Artificial intelligence is creeping into almost all aspects of our lives. Everything from mobile banking apps and chatbots to voice-activated home assistants and self-service checkouts at supermarkets now have some form of AI embedded in them. Given the technology’s pervasiveness in the consumer space, it was only a matter of time before it started to permeate our business lives as well.
Most companies plan to invest in AI in the coming months, according to research by Accenture. However, more than 50% are still in pilot mode or the early phases of adoption while some have not even reached the starting blocks—an indication of the implementation challenges.
Scott Edington, CEO of Deep Labs, an AI start-up, says AI has a journey ahead. “You don’t just go from zero to 100 overnight,” he says. “You start introducing some of these technologies in a supervised mode.”
Even for companies that are wedded to legacy technologies like ERP and treasury management systems, Edington says it’s not a case of having to “rip and replace” these systems; AI plugs into existing technologies that companies already use.
When it comes to body parts the European Banking Authority (EBA) is agnostic: heart, veins, retina – even your fingers wandering idiosyncratically over a keyboard.
The regulator, needless to say, was not talking about harvesting organs when it got open minded about human anatomy in an opinion published this summer, but biological and behavioural biometrics: specifically, the types it will accept as “inherence”.
What is “inherent” to someone making a payment (and few would deny that veins and a heart are pretty inherent indeed) is about to get very important. Here’s why.
European Banking Authority: OK With Your Heart Rate
Under the looming “Strong Customer Authentication” requirements of Europe’s Second Payment Services Directive (PSD2), payments and ecommerce providers need to introduce two-factor authentication (2FA) for payments of over €30 (£27).
Future transactions above this SCA threshold have to satisfy two of the three elements the EBA deems satisfactory authentication methods: something you are, e.g. biometrics; something you know, e.g. a password or PIN; and/or something you have.
While the strict new rules were set to come into force on September 14, UK providers have won an 18-month extension from the Financial Conduct Authority (FCA).
One of the things they need to think about as they belatedly prepare their systems for SCA is what the “2” in “2FA” is going to be.
It could be your palm geometry…
In a payments biometrics opinion in June, the EBA took a broad view of what constitutes adequate biometric inherence.
“The EBA is of the view that inherence, which includes biological and behavioural biometrics, relates to physical properties of body parts, physiological characteristics and behavioural processes created by the body, and any combination of these”
“Inherence”, it noted, “is the category of elements that is the most innovative and fastest moving, with new approaches continuously entering the market.”
It approved: retina and iris scanning, fingerprint scanning, vein recognition, face and hand geometry (identifying the shape of the user’s face/hand), voice recognition, keystroke dynamics (identifying a user by the way they type and swipe), the angle at which a user typically holds their device, and their heart rate.
Are these really viable options? We asked Michael Lynch, Chief Strategy and Product Officer, Deep Labs. He said: “There are two important dynamics for the use of the inherence technologies. First is the acceptance by the consumer to use such technologies, and the second is the efficacy of the technology.
Visual Connections, LLC (VC) has secured an unrestricted, prime award as a SDVOSB, HUBZone Small Business for the Department of Health and Human Services (HHS), Program Support Centers’(PSC), Intelligent Automation/Artificial Intelligence IDIQ (IAAI).This award enables VC and its partners to compete for Requests for Task Order Proposals (RFTOPs) issued via this innovative IAAI contract vehicle providing solutions, services and products.
VC assembled a strategic team of partners comprised of “technology partners” and “service partners” to facilitate robust offerings for this contract. A key technology partner for this contract is Deep Labs, Inc. (Deep Labs), a unique persona-based artificial intelligence company yielding intelligent predictive decisions for its clients. Via a VC prime contract, VC and Deep Labs have previously partnered to conceive, develop and implement a successful artificial intelligence pilot for the Centers for Medicare and Medicaid Services (CMS), Center for Program Integrity (CPI) department utilizing deep visioning and learning techniques and tools for CMS’s Medicare Part D program, which covers prescriptions for over 39 million beneficiaries. This pilot was designed to discover potentially fraudulent activity before it occurs related to Excluded Providers (EP) to help reduce and minimize the “pay-and-chase path of recovery of funds” and to enhance CMS’s ability to proactively identify and investigate potential fraud.
As a multiple-award, government-wide IDIQ contract vehicle, it enables HHS, PSC, and all HHS operating divisions, as well as other government agencies, to rapidly obtain innovative Intelligent Automation/Artificial Intelligence (IAAI) solutions, services, and products from both large and small businesses. Currently, this IAAI IDIQ vehicle has a value of $49M with a five-year period of performance.
Deep Labs Partners On AI Project That Helps Medicare Office More Effectively Identify and Prevent Fraud & Abuse SAN FRANCISCO, August 19th, 2019 — Deep Labs, Inc. Deep Labs, Inc., the leader in persona-based artificial intelligence, has announced it successfully helped the Centers for Medicare and Medicaid Services (CMS) more effectively identify potential fraud and […]
The payments and ecommerce industry has won a last minute reprieve from the Financial Conduct Authority (FCA) over Strong Customer Authentication (SCA) rules: earning 18 months more to introduce new payments security measures required under Europe’s PSD2 directive, which were set to come into force on September 14.
The move comes just four weeks before the PSD2 deadline and amid increasingly vocal concern from an industry – that critics say was caught napping – about its lack of readiness for SCA, as well as initial resistance from European regulators.
