Tag: API

U.S. federal prosecutors have indicted Michael Smith of North Carolina for allegedly orchestrating a $10 million fraud scheme involving AI-generated music. Smith is accused of creating fake bands and using AI tools to produce hundreds of tracks, which were streamed by fake listeners on platforms like Spotify, Apple Music, and Amazon Music. Despite the artificial engagement, the scheme generated real royalty payments, defrauding these streaming services. This case marks the first prosecution of its kind and highlights a growing financial risk: the potential for rapid, large-scale fraud in digital platforms when content and engagement can be easily fabricated. A new report from Imperva Inc. highlights the growing financial burden of unsecure APIs and bot attacks on businesses, costing up to $186 billion annually. Key findings highlight the heavy economic burden on large companies due to their complex and extensive API ecosystems, often unsecured. Last year, enterprises managed about 613 API endpoints on average, a number expected to grow, increasing associated risks. APIs exposure to bot attacks Bot attacks, similar to those seen in streaming fraud, are also plaguing financial institutions. The risks are significant, weakening both security and financial stability. 1. Fraudulent transactions and account takeover Automated fraudulent transactions: Bots can perform high volumes of small, fraudulent transactions across multiple accounts, causing financial loss and overwhelming fraud detection systems. Account takeover: Bots can attempt credential stuffing, using compromised login data to access user accounts. Once inside, attackers could steal funds or sensitive information, leading to significant financial and reputational damage. 2. Synthetic identity fraud Creating fake accounts: Bots can be used to generate large numbers of synthetic identities, which are then used to open fake accounts for money laundering, credit fraud, or other illicit activities. Loan or credit card fraud: Using fake identities, bots can apply for loans or credit cards, withdrawing funds without intent to repay, resulting in significant losses for financial institutions. 3. Exploiting API vulnerabilities API abuse: Just as bots exploit API endpoints in streaming services, they can also target vulnerable APIs in financial platforms to extract sensitive data or initiate unauthorized transactions, leading to significant data breaches. Data exfiltration: Bots can use APIs to extract financial data, customer details, and transaction records, potentially leading to identity theft or data sold on the dark web. Bot attacks targeting financial institutions can result in extensive fraud, data breaches, regulatory fines, and loss of customer trust, causing significant financial and operational consequences. Safeguarding financial integrity To safeguard your business from these attacks, particularly via unsupervised APIs, a multi-layered defense strategy is essential. Here’s how you can protect your business and ensure its financial integrity: 1. Monitor and analyze data patterns Real-time analytics: Implement sophisticated monitoring systems to track user behavior continuously. By analyzing user patterns, you can detect irregular spikes in activity that may indicate bot-driven attacks. These anomalies should trigger alerts for immediate investigation. AI, machine learning, and geo-analysis: Leverage AI and machine learning models to spot unusual behaviors that can signal fraudulent activity. Geo-analysis tools help identify traffic originating from regions known for bot farms, allowing you to take preventive action before damage occurs. 2. Strengthen API access controls Limit access with token-based authentication: Implement token-based authentication to limit API access to verified applications and users. This reduces the chances of unauthorized or bot-driven API abuse. Control third-party integrations: Restrict API access to only trusted and vetted third-party services. Ensure that each external service is thoroughly reviewed to prevent malicious actors from exploiting your platform. 3. Implement robust account creation procedures PII identity verification solutions: Protect personal or sensitive data through authenticating someone`s identity and helping to prevent fraud and identity theft. Email and phone verification: Requiring email or phone verification during account creation can minimize the risk of mass fake account generation, a common tactic used by bots for fraudulent activities. Combating Bots as a Service: Focusing on intent-based deep behavioral analysis (IDBA), even the most sophisticated bots can be spotted, without adding friction. 4. Establish strong anti-fraud alliances Collaborate with industry networks: Join industry alliances or working groups that focus on API security and fraud prevention. Staying informed about emerging threats and sharing best practices with peers will allow you to anticipate new attack strategies. 5. Continuous customer and account monitoring Behavior analysis for repeat offenders: Monitor for repeat fraudulent behavior from the same accounts or users. If certain users or transactions display consistent signs of manipulation, flag them for detailed investigation and potential restrictions. User feedback loops: Encourage users to report any suspicious activity. This crowd-sourced intelligence can be invaluable in identifying bot activity quickly and reducing the scope of damage. 6. Maintain transparency and accountability Audit and report regularly: Offer regular, transparent reports on API usage and your anti-fraud measures. This builds trust with stakeholders and customers, as they see your proactive steps toward securing the platform. Real-time dashboards: Provide users with real-time visibility into their data streams or account activities. Unexplained spikes or dips can be flagged and investigated immediately, providing greater transparency and control. Conclusion Safeguarding your business from bot attacks and API abuse requires a comprehensive, multi-layered approach. By investing in advanced monitoring tools, enforcing strict API access controls, and fostering collaboration with anti-fraud networks, your organization can mitigate the risks posed by bots while maintaining credibility and trust. The right strategy will not only protect your business but also preserve the integrity of your platform. Learn more

