Shulou(Shulou.com)06/01 Report--

Recently, the Payment and Settlement Department issued the Notice on Strengthening Risk Prevention of Settlement Accounts of Class II and III Banks (hereinafter referred to as Class II and III Accounts). Notification requirements:

I. Carry out comprehensive risk investigation. Banking financial institutions shall carry out comprehensive self-inspection on relevant systems and back-office systems for handling Class II and III household business through electronic channels such as online banking, mobile banking, direct-selling banking and mobile app, and take regulatory measures such as ordering rectification and suspending Class II and III household business for banks with potential safety hazards. In addition, the suspicious risk characteristics of Class II and III households are listed in detail. Two abnormalities need to be investigated: one is abnormal account opening behavior, and the other is abnormal transaction behavior after account opening. The Payment and Settlement Division also listed 12 specific situations for these two types of anomalies. Details are as follows:

(1) Abnormal account opening behavior

Customers open multiple Class II and III accounts continuously with the same identity (including the same ××× number, or the same binding account, or the same mobile phone number, etc.). Different customers use the same terminal equipment (including the same equipment ID, the same network address, etc.), the same binding account or mobile phone number to open multiple Class II and III accounts. The mobile phone number used by the customer belongs to the mobile phone number of the virtual operator sold on the network. Within a period of time, a number of newly added Class II and III households present centralized characteristics, including but not limited to the concentration of bound account opening banks in a few banks, the concentration of account opening time in abnormal time periods such as early morning, the concentration of customers in the same or similar age groups, the concentration of customers in similar network addresses or geographical locations, the concentration of customer ×× numbers in a few regions, and the concentration of customer ×× addresses in the same or similar addresses and inconsistent with the corresponding regions of ×× number segments. Customer mobile phone numbers are concentrated in a few belonging areas, customer mobile phone numbers are consecutive or concentrated in the same number segment, etc. The information filling and program interaction in the process of customer application for account opening are too fast, which exceeds the reasonable range of manual operation speed. The frequency and quantity of new accounts opened by banks are abnormally increased, the number of new accounts is sharply increased, the time interval of new accounts is short or presents certain rules, and the frequency and quantity of new accounts are inconsistent with their own business scale and customer group characteristics.

(II) Abnormal trading behavior after opening accounts After the opening of Class II and III accounts, continuous transaction failures occur, or non-capital change transactions such as identity verification, binding or signing occur within a short time. After Class II and III accounts are opened, identity verification requests are received without any deposit. After Class II and III accounts are opened, there are obvious differences between the terminal equipment ID, network address and geographical location of transactions and when applying for opening accounts. After Class II and III accounts are opened, customers immediately or repeatedly modify mobile phone numbers and bind accounts. Multiple Class II and III households with different identities log in or operate at the same terminal equipment or network address. The initiators of identity verification transactions of multiple Class II and III households with different identities are concentrated in a certain bank, or the transaction time of identity verification is concentrated in abnormal time periods such as early morning.

II. Improve risk monitoring and disposal mechanisms. It is required to establish and improve the risk monitoring mechanism for opening accounts and transactions of Class II and III households, improve the risk monitoring model with reference to the suspicious risk characteristics of Class II and III households, focus on preventing and timely blocking the abnormal situations of concentrated interruption and batch opening of Class II and III households, and continuously carry out risk monitoring and early warning. If the bank monitors the risk situation of Class II and III accounts, it shall immediately investigate and report, and suspend the account opening business of Class II and III accounts within 30 days from the date of discovery until the risk monitoring and loophole rectification are completed.

III. Strengthen the supervision and management of account business. Account opening shall be strictly checked for consistency of ××× and networked verification system, and bank accounts and credit card affiliated cards in abnormal states such as inactive, only receiving but not paying, not receiving but not paying, frozen and cancelled shall not be used as binding accounts of other banks for Class II and III accounts without deposit after opening electronic channels. Banks with risk situations of Class II and III households shall earnestly safeguard the legitimate rights and interests of customers, do a good job in customer explanation and complaint handling, pay close attention to public opinion information and respond in time.

To sum up, this notice focuses on describing the risks related to Class II and III households and abnormal behaviors of users in the bank's Internet end system, requiring the bank system to have risk self-inspection, monitoring and disposal mechanisms, and strengthening the supervision and management of account business. For the problems involved in this notification, InfoBeat team started systematic research in these aspects as early as one year ago, and launched InfoBeat threat situational awareness system and InfoBeat intelligent data platform to carry out dangerous behavior awareness of Internet mobile applications and timely feedback to the operation and maintenance management personnel of each application product through behavioral data analysis.

Here's how InfoBeat solves these problems:

First, the account opening behavior is abnormal. InfoBeat collects the user's environment before registration in real time through probes, and leaves corresponding records. Then, an analysis model of abnormal account opening behavior is built according to each core data, and the real-time data is compared with the analysis model in a time period. Once similar suspicious behavior occurs, the operation of the account opening user is interrupted and closed by a preset rapid response strategy. Therefore, the abnormality of account opening behavior is avoided, and the data is reported to the operation and maintenance management personnel of the application in real time.

Second, abnormal transaction behavior after account opening is to collect all behavior path data after account opening, and then establish an analysis model to compare with abnormal transaction position after account opening, similar to relevant operations of abnormal account opening behavior, so as to carry out closed loop and data reporting of such abnormalities.

Third, according to the reported data of abnormal behavior, risk monitoring can be performed on the functional module corresponding to the application, and an early warning report can be provided to the application manager to optimize the operation of the application system.

Fourth, InfoBeat not only collects user account opening environment data and user behavior data in real time, but also accesses third-party data for analysis. It is possible to detect the state of the user who has already opened an account, and it can effectively reflect the true purpose of the previous user.

Fifth, after analyzing and comparing suspicious user data, extract users with dangerous abnormalities, isolate them, and submit data reports for operators to inform these users to prevent risks in time, reduce losses and protect the legitimate rights and interests of users.

InfoBeat team is committed to researching the security and operation related to mobile applications, matching the analysis models of various data applications, implementing intelligent operation tools, optimizing product operation and security escort for banking, government and enterprise, new media, automobile, electric power and other industry applications. At present, there are many banks and financial institutions and government and enterprise units in China that have cooperated with our company, such as: contractor bank, Guizhou bank, Tianjin bank, Everbright securities and State Grid, etc.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.