Using automated banking certificates to detect unauthorised financial transactions

New or emerging technologies such as e-services, e-/m-commerce, Cyber-payment, mobile banking and pay-as-you-go insurance services are opening up new avenues for criminals to commit computer-related financial fraud and online abuse. This serious situation has been evidenced by the UK Information Security Breach Survey 2004 and the UK National Hi-Tech Crime Unit's recent report, "Hi-Tech Crime: The Impact On UK Business 1". It high-lights that online financial fraud is one of the most serious e-crimes and takes the lion's share of over 60% of e-crime costs, and most of the financial fraud cases are committed by authorised insiders. Authorised insiders can more easily break the security barrier of a bank or a financial institution due to their operating privileges on the banking automated systems. Failure to detect such cases promptly can lead to (sometimes huge) financial loses and damage the reputation of financial institutions. This paper introduces a real-time fraud detection solution - the Transaction Authentication Service (TAS) - to tackle the problem of transaction manipulation by authorised insiders. The paper also introduces an important building block used in the design of TAS, Automated Banking Certificates (ABCs). © IFCA/Springer-Verlag Berlin Heidelberg 2006.