate, transparent, and fair results. They also offer services for explainability and bias mitigation.
- DNSFilter is a cloud-based, AI-driven content filtering and threat protection service, that can be deployed and configured within minutes, requiring no software installation.
- Spot AI specialises in building a modern AI Camera System to create safer workplaces and smarter operations for every organisation. The company’s AI Camera System combines cloud and edge computing to make video footage actionable, allowing customers to instantly surface and resolve problems. They offer intelligent video recorders, IP cameras, cloud dashboards, and advanced AI alerts to proactively deliver insights without the need to manually review video footage.
- People.ai is an AI-powered revenue intelligence platform that helps customers win more revenue by providing sales, RevOps, marketing, enablement, and customer success teams with valuable insights. The company’s platform is designed to speed up complex enterprise sales cycles by engaging the right people in the right accounts, ultimately helping teams to sell more and faster with the same headcount.
These examples highlight a few startups worth considering, but the landscape is rich with innovative options for organisations to explore. Similar to other emerging tech sectors, the AI startup market will undergo consolidation over time, and incumbent providers will continue to improve and innovate their own AI capabilities. Till then, these startups will continue to influence enterprise technology adoption and challenge established providers in the market.
I was invited recently by NEC to attend their briefing where Walter Lee, their Evangelist and Government Relations Leader presented to analysts and journalists about how they are winning large contracts across various sectors in the areas of biometrics and surveillance. Biometrics is not just used as a way to drive greater security, but is also helping increase speed in processing times, reducing waiting period in queues and used as a way to drive efficiency and reduce costs which was highlighted by Lee through the various projects NEC had won recently.
NEC’s Artificial intelligence (AI) engine, NeoFace’s strength lies in its tolerance of poor-quality images. The NeoFace solution can match images with low resolutions down to 24 pixels between the eyes and this has allowed it to demonstrate the matching accuracy which is hard to achieve for most vendors offering Facial Recognition solutions. It is its ability to work across various challenges around low resolution, light and images that has allowed NEC to be one of the leading suppliers of Facial Recognition solutions globally.
Key Case Studies Presented
In 2018 Delta Airlines launched the first ‘biometric terminal’ in the US at the international terminal in Atlanta’s Hartsfield-Jackson airport. The biometric push according to Lee replaces tickets and customers now check in by using their face. The system recognises their face and they are checked in. Customers no longer need to use their passports to get through checkpoints around the airport. Lee emphasised on how it takes 9 minutes to board an international flight. Apart from driving identification and security, this use case highlights how airports around the world can increase efficiency in their overall check in and boarding processes at airports. Other core benefits derived from this implementation include better security for border control, seamless service, speed of boarding (savings of 9 minutes per flight). Privacy issues were addressed with regards to where the data was residing and how long the data would be kept for and in this case the data was kept for only 24 hours.
According to the global Ecosystm AI study of current and planned Facial Recognition adoption by industry, the transportation industry is leading the number of deployments globally.
Adoption of Facial Recognition by Industries
Another case study presented is the upcoming 2020 Summer Olympic and Paralympic Games in Tokyo., for which NEC will provide the Facial Recognition solution. The solution will be used to identify over 300,000 people at the games including athletes and officials. It is the first time that Facial Recognition technology will be used for this purpose at an Olympic Games. The NEC solution will allow the matching of tens of thousands of faces in a nano second according to Lee.
The Tokyo 2020 implementation will involve linking photo data with an IC card to be carried by accredited people. NEC says that it has the world’s leading face recognition tech based on benchmark tests from the US’s National Institute of Standards and Technology (NIST).
Ecosystm Comment.
NEC has years of experience in biometrics and Facial Recognition. Not many vendors have solutions that can capture vast amounts of images in a nano second. Their solutions are used by some of the largest organisations in the world. NEC has also perfected the art of handling low resolution images which if not analysed accurately can lead to unintended consequences. The ability to process low resolution images with speed and accuracy is not something that is easily achievable. Security and the rise of terrorism are some of the needs as to why Facial Recognition is important. Additionally, speed and efficiency in administrating passenger boarding at airports whilst ensuring that the security and identity checks have been made is important. The Delta Airlines case study is a great example of how there can be a savings of 9 minutes per flight. NEC continues to gain traction in the market and the Ecosystm AI study has them as one of the top vendors being evaluated for planned implementations for Facial Recognition globally.
The benefits of Facial Recognition solutions are huge – however there must be greater scrutiny around the possible outcomes of AI. Whilst regulation on AI is still at its infancy, 2019 and 2020 will see greater scrutiny and regulation around AI implementations. These will be directed towards protecting individual’s data but also there will be greater emphasis on addressing issues around privacy, ethics and bias in AI implementations. Feeding the machine with the right data (unbiased and ethical) and measuring the various outcomes before the project goes live must be looked at with greater diligence.
2 weeks ago, San Francisco became the first US city to ban the use of Facial Recognition technology by the police and local government agencies. One of the reasons for the ban was with regard to bias. When designing the systems, if technology specialists feed the wrong information for example recognising only a certain skin colour, then the problem of making the wrong and unwanted assumptions start arising. The ecosystem of players in the AI industry ranging from government, academia right down to vendors have a greater role to play in ensuring ethics and bias issues are addressed from the onset of the project. There are consultants in the market as I highlighted in my recent Ecosystm report, that prepare companies for the impact of ethics, fairness and bias. We can expect more of such consultancies and specialist agencies to grow in the market.
NEC has taken this into consideration and published a set of principles for the application of biometrics and AI. The “NEC Group AI and Human Rights Principles” will guide the company along the lines of privacy and human rights. These initiatives were led by the Digital Trust Business Strategy Division, in collaboration with several other divisions within the company, as well as industry stakeholders including industry experts and non-profit organisations.