Deep Labs CSO Mike Lynch earlier told Computer Business Review “organizations did not consider the complexity” of introducing SCA into their systems.
Three top banks employ Deep Labs’ platform to differentiate between transactions that are anomalies and those that are fraud.
Financial institutions are fighting the wrong war when it comes to credit card fraud, said Scott Edington, CEO of San Francisco-based Deep Labs.
Fraudulent transactions are expected to total $32 billion worldwide in 2019, according to Nilson. But banks should be paying more attention to false positive declines, Edington said.
False declines — payment-card transactions that are incorrectly flagged and canceled — led to losses of $331 billion globally in 2018, said Edington, citing a study by research and advisory firm Aite Group.
We’ve seen many new fraud and authentication techniques and point solution providers enter the market over the past several years, but have we really made any improvement against fraud, particularly in the financial institution space? Apparently not.
Account opening fraud
Account opening fraud is a rapidly increasing challenge for issuers due to the plethora of identity data available to fraudsters. The 2018 Identity Fraud Study by Javelin Strategy & Research shows that the number of identity fraud victims increased by eight percent in 2017, with the amount stolen totaling US$ 16.8 billion (£13.4 billion).
Account takeover fraud
Account takeover, where a fraudster gains access to a victim’s account, typically leads to unauthorised fraudulent transactions. Account takeover fraud (ATO) is still trending upward, especially in the financial services sector. According to Javelin, existing account takeover fraud tripled in 2018 to 1.5 percent of all US-based consumers.
Key gaps in the fraud ecosystem
Some of the top financial institutions employ specific and often expensive point solution providers for device risk, behavioural risk, mobile phone intelligence, social reputation, email reputation, call centre fraud defence, bot and malware detection. And each of these providers typically provides a risk score or a rules-based approach, and a potentially long list of data attributes.
But this approach creates an issue and an opportunity. It isn’t necessarily a bad investment to add new point solution or data providers as long as you are getting value out of these investments. However, that is often the hardest determination to make.
Learn how A.I., and more specifically true machine intelligence, can maximize the value of your existing data signals, reduce cost and minimize latency, while making more accurate risk and fraud decisions.
Written By Michael Lynch, Chief Strategy and Product Officer, Deep Labs
Service providers, consumers, and businesses are all impacted by telecom fraudsters. In fact, in 2017, the Communications Fraud Control Association (CFCA) estimated $29 billion is lost by carriers and organizations to global network fraud.
Telecom scammers and hackers are a constant threat to providers, whether it’s PBX hacking for revenue sharing fraud or call sharing fraud, or denial of service attacks, for example. They also target the consumers themselves, attempting to get access to their information for a variety of crimes. A popular scenario is when they pose as legitimate callers to banks to perform account takeovers, by leveraging techniques such as caller ID spoofing.
Whether it’s telecom, retail, or the financial verticals, fraudsters and hackers always seem to move much faster than those responsible for mitigating fraud. New, unforeseen threats need to be prevented rather than detected after the fact, which is the perfect use case for artificial intelligence, and more specifically true machine intelligence.
Organizations need new fraud prevention strategies based on artificial intelligence.
It will become more and more important to analyze data available from multiple channels, and only artificial intelligence will be able to provide the necessary key insights on behavior through billions of calculations, iterative insights, and process analytics.
EPSM, a European payment services industry group, has called for a minimum 18-month delay to the introduction of Strong Customer Authentication (SCA) rules under PSD2 – just eight weeks ahead of a looming deadline for implementation.
In a desperate plea to regulators for an extension, the 67-member organisation, whose members provide a range of payment services to merchants, warned of “significant market disruptions” and “a disaster for consumers and PSPs [payment service providers]” without a grace period for industry to get its house in order.
“EPSM recommends that additional timeframes of 18 months for standard applications and up to 36 months for challenging applications, (e.g. in the travel and hospitality sector) across all regions should be agreed in a harmonised migration approach” the lobby group said, warning of business disruption risks without flexibility.
According to Mobile Payments Today, as the mid-September deadline draws closer for a major transition of customer authentication rules for ecommerce transactions in Europe, a growing number of voices are seeking a pause to prevent what they fear could be a logistical nightmare for merchants, banks, payment processors and consumers.
The issue involves the transition to Secure Customer Authentication, a move by European regulators under what is called the second Payment Services Directive (PSD2) to lower the risk of fraud as more consumers make purchases through ecommerce channels.
Essentially future purchases will require all transactions to be authenticated using two of three authentication methods:
Something a customer knows, like a PIN code or password.
Something a customer has, like a smartphone or token.
Something that uniquely identifies the customer, like a fingerprint or facial recognition.
“The PSD2 directive has faced strong opposition in the market as the timeline to implement a solution with the complexity of the new Strong Customer Authentication rules for ecommerce transactions has always been seen as a challenge,” Scott Edington, CEO of Deep Labs told Mobile Payments Today via email. “The two-step verification process, with many requirements within that new process, requires a high degree of technical and security knowledge and time to build and put into production that new process.”
The San Francisco-based digital security firm has used artificial intelligence to develop solutions to meet the new PSD2 requirements. In March, for example, it launched “Deep Identity” to track transactional risk analysis, which leverages data signals and context aware machine-learning to help confirm risk levels.