Skip to Content
@pskippen-23ef707
Dec 11, 2017

Organizations aren’t the only ones innovating with disruptive technologies. As intelligent automation increases in capability, so do the criminals. Organizations need to adopt new approaches to manage these risks and to take the lead in putting disruptive technology back to good use.

Automation is getting smarter—and so are hackers

Picture this: You’re sitting at home, in front of your computer, when you receive an email saying your banking password has been reset. Confused—and, admittedly, a little panicked—you head over to your online banking site and attempt to create a new one. You type in the characters and wait for the two-step authentication to take effect—but you never receive the text message with the authentication code. You try again—and, yet again, no text message.

Sweat beading down your forehead, you place a call to your telecommunications provider. You impatiently sit through the automated menu options and wait on hold for what feels like an eternity, before you finally speak with a human operator to inform them of the absentee text messages. And that’s when they drop the bombshell: you’re no longer their valued customer. Someone (pretending to be you) ported your mobile number to a new provider a few days ago. And, you later realize, they’ve been changing the passwords to all your accounts ever since.

While this may seem like a digital horror story, countless mobile customers across the world can testify that it’s anything but. As reported in Forbes[1] earlier this year, this new type of fraud is becoming increasingly common—and causing all kinds of headaches for everyone involved, not the least of which are financial institutions (FIs).

These institutions have already heavily invested in, and realized the immense benefits, of intelligent automation—which includes such things as robotic process automation, cognitive, and artificial intelligence. It’s helped them enhance their control over operational processes—like client onboarding or assessing anti-money laundering risks. It positions them to deliver risk management in more automated ways—such as through mobile and online channels. It lets FIs automatically validate potential instances of fraud, rather than relying on manual processes. Plus, it puts power in the hands of customers, enabling them to self-identify to conduct transactions using a range of automated tools, like email, text, or IVR verification.

However, this increased reliance on intelligent automation also comes with new forms of risk, says Jas Anand, Senior Manager in Deloitte’s Risk Advisory Services. He designs and builds financial crime solutions in Deloitte’s end-to-end Regulatory Data & Technology practice and has witnessed, first-hand, the ways cybercriminals are adapting to changing digital practices in the financial sector.

According to Jas, eradicating fraud is like squeezing a balloon—when you close in on one area, it expands to another. He offers the example of credit cards to illustrate his point. At first, fraudsters simply wrote down credit card numbers to steal access to the cards. Then, when magnetic strips were introduced, they discovered a way to copy those in bulk—so they could perpetrate even more fraud than before. Now with chip and pin technology fraud has migrated online where the chip is not used.

He believes the mobile phone porting fraud is just the tip of the iceberg—and will likely occur more frequently, and in new and different forms, as the adoption of intelligent automation continues to evolve. To get ahead of these efforts, Jas says FIs must look at new innovation through a “risk lens” and create an environment that allows for enhanced controls as risks increase. One way to do this is by leveraging some of the human capital that your organization has freed up through increased automation and redeploying it so that the highest risk events are in a human operator’s hands.

Because Deloitte has real-life experience helping businesses implement intelligent automation solutions, our team knows what works and what doesn’t. We’ll work with you to assess existing automation risks; create automation solutions with a balanced risk approach; and ensure your automation innovations meet regulatory compliance standards.

To learn more about how we can help move your organization toward a more automated, efficient, and innovative future—while simultaneously mitigating the associated risks—please contact Jas Anand at [email protected] or feel free to drop me a line.

Paul Skippen

[email protected]

[1] https://www.forbes.com/sites/laurashin/2016/12/20/hackers-have-stolen-millions-of-dollars-in-bitcoin-using-only-phone-numbers/#2fd78d538bad

@pskippen-23ef707

Join in on the conversation with Paul Skippen when you subscribe to Exponentials.