Time – it’s the only resource we can’t get more of, which is why we tend to obsess over saving it. Despite this obsession, it can be hard for us to identify time-wasting activities. From morning habits to credit decisioning, processes and routines that seem, well, routine, can get in the way of maximizing how we use our time. Identifying the Problem Every morning, I used to turn on my coffee maker, walk to the bathroom to take my multivitamin, then walk back into the kitchen to finish making my coffee. This required maybe twenty steps to the bathroom and twenty steps back, and while this isn’t a huge amount of time—half a minute at best—it’s not insignificant, especially in the morning when time feels particularly precious. One day, I realized I could eliminate the waste by moving my multivitamin to the cabinet above my coffeemaker. What if we could all make minor changes to enhance our efficiency both at home and at work? Imagine how much time we could save by cutting out unnecessary steps. And how saving that time could help drive significant revenue increases. Time Equals Money When businesses waste time with unnecessary steps, that’s money from their bottom line, and out of the pockets of people who are connected to them. Over the last several years, a new time saver has emerged – Application Programming Interface (API). APIs allow application programs to communicate with other operating systems or control programs through a series of server requests or API calls, enabling seamless interaction, data sharing and decisioning. Experian’s partners utilize our ever-growing suite of APIs to quickly access better data, making existing processes more effective and routines more efficient. In the past, banks and other partners had to send files back and forth to Experian when they needed decisioning on a customer’s credit-worthiness prior to approving a new loan or extending a credit limit increase. Now, partners can have their origination system call an Experian API and send their data through that. Our system processes it and sends it back in milliseconds, giving the lenders real-time decisioning rather than shuttling information back and forth unnecessarily. Instead of effectively walking away from one process (assisting the customer/making coffee) to start another (retrieving credit info/walking down the hall to take the multivitamin), our partners are able to link these processes up and save time, allowing them to capitalize on the presence and interest of their customer. The Proof When Washington State Employees Credit Union, the second-largest credit union in the state, realized they needed to make a change to keep pace with increasing competition, they turned to Experian. With our solution, the credit union is now able to provide its members with instant credit decisioning through their online banking platform. This real-time decisioning at the point of member-initiated contact increased the credit union’s loan and credit applications by 25%. Additionally, member satisfaction increased, with 90% of members finding the simplified prequalification process to be more efficient. By accessing Experian’s decisioning services through your existing connection, lenders can to save time and match consumers with the products that match their credit profile before they apply – increasing approval rates once the application is submitted. Best of all, the entire process with the consumers is completed within seconds. Find out how Experian’s solutions can help you improve your existing processes and cut out unnecessary steps. Get started

Perhaps more than ever before, technology is changing how companies operate, produce and deliver products and services to their customers. Similarly, technology is also driving a shift in customer expectation in how, when and where they consume products and services. But these changes aren’t just relegated to the arenas where tech giants with household names, like Amazon and Google, play. Likewise, financial institutions of every size are also fielding the changes brought on by innovations to the industry in recent years. According to this report by PWC, 77% of firms plan on dedicating time and budgets to increase innovation. But what areas make the most sense for your business? With a seemingly constant shift in consumer and corporate focus, it can be difficult to know which technological advancements are imperative to your company’s success and which are just the latest fizzling buzzword. As you evaluate innovation investments for your organization in 2019 and beyond, here’s a list of four technology innovations that are already changing the financial sector or will change the banking landscape in the near future. The APIs of Open Banking Ok, it’s not a singular innovation, so I’m cheating a bit here, but it’s a great place to begin the conversation because it comprises and sets the stage for many of the innovations and technologies that are in use today or will be implemented in the future. Created in 2015, the Open Banking Standard defined how a bank’s system data or consumer-permissioned financial data should be created, accessed and shared through the use of application