Innovation for fraudulent measures in Seven Bank Accounts -Innovation for Financial Criminal Measures
May 24, 2019 8:00
■ Seven Bank
Implementing unauthorized measures in three stages, the tendency is revealed by data analysis.
The status of our unauthorized use is set up in three stages, and the first is verification of the application.This is not the identity verification document, but the contents of the data at the time of application.The second is access information on the contents and terminals entered on the web.The third is the content when trading in Internet banking for the first time.After the access, we have three stages of looking at the movement of money.
Regarding the information you have acquired, the contents of the application are generally written in the application form for opening an account.Access information is the mainstay of the time you apply and the user agent's time zone.
The first thing you did to find out the signs of the unnaturalness that you can see from the data is to incorporate a large amount of application data into Excel and access. It is enough to use something like a sort of data, but you will analyze the concentration of the region and the same address here. Similarity of names, cypress of a specific age may appear in specific areas. At the same time, there are very many operations in the neighborhood, somehow the email address system is very similar, and the domain may be concentrated. Also, I will look at the unnaturalness, such as duplicating mobile phone numbers and the same fixed phone number even though the account name is completely different. When you look at each person, it is difficult to notice, but if you look at it, it may be overlapping. If you sort all of them in this way, you will see a specific area and area. It has something in common, and those who have malicious intentions go to the post office with a forged identity verification document, so it seems that they are about 5 years old before and after, which seems to be close to their age. It is.
If you look at the tracking survey of the data you found, about 90 % of you found it is an illegal account, so even if you look at it with your eyes, monotonous and simple work, the fraud is at the entrance.I found that I could find it.
To improve these accuracy, there are various services in the world, and there are services that investigate the history and usage of telephone numbers.If you look up using such a service, the phone number is surprisingly missing, and the number that cannot be used from the time of the application is written, or a phone number dedicated to data communication is written in the entry field of the application form.I have.
If you look at the IP address, you may find that there are many accesses from overseas IP addresses, even though we only provide services in Japan.In addition, Financial ISAC has a framework that shares information within financial institutions, but has access from IP addresses used for fraudulent remittances by other companies.If you analyze these comprehensively, I think there is a bias in the place where an unauthorized account is created or used illegally.Looking at the Seven Bank, the degree of research is changed according to the high -risk areas.One typical trick is to have a large amount of application for the same apartment.There are also different surnames and multiple applicants in the same address.
In the Internet access status, I think that applying using overseas providers is a little risky.Seven Bank itself is a company that only provides services in Japan, but from that point on, I think that overseas providers will be a slightly risky transaction.There are also IP addresses that have become a crime base, such as the case where IP addresses used in the past are often detected again.The IP address detected by illegal use is accumulated and matched with existing data.
When I examined these, it was similar, but the address was different.If you pick up this and look at the map, it is within walking distance, and there is an impression that crimes in places where various addresses and regions change are increasing.The attacker is also investigating with a hypothesis that he is conscious.
A typical example of a suspicious financial transaction is the movement of money and pulling out immediately.Usually, it is not quite an act to put money in the ATM and withdraw immediately, so we take this kind of feature and respond.The ATM withdrawal limit is set to 500,000 yen by default when creating an account, but accounts that raise without money are often used for crimes.It is common to set a more amount of withdrawal limit because there is more than 500,000 yen, but if you find something that deviates from ordinary acts, there are likely to be used for crime.I think you can find it.
In fact, if there is a sign of a crime, the possibility that money will be transferred from other banks will be extremely high, so set it once, pool, check with the bank of the remittance.I will respond to return.At Seven Bank, I think that more than 90 % of the money to remittance can be held once.
I often get a question, "Isn't it possible to prevent fraud because the Seventh Bank is real because the system for fraud is running in real life?"From a research we have investigated, from a strange sign to the crime, it is less than 20 % or less, and most of the time is used for crimes the next day.About four years ago, there were a lot of the day, but most of them are mostly after the next day.It is our hypothesis that we can prevent many crimes from capturing something unnatural during the day.
As an example, if you change the time axis only once a month, if you look up the time axis, you will find that money is not concentrated on accounts via several accounts.You can see that there is no such movement.In the past, we are also working to expand the time axis and see the flow of money in a line or side.
Produced in shifts to prevent it from response after the damage occurs
If you do complicated things, there is a problem that the person in charge will be biased or become craftsman, but if you score various things for each item, if you exceed a certain score.We operate to implement transactions.If a new person in charge trains for about three to five months, it will be able to almost operate alone.The actual scoring is a scoring system, and when it exceeds how many points, the account is set to set up money, and we are striving to levelize the person in charge by eliminating the individualization.
