Mitigate Evolving Threats While Complying with SAMA Regulations

Mitigate Evolving Threats While Complying with SAMA Regulations

Sourabh Sharma
Sourabh Sharma

May 8, 2023

Sourabh Sharma
Sourabh Sharma

May 8, 2023

Table Of Contents

In view of the rapid digitization of banks and evolving threats, it is essential that banks,  fintechs, payment companies, and insurers in the Kingdom of Saudi Arabia deploy anti-fraud measures for two important reasons. First, to address and mitigate the growing risks, and second, to comply with the SAMA Counter-Fraud Framework. The financial services sector is expected to adopt a multi-layered approach, as specified in the framework, to be able to address the different types of modus operandi and sophisticated schemes that fraudsters adopt.

To discuss how the financial services sector in the Kingdom are looking to address emerging and evolving risks by deploying anti-fraud measures in line with the SAMA Counter-Fraud Framework, Bureau hosted Mr Abdullah Baharith, Senior Risk Management Consultant, and Mr Anis Ahmed, Founder and CEO of Unitor for a panel discussion titled ‘Threats and Opportunities: SAMA Counter-Fraud Framework’. Watch the full webinar here.

Recommendations of the Counter-Fraud Framework

The framework provides detailed guidance to member organizations on a common approach to fraud risk management to help achieve an appropriate maturity level of fraud controls and ensure fraud risks are properly managed. Inability to implement the framework in totality may mean lack of adequate fraud detection capabilities that can result in financial and reputational losses for financial service providers.

The framework recommends using a combination of technology – authentication methods – and customer awareness, as key pillars of preventing fraud. Banks and other financial services are expected to strike a balance between anti-fraud measures and user experience, without trading one for the other. They must strive to offer a user-friendly interface that makes the digital journeys of their customers convenient; at the same time ensuring no fraud attempt goes undetected.

Mr Abdullah Baharith, Senior Risk Management Consultant, noted that with the rise of technologies such as ChatGPT and personally identifiable information (PII) of customers available easily and cheaply – for as low as $1 – even amateur fraudsters and script kiddies are able to launch targeted attacks at scale. He advises financial institutions in the Kingdom of Saudi Arabia to “take adequate technology-driven measures to mitigate the growing risks and safeguard their business and customer interests.”

Leverage Technology and Official Resources to Verify Users

The Counter-Fraud Framework requires member organizations to assess and verify every new customer using authentication techniques such as two factor authentication (2FA). This technique requires two separate pieces of information – password followed by an OTP/Code or a call back – which obstructs attackers from easily accessing accounts or completing digital transactions.

Financial institutions can leverage official resources, information, and data to verify new users. They can also use technologies such as artificial intelligence and machine learning to quickly analyze data, assess risk associated with users, risk scoring, and detect patterns indicative of fraudulent activity, without compromising user experience.

Strong Customer Authentication with Behavioral Biometrics and Digital Intelligence

Instead of relying on traditional or outdated user verification methods, SAMA encourages member organizations to use different authentication mechanisms such as Behavioral Biometrics and Device Intelligence for strong customer authentication. 

Biometric authentication adds an additional layer of security to username-password mode of authentication and enables financial services providers to use fingerprints or facial recognition to verify the identity of their customers. 

Using device intelligence such as typing pattern, pressure applied while typing, key strokes, mouse movement, and so forth can help ascertain whether the user trying to gain access is genuine or not. 

In addition to deploying these latest technologies, member organizations are advised to conduct real time monitoring of all transactions. Since time is a major factor in financial transactions, it is critical that banks and other financial institutions monitor all transactions in real time to be able to detect any suspicious activities early in the tracks and allow timely intervention.

Prioritize Customer Awareness

Another crucial element of the SAMA Counter-Fraud Framework is customer awareness. Mr Abdullah Balharith, informed that the Saudi Central Bank will support its member organizations to create awareness against numerous types of fraud tactics amongst their customers, clients, partners, and third parties. For instance, these educational campaigns may include providing tips on how to spot and deal with phishing through various channels such as emails, calls, and so forth.

Banks and other financial institutions must regularly share alerts with their customers as part of customer awareness programs. This will enable customers to learn how to protect themselves from fraud and provide them with tools and resources to report suspicious activities. All these activities will also help build trust and confidence among customers.

Having said that, there is a vast scope of improvement in the way financial service providers communicate with their customers. Mr Anis Ahmed, Founder and CEO of Unitor observed that  even when the world is transitioning to 5G, most financial institutions use 2G based tools such as SMS as the popular means to connect with the customers. He suggested, “today, when banks are offering digital banking services to their customers, they must also adopt the latest telecommunications technologies along with innovative and creative methods of consumer education, such as short animated videos. They need to tailor the messaging according to the different segments or types of customers they serve.”

Using cost-efficient technologies, banks can create synergies between different functions and reduce the number of alerts to further save time, operational costs, and human resources. 

Collaboration and Cooperation are Key to Fighting Growing Fraud

The key to fighting fraud effectively is collaboration and cooperation among banks and other financial institutions. The Saudi Central Bank has established a center for fraud prevention with all banks as members. This setup provides members with an opportunity to actively interact and share information which can significantly help improve the fight against fraud.

From reporting incidents to taking quick action, sharing best practices and insights on evolving threats and the measures to counter them, collaboration amongst members will benefit everyone in the network to effectively fight fraud, while efficiently serving their customers.

Bureau’s advanced capabilities in Behavioral Biometrics and Device Intelligence can help achieve appropriate maturity levels of fraud control while fully complying with the regulations, within the specified timeline of June 2023. To learn how Bureau can speed up implementation, contact us now.

You might also like

Learn More

See How Bureau Can Help Fight Fraud
Talk To Us