programming interfaces or APIs. When financial institutions open their systems up to third-party developer partners, they can respond to the global trends driving change within the industry while greatly improving the customer experience. With the ability to securely share their financial data with other lenders, greater transparency into the banking process, and more opportunities to compare product offerings, consumers get the frictionless experience they’ve come to expect in just about every aspect of life – just not necessarily one that lenders are known for. But the benefits of open banking are not solely consumer-centric. Financial institutions are able to digitize their product offerings and thus expand their market and more easily share data with partners, all while meeting clients’ individualized needs in the most cost-effective way. Biometrically speaking…and smiling Verifying the identity of a customer is perhaps one of the most fundamental elements to a financial transaction. This ‘Know Your Customer’ (KYC) process is integral to preventing fraud, identity theft, money laundering, etc., but it’s also time-consuming and inconvenient to customers. Technology is changing that. From thumbprint and, now, facial recognition through Apple Pay, consumers have been using biometrics to engage with and authorize financial transactions for some time now. As such, the use of biometrics to authenticate identity and remove friction from the financial process is becoming more mainstream, moving from smartphones to more direct interaction. Chase has now implemented voice biometrics to verify a consumer’s identity in customer service situations, allowing the company to more quickly meet a customer’s needs. Meanwhile, in the US and Europe, Visa is testing biometric credit cards that have a fingerprint reader embedded in the card that stores his or her fingerprint in order to authenticate their identity during a financial transaction. In China, companies like Alipay are taking this to the next level by allowing customers to bypass the phone entirely with its ‘pay with a smile’ service. First launched in KFC restaurants in China, the service  is now being offered at hospitals as well. How, when and where a consumer accesses their financial institution data actually creates a digital fingerprint that can be verified. While facial and vocal matching are key components to identity verification and protecting the consumer, behavioral biometrics have also become an important part of the fraud prevention arsenal for many financial institutions. These are key components of Experian’s CrossCore solution, the first open fraud and identity platform partners with a variety of companies, through open APIs discussed above. Not so New Kid on the Block(chain) The first Bitcoin transaction took place on January 12, 2009. And for a number of years, all was quiet. Then in 2017, Bitcoin started to blow up, creating a scene reminiscent of the 1850s California gold rush. Growing at a seemingly exponential rate, the cryptocurrency topped out at a per unit price of more than $20,000. By design cryptocurrencies are decentralized, meaning they are not controlled or regulated by a single entity, reducing the need for central third-party institutions, i.e. banks and other financial institutions to function as central authorities of trust. Volatility and regulation aside, it’s understandable why financial institutions were uneasy, if not skeptical of the innovation. But perhaps the most unique characteristic of cryptocurrencies is the technology on which they are built: blockchain. Essentially, a blockchain is just a special kind of database. The database stores, validates, transfers and keeps a ledger of transfers of encrypted data—records of financial transfers in the case of Bitcoin. But these records aren’t stored on one computer as is the case with traditional databases. Blockchain leverages a distributed ledger or distributed trust approach where a full copy of the database is stored across many distributed processing nodes and the system is constantly checking and validating the contents of the database. But a blockchain can store any type of data, making it useful in a wide variety of applications including tracking the ownership digital or physical assets or the provenance of documents, etc. From clearing and settlements, payments, trade finance, identity and fraud prevention, we’re already seeing financial institutions explore and/or utilize the technology. Santander was the first UK bank to utilize blockchain for their international payments app One Pay FX. Similarly, other banks and industry groups are forming consortiums to test the technology for other various uses. With all this activity, it’s clear that blockchain will become an integral part of financial institutions technology and operations on some level in the coming years. Robot Uprising Rise in Robots While Artificial Intelligence seems to have only recently crept into pop-culture and business vernacular, it was actually coined in 1956 by John McCarthy, a researcher at Dartmouth who thought that any aspect of learning or intelligence could essentially be taught to a machine. AI allows machines to learn from experience, adjust to new inputs and carry out human-like tasks. It’s the result of becoming ‘human-like’ or the potential to become superior to humans that creeps out people like my father, and also worries others like Elon Musk. Doomsday scenarios a la Terminator aside, it’s easy to see how the tech can and is useful to society. In fact, much of the AI development done today uses human-style reasoning as a model, but not necessarily the ultimate aim, to deliver better products and services. It’s this subset of AI, machine learning, that allows companies like Amazon to provide