Every day, every day, if there is an unauthorized transaction in the application for a new account, we will investigate whether there is no similar information in the past.If an unauthorized transaction occurs in an account with similar unnaturalness in the past, find out if there is any other account.Then, while developing negative information without omission, we dig deeper to prevent crime before preventing crime.
In 2014, I changed the measures so far from around 2015, so the discovery rate of suspicious accounts was 1.8 times in the latest 2017.What you find when you open your account is about tripled.The number of things you stop after the account is used is reduced by 30 %.Although 2018 has not yet been counted, the apology for opening an account has dropped from 2017.The number of cases to be stopped after fraud has been decreasing, and I feel that the attacker has been avoided a lot.Even on the account purchasing site, Seven Bank accounts are prohibited.
Thank you for saying "Thank you for preventing crime" by shifting the emphasis on what you could not see, what you could not see, and to prevent the crime before the occurrence of the damage.The number of telephones has increased.At the same time, the motivation of the person in charge of the field has been improved, and we have a sense of mission.In terms of the amount of work, complex things that were not possible without a large number of people can be done with a smaller number of people, which has led to the realization of business optimization.We have steered to prevent it, and invested in various systems, but overall costs are effective when combined with the labor costs.
Innovation for financial crime measures
Here are some examples of new banks that have recently been working on.When I was taking fraudulent measures, I had some talks about asking Seven Bank for monitoring, and it was difficult to receive it on the bank itself, so in a 100 % subsidiary bank business factory, deposit deposits.We are supporting the monitoring and filtering of transactions by transplanting Seven Bank's know -how by outsourcing along with office work.Originally, this field is not a place to compete, but a place to share know -how.
As a platform for illegal detection, we have the know -how and big data analysis we have been doing for 10 years, and the environment in the world has progressed. In addition, we are working on a form of a platform system for illegal detection, taking advantage of the knowledge of the startup. As an image, the data is color -coded depending on the high risk. At first it was done by hand, but it systematized it to display the scoring result. If you select the one detected by the scoring, the detailed screen will appear, and you will see the terminal status at that time, the customer's attribute information, the past state, and what factors that were highly risked this time. can do. We design and work on ourselves to lower the load of the person in charge and turn it with a smaller number of people.
From these initiatives, there are increasing consultations such as "how should I do it?"
As a step -step initiative, Seven Bank and ISID (Dentsu International Information Service) are trying to create a joint venture to solve issues.One is a forged license, making it difficult to verify your identity, so we want to create a platform for identity verification and provide more secure services.Internet fraud detection also requires experience, and we provide a platform business for illegal detection in a slightly upgrade of the big data analysis system.I don't think it will work even if you prepare only things, so I would like to provide consulting and business support services.
In the form of adding it to this, through the regulation sandbox system, the power of information security startups called Cauris, and the power of our bank, more secure in the field of information security.We are working to create a mechanism.We will also take measures to reduce risk by combining real and the internet as a challenge.
"Correspondence to fraud is a place to cooperate"
What I felt through the hearing of more than 40 financial institutions and exchanging opinions with the EC site representatives was that the attack tricks were always sophisticated.I heard a lot of stories that were actually damaged.Whether you tell your boss or management to the boss and the management, most cases are not transmitted, and I feel that there are many cases where you are worried at the site level.It seems that banks, EC sites, and card companies all have the impression of organizing and dividing the attacker.
Everyone thinks that "response to fraud is a place to cooperate." However, I think there is a hurdle of a heart that does not have a chance to take a step further, there is no person to talk to, or if you can talk to your peers. If you jump a little over it, you will be able to cooperate. Share attack information often prevents crimes. In many cases, if you share an IP address used for Internet fraudulent remittances in the past, you can quickly find out what is attacking from it and prevent it. This is currently only for financial institutions, but if you start beyond the industry or in the industry, you can prevent crime. The effective measures and methods are the same in banks, but it is difficult to open, but it is difficult to open, but in my opinion, it is not published to the attacker, but the same industry. The risks do not increase at all, and if you can prevent the industry as a whole, you will have an environment that will be less likely to be targeted by the attacker, so this will survive the industry and within the industry. I hope that we will cooperate firmly. In some cases, the use of information and information and systems that are sleeping in the company are actually trying to include new systems without knowing the systems used in the next department. For example, there are cases where the marketing and system departments can be used for unauthorized measures, rather than the security department, for unauthorized measures, so the information and systems that are sleeping in the company again, and the customers' voices in the company. I hope you can create a mechanism that can be sucked up.
▶▶ Return to the first part
※本内容は、2019年3月13日に開催された「ペイメントカー