ARTICLE
29 May 2023

Leveraging Analytics And Technology To Mitigate Risks In The Fintech Industry

AM
Alvarez & Marsal

Contributor

Alvarez & Marsal logo
Explore Firm Details
We are witnessing an escalation of epic proportions in financial and digital inclusion being carried out at a rapid pace in India.
United States Technology
Photo of Vishal Narula
Person photo placeholder
Authors

We are witnessing an escalation of epic proportions in financial and digital inclusion being carried out at a rapid pace in India. The impact of this can be seen at the micro level with the smallest businesses transacting digitally via cell phones in remote towns of India where a full-scale branch of a traditional bank may not even exist.

While customers experience this through a few clicks on a browser or on a mobile device, businesses also feel the impact of the digitisation of financial services, as the number of financial products and services are multiplying at a pace that makes it difficult for businesses to keep track of the numerous products.

This growth has become possible as thousands of startups emerge in India to bridge the gap in the availability of financial services across the country, using disruptive business models and technologies and targeting all classes of customers of the approximately 1.4 billion people in India. Deep penetration of the internet and mobile devices have enabled this growth.

However, with this growth comes an evolution of risks that companies in the fintech industry must navigate. Based on our experience, these risks are classified into the following broad categories:

  • Disruptive business models bring elevated levels of financial and operational risks, all of which can impact financial stability and threaten its existence if not managed well. These risks include credit risk, liquidity risk, market risk, the availability of cloud infrastructure, redundancy, etc.
  • Rapid growth in the number of customers and volume of transactions heightens regulatory and compliance risks, which include the risk of noncompliance with important laws and regulations governing the industry, such as anti-money laundering (AML) and know-your-customer (KYC) regulations. These risks are especially high in developing countries such as India where regulations are still evolving regarding the use of digital currencies, cross-border financial transactions and unregulated financial products.
  • As innovation in technology, business models and networking progress, vulnerabilities through technological and cybersecurity risks, including data breaches, hacking and system failures, as well as challenges of adapting to changes in technology and emerging trends pose imminent threats to the existence of a business.
  • We experience that regulators, law enforcement agencies and governments tend to take conservative views to protect customers' interests when there is ambiguity. These result in actions against companies that cause reputational and legal risks, including loss of trust and legal actions that can impact the company's standing.
  • Disruptors can also be disrupted by competition, market saturation, technological obsolescence and the inability to continue operations in the event of unforeseen events, making strategic and business continuity risks an important category of risk impacting the fintech industry.

Fintech industry leaders are demonstrating that sustainable growth and managing risk are only possible when we identify risks through technology-enabled, data-driven models and using a proactive approach. This extends to identifying and assessing the potential impacts and likelihood of each risk and then prioritizing and implementing appropriate mitigation measures.

A few key considerations in implementing interventions for risk management in the fintech industry include matching the fast transactional speed and making decisions on a real-time basis using the data and tools available at hand. This makes it necessary for fintech companies to use advanced analytics, machine learning and AI, which can provide valuable insights into potential risks and aid in the development of effective risk management strategies. The use of technology also allows for the automation of many processes, which can lead to increased efficiency and accuracy in risk management.

Data analytics is being widely used to carry out proactive risk assessments, identify frauds and conduct continuous monitoring. A few examples of how the fintech industry can use analytics includes:

A. Network Graph Analytics (NGA): We often notice similarities in transaction data that indicate possibilities of transactions and their actors being connected with each other. Network graph analysis techniques are very effective in representing relationships or connections between entities as nodes (points) and their relationships as edges (lines) in a graph structure.

NGA is very helpful in studying patterns, structures and properties of the connections between the entities, such as connections between the players on an online gaming platform, or connections between persons transferring money through payment wallets, etc. NGA allows us to meet the goal of being able to identify key nodes, clusters and patterns in the network that have a significant impact on the network's behaviour or performance.

Fintech companies can manage risk and detect fraud using network graph analysis in the following ways:

  • Fraudsters often work in groups and use multiple identities to conduct illegal activities that can be identified using common links in those transactions. Such groups can also be clustered to be able to identify groups/gangs working together to defraud a company or its customers.
  • To be able to identify the main bad actors, we can identify the main "nodes" through which relationships emerge. We test the criticality of the node (importance in the fraud scheme) by using parameters such as the number of transactions originating from or terminating at that node and the degree of reliance on a particular node.
  • In predictive modeling, we can identify frauds through a method called anomaly detection. Fraudsters often use unique patterns of behaviour that differ from those of legitimate users. By discerning regular patterns, anomalous behaviour indicating fraudulent activities could be detected for further investigation.
  • Using machine learning, we can also identify changes in the behaviour of nodes and edges over time, which can help detect fraudsters who change their behaviour to avoid detection through a method called temporal analysis.

B. Unstructured Data Analysis: Most fintech companies across the world face a challenge in carrying out analytics on data that is not in a fixed format across platforms, such as customer onboarding or customer care. Unstructured data analytics is used for analyzing large amounts of unstructured data such as documents for KYC, audio and text in chats on customer care platforms, and images, to extract insights and support decision-making in fraud risk assessment and investigation.