everything from services like automatic encryption in AWS to products like Amazon Echo. While it’s much more complex, a simple way to think about AI is that it functions like billions of conditional if-then-else statements working in a random, varied environment typically towards a set goal. Whereas in the past, programmers would have to code these statements and input reference data themselves, machine learning systems learn, modify and map between inputs and outputs to create new actions based on their learning. It works by combining the large amounts of data created on a daily basis with fast, iterative processing and intelligent algorithms, allowing the program to learn from patterns in the data and make decisions. It’s this type of machine learning that banks are already using to automate routine, rule-based tasks like fraud monitoring and also drive the analytical environments used in their risk modeling and other predictive analytics. Whether or not you’ve implemented AI, machine learning or bot technology into your operations, it’s highly likely your customers are already leveraging AI in their home lives, with smart home devices like Amazon Echo and Google Home. Conversational AI is the next juncture in how people interface with each other, companies and life in general. We’re already seeing previews of what’s possible with technologies like Google Duplex. This has huge implication for the financial services industry, from removing friction at a transaction level to creating a stickier, more engaging customer experience. To that end, according to this report from Accenture, AI may begin to provide in-the-moment, holistic financial advice that is in a customer’s best interest.   It goes without saying that the market will continue to evolve, competition will only grow more fierce, consumer expectation will continue to shift, and regulation will likely become more complex. It’s clear technology can be a mitigating factor, even a competitive differentiator, with these changing industry variables. Financial institutions must evolve corporate mindsets in their approach to prioritize innovations that will have the greatest enterprise-wide impact. By putting together an intelligent mix of people, process, and the right technology, financial institutions can better predict consumer need and expectation while modernizing their business models.

We use our laptops and mobile phones every day to communicate with our friends, family, and co-workers. But how do software programs communicate with each other? APIs--Application Programming Interfaces--are the hidden backbone of our modern world, allowing software programs to communicate with one another. Behind the scenes of every app and website we use, is a mesh of systems “talking” to each other through a series of APIs. Today, the API economy is quickly changing how the world interacts. Everything from photo sharing, to online shopping, to hailing a cab is happening through APIs. Because of APIs, technical innovation is happening at a faster pace than ever. We caught up with Edgar Uaje, senior product manager at Experian, to find out more about APIs in the financial services space. What exactly are APIs and why are they so important? And how do they apply to B2B? APIs are the building blocks of many of our applications that exist today. They are an intermediary that allows application programs to communicate, interact, and share data with various operating systems or other control programs. In B2B, APIs allow our clients to consume our data, products, and services in a standard format. They can utilize the APIs for internal systems to feed their risk models or external applications for their customers. As Experian has new data and services available, our clients can quickly access the data and services. Are APIs secure? APIs are secure as long as the right security measures are put in place. There are many security measures that can be utilized such as authentication, authorization, channel encryption and payload encryption. Experian takes security seriously and ensures that the right security measures are put in place to protect our data. For example, one of the recent APIs that was built this year utilizes OAuth, channel encryption, and payload encryption. The central role of APIs is promoting innovation and rapid but stable evolution, but they seem to only have taken hold selectively in much of the business world. Is the world of financial services truly ready for APIs? APIs have been around for a long time, but they are getting much more traction recently. Financial tech and online market place lending companies are leading the charge of consuming data, products, and services through APIs because they are nimble and fast. With standard API interfaces, these companies can move as fast as their development teams can. The world of financial services is evolving, and the time is now for them to embrace APIs in day-to-day business. How can APIs benefit a bank or credit union, for example? APIs can benefit a bank or credit union by allowing them to consume Experian data, products, and services in a standard format. The value to them is faster speed to market for applications (internal/external), ease of integration, and control over the user’s experience. APIs allow a bank or credit union to quickly develop new and innovative applications quickly, with the support of their development teams. Can you tell us more about the API Developer Portal? Experian will publish the documentation of our available APIs on our Developer Portal over time as they become available. Our clients will have a one-stop shop to view available APIs, review API documentation, obtain credentials, and test APIs. This is simplifying data access by utilizing REST API, making it easier for our clients.

