As financial fraud gains prevalence, the financial sector has accepted theFraud Detection System(FDS). Financial authorities have planned FDS construction in credit card and insurance companies to be applied to the entire sector including banks and securities through comprehensive measures to improve electronic financial security and recommended all banks to have it put in place by the end of the year. Though not mandatory,banks are willing to accept FDS within the year to prevent electronic financial incidents from occurring more frequently.
The FDS is a financial security model already used in countries such as the United States to detect and analyze in real time suspicious transactions such as illegal electronic financial transfers and credit card fraud. Suspicious financial transactions will be detected and dealt with in advance with this big data analysis based-FDS, system developed by integrating the rule method using several standardized patterns with the score method quantifying the correlation of stereotyped normal and fraud patterns.
The FDS recommendation by financial authorities has pressured both the financial sector and FDS companies. The FDS technical guidelines by the Financial Security Agency, says that FDS companies are categorized into three companies: device data collection, log management, and pattern analysis,and each has its own strengths and weaknesses in terms of following guidelines.
In a collection stage, data from devices like the PC and smartphones or existing transaction data are collected. 'Pattern analysis company' has limits as all it has is transaction data but no device. In an analysis stage, the data collected are analyzed into a pattern and the basic guidelines by the financial authorities and big data are applied. Following the two, in a response stage, a decision is made in real time; ‘Yes (a transaction will be allowed) or No (it will not).’
Generally, 'device data collection company' is the one previously offering the service to prevent electronic financial fraud, 'log management company' to combine and manage the log from the network and security equipment, and the several solutions and equipment used in corporate internal systems, and 'pattern analysis company' is mostly credit-related particularly with international experience (e.g.,Korea Credit Bureau).
According to the company analysis by domestic financial institutions and security experts, understanding electronic financial works is about FDS construction, and the reference, know-how, and incident analysis of each company. That is why 'log management company' gets low scores. 'Pattern analysis' can be explained with an example that if several financial fraud cases are detected in Internet cafes, cafe users need to go through tougher security procedures. In order to prevent future financial incidents, such previous patterns are detected and analyzed.
What matters in 'analysis engine process' is availability. In this part, 'log management company' receives high scores with its ability to form big data with its accumulated data but 'device data collection' and 'pattern analysis' companies low using basic data only. 'FDS expansion and integration' is about evaluating whether it is applied to electronic financial works only or to other internal ones, too. 'Device data collection' is available in 'device data collection company' only getting high but not in 'log management' and 'pattern analysis' companies getting low. Company analysis shows that it can construct an ideal FDS model when strengths of 'device data collection' and 'log management' companies are combined.
In the long term, mature technology development and thorough preparation is first and foremost not to expose another kind of security threats before FDA is put in place as a security system. Also, the collaboration of FDS companies following the guideline announcement is a good sign,as an ideal FDS model needs all three functions; patterns and device validation/identification, and comprehensive log analysis.
Kim Tae-bong, CEO of KTB Solution, 'device data collection company' says, "It is expected to better deal with suspicious accounts or financial frauds as FDS in place detects in advance suspicious electronic financial transactions and notifies customers or banks to prevent them."
The U.S. has aggressively invested in security technologies including FDS while few in Korea know anything about it. To improve security, financial institutions need to make a real effort to apply the system, not regard it as a means to avoid an audit.
<KTB Solution CEO, first Supreme Court appointed special appraiser>
The Korean Supreme Court has recently appointed Mr. Kim as a special appraiser for information security and digital forensics. He will be in charge of analyzing electronic financial transaction incidents and security vulnerability including forgery analysis of digital data such as Email, packets, files and IP, among others.
Mr. Kim, the only Supreme Court appointed special appraiser in the electronic financial transaction incident field as of now, will serve as a third-party expert giving critical opinions about whose fault incidents would be after figuring out their cause and process.
Mr. Kim's service is expected to allow to become more objective when judging what would be the cause and who would be the victim among banks and their customers who face fraud.
