Why does it still seem so easy for cybercrime to occur? Yaron Hazan, financial crimes expert at ThetaRay, speaks to Fiona McFarlane about the the cyber security dilemma which means firms are bound to broken into (again).
Let me start off with background. I began my career in the Israeli police, with responsibility for investigations into terrorist financing and serious international organised crime. Later on, I became part of the global leadership team for the forensics and anti-money-laundering practice for PwC in Israel, before becoming head of compliance for HSBC in Israel. My team implemented new programmes, global standards, policies, procedures and controls. My current project, ThetaRay, provides artificial intelligence (AI) solutions to financial institutions. Our algorithms replicate the decision-making power of human intuition, to identify unknown events that indicate terrorist financing, human trafficking, sex slavery, money laundering or other malicious acts.
In the past two years at ThetaRay, I’ve been focused on providing the market with technology solutions that will make the fight against financial cybercrime more efficient and more effective, with a view to the future and tackling the new types of risks and requirements.
“With the global financial system today, all that is needed to launder billions of dollars is to find the weakest link in the chain of a network of banks”
Cyber risks for banks mainly fall into two categories. The first comes from direct attacks by what might be called cyber experts or sophisticated fraudsters that can get access to and transport system data. The second type is money laundering, involving organised crime groups or sophisticated white-collar criminals with money from corruption and illegal activity, such as drug dealing or human trafficking.
In both cases, criminals seek ways to enter these funds into the traditional financial systems. Some may argue with me, but it really isn’t difficult to do. We’ve seen numerous large schemes that were identified and publicised in the past three or four years, including those in Russia and the Philippines.
With the global financial system today, all that is needed to launder billions of dollars is to find the weakest link in the chain of a network of banks – find a way to enter funds into specific banks that either don’t know how to detect such crimes or unusual behaviours, or don’t care enough to do so. Once money has entered the banking system, international banking, the SWIFT system and the global payment systems make it very easy to transfer the funds anywhere in the world.
Rules-based or scenario-based detection is not effective in detecting and stopping financial cybercrime. It was designed for the traditional banking system, but today very few of us set foot in a branch. We connect online with our financial services providers. Often, you’re even onboarded online, without anyone even meeting you.
Every day, in short order, we use numerous online services and products from multiple providers. It’s easy to do in the online world. We use totally different types of financial services and products, so the old systems can’t do what they were originally meant to do – find bad actors. They can’t handle the large datasets, volume of transactions and data, nor the types of services.
The arrival of blockchain made the financial industry wake up to the fact that things are going to be very different in the future. Most people associate blockchain with Bitcoin and other cryptocurrencies, as a platform used by criminals that can be used through the dark web and which no regulator sees. With no one monitoring this platform, it’s regarded as an ideal tool for criminals.
However, I see a lot of opportunities in blockchain to improve business and financial services for all of us. But, at the same time, when we increase our use of blockchain and cryptocurrencies we must have new controls in place. We need a totally different way of thinking, which is where AI comes in. The beauty of Thetaray’s AI that it replicates human intuition – one of the most powerful decision-making tools we have.
Think of it this way: if you see or hear something that is totally weird, you don’t have to be an expert in the field to work out that something probably isn’t right. For example, if you’re driving your car and you hear some unusual noise from the engine, you don’t have to be a mechanic to know that there is a problem that needs attention. AI learns what is normal in the data and identifies what is potentially suspicious, regardless of the type of data.
“The arrival of blockchain made the financial industry wake up to the fact that things are going to be very different in the future”
People tend to forget that, as much as we move forward with technology and fintech, the opportunities also bring risks. This makes it easy for the bad guys to get information quickly, to make any use of this information as they want. Humanity needs to develop the technology to ensure secure accessibility to financial services, online products and online social activities. We need this level of sophistication, if not even more, in detecting potential threats, whether from individuals, organised crime or other countries.