Industry’s first smart plug-and-play fraud platform allows companies to connect their own solutions, Experian products and third-party vendors in one place to better protect their customers from fraud threats Experian unveiled the fraud and identity industry’s first open platform designed to catch fraud faster, improve compliance and enhance the customer experience. Experian’s CrossCore™ gives companies an easier way to connect any new or existing tools and systems in one place, whether they are Experian, internal or third-party partner solutions. This “plug-and-play” capability allows companies to rapidly adapt to changing conditions and risks. “Our clients have expressed frustration over the lack of a truly holistic industry solution that delivers the level of confidence and control they need without requiring a massive multiyear project to replace everything they have,” said Steve Platt, global executive vice president, Fraud and Identity, Experian. “New fraud threats, updates to regulatory requirements and customer expectations for a hassle-free experience are making it challenging for fraud and compliance teams to keep up. CrossCore will give them the flexibility they need to balance customer protection with customer experience.” The CrossCore open platform enables organizations to manage services through a common access point that supports a layered approach to managing risks across providers. CrossCore includes powerful workflow and strategy design capabilities that allow fraud and compliance teams to create and adapt strategies based on evolving threats and business needs. This helps them to respond more quickly and reduces the burden on IT. Fraud and compliance teams must constantly respond to new fraud threats and changing regulatory requirements by implementing new tools on top of existing solutions. “A layered approach is imperative, because fraudsters can break through each layer individually, but they will face greater barriers with each additional layer imposed,” said Avivah Litan, vice president and distinguished analyst, Security and Privacy, of Gartner.[1] Over time, as layers have been added and fortified, systems have become increasingly complex, expensive to integrate and difficult to manage, often increasing customer friction. A key feature of the CrossCore fraud platform is the ease of integration with third-party partner solutions. At launch, CrossCore will support fraud and identity services provided by third-party partners, including Acxiom® (Identity Solutions), TeleSign and many others already integrated with Experian solutions, with more being added to the platform. Previously, integrating third-party solutions required tremendous time and effort, which often challenged in-house teams to execute in a timely, efficient manner. Through CrossCore, the responsibility of integrating additional tools and systems moves away from those teams to the platform itself, enabling clients to select best-in-class solutions from multiple providers without creating a strain on resources. Al Pascual, senior vice president, research director and head of fraud & security for Javelin, said, “There are so many great niche solutions to work with, and new ones come out almost every day. To really have a world-class approach, the client has to put all those little things together, because there never will be one vendor who does it all. The market challenge is about how to make it faster and easier to bring things together to enable a more dynamic and fluid approach to managing risk.” CrossCore features Common access through a flexible API connects disparate systems to improve risk controls while reducing integration cost and complexity An open approach enables clients to connect and optimize a portfolio of best-in-class solutions across Experian, third-party services and existing systems Powerful strategy design and workflow decisioning functions enable fraud and compliance teams to apply services in any combination to get the level of confidence required A modern Software as a Service (SaaS) architecture provides scalability and the ability to make strategy changes dynamically with no down time Experian, which offers fraud and identity services in more than 44 countries, developed CrossCore to address the widespread market need consistently expressed by its clients for a faster, easier way to get more out of their existing systems and add new tools to improve their customers’ experience while minimizing risk. Companies can begin accessing CrossCore immediately, with the ability to turn on Experian services through a single integration, connect their own fraud and identity capabilities with a common API and turn on new services as they are added. The initial release includes key Experian products: FraudNet for Account Opening; Hunter®, for application fraud detection; Prove-ID, for international identity verification; and Precise ID®, for U.S. identity verification, including knowledge-based authentication. (KBA). Third-party fraud and identity service providers can engage with CrossCore to connect their services. “Now, companies can implement a new approach to managing fraud and identity services — one that will give them greater control over their risk exposure and enable them to provide a safer and more enjoyable experience for their customers,” added Platt. Learn more about CrossCore at https://www.experian.com/crosscore [1]Gartner, Identity Proofing Revisited as Data Confidentiality Dies, Avivah Litan, Dec. 12, 2013; last reviewed on April 28, 2015