Fintech companies can manage risk and detect fraud using unstructured data analysis in the following ways:

  • Image Verification: Image analysis algorithms can be used to detect anomalies and manipulations in images that customers upload during the KYC process to verify the authenticity of government-issued ID cards, such as passports and driver's licenses. Image analysis can also be used to detect the use of bots, the manipulation of in-game graphics or the promotion of unauthorized third-party services in online gaming.
  • Natural Language Processing (NLP): NLP techniques can be used to analyze unstructured data sources, such as customer reviews and social media posts, to gain insights into a customer's identity and behaviour. This information can be used to support the KYC process by verifying the customer's identity and detecting potential fraud. NLP is also used in chat log analysis algorithms to analyze logs from in-game chats and forums to identify signs of third-party fraud and detect unusual patterns of behaviour, such as repeated use of certain keywords or repeated attempts to promote third-party services.
  • Speech Analysis: Speech analysis algorithms can analyze audio recordings of customer interactions with call centres or chatbots to provide valuable insights into a customer's behaviour and tone of voice, which can be used to detect signs of fraud.
  • Social Media Monitoring: Social media monitoring algorithms can be used to analyze social media posts, comments and profiles to identify signs of third-party fraud. This may include detecting patterns of behaviour that suggest the use of bots, the creation of fake accounts or the promotion of unauthorized third-party services.
  • Sentiment Analysis: Sentiment analysis algorithms can be used to analyze unstructured data sources, such as customer reviews and social media posts, to determine the customer's level of satisfaction with the company. This information can be used to identify potential fraudsters who have a history of leaving negative reviews or making complaints about the company.

C. Prevention of Device Spoofing: In the future, organisations will likely face more complex issues such as "device spoofing" where bad actors are able to modify a device or use a different device to impersonate or masquerade as another device. This could be done for various purposes, such as bypassing security controls, gaining unauthorized access or manipulating data.

Device spoofing has often been used to commit fraud or gain unauthorized access to sensitive information. For example, in online gaming, device spoofing can be used to gain an unfair advantage over other players or to manipulate game outcomes. The importance of implementing strong network and application security controls is paramount to protect the integrity systems and safeguard customers in the following ways:

  • Mobile Device Management (MDM) Systems: MDM systems allow companies to monitor and manage mobile devices, such as smartphones and tablets, used by players to access their games. They can also detect and prevent device spoofing and the use of emulators.
  • Mobile Application Management (MAM) Systems: MAM systems provide security and management features for mobile applications, such as online games. They can detect and prevent device spoofing and the use of emulators by enforcing security policies and controlling access to applications.
  • Mobile Threat Defense (MTD) Systems: MTD systems use AI and machine learning algorithms to detect and prevent device spoofing and the use of emulators. They can also detect and respond to other mobile security threats, such as malware and unauthorized access.
  • Device Fingerprinting: Device fingerprinting is a technique used to identify unique characteristics of a device, such as hardware specifications and software configurations, for the purpose of device authentication and verification. Online gaming companies can use device fingerprinting to detect and prevent device spoofing and the use of emulators.
  • Game Client Integrity Checks: Game client integrity checks can be used to verify the authenticity of the game client, such as the game software running on a player's device. This can be used to detect and prevent device spoofing and the use of emulators.

D. Real-time Threat Monitoring: In order to protect systems, applications, processes and customers, real-time threat monitoring is encouraged, as any delay in detection and blocking of a threat can cause irreparable damage to the business. Based on our experience, recommendations of real-time threat monitoring tools for fintech companies include:

  • Security Information and Event Management (SIEM) Systems: SIEM systems collect and analyze log data from various sources, such as firewalls, intrusion detection systems and endpoints, to identify and alert on security threats in real time.
  • Artificial Intelligence and Machine Learning (AI/ML) Tools: AI/ML algorithms can be used to analyze large amounts of data, such as network traffic, to identify patterns that indicate potential security threats. They can also be used to automate the process of threat detection and response.
  • Network Traffic Analysis (NTA) Tools: NTA tools analyze network traffic in real time to detect unusual patterns that may indicate a security threat, such as a DDoS attack or malware infiltration.
  • User and Entity Behavior Analytics (UEBA) Tools: UEBA tools analyze user behaviour and data access patterns to identify potential security threats, such as insider threats or account takeovers.
  • Endpoint Detection and Response (EDR) Tools: EDR tools monitor endpoints, such as computers and mobile devices, for security threats in real time and provide alerts and response options when a threat is detected.

In conclusion, as the Indian fintech industry continues to grow and evolve, it is crucial for companies to adopt technology as a means of managing risks and preventing fraud. Data analytics, machine learning algorithms and other innovative tools are increasingly being used for proactive identification and mitigation of risks. Technology is enabling fintech companies to not only stay ahead of the potential risks but also provide their customers with a secure and seamless experience. Fintech companies in India should prioritize the adoption and integration of these technologies in their risk management and fraud prevention strategies.

Originally published February 21, 2023.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Vishal Narula
Vishal Narula
Person photo placeholder
Apurva Nikade
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More