Balancing world-class security and convenience Polish-born financial solutions company expands into Japan: Supporting Japan's financial security with precedents from around the world

　Because of the global pandemic of the new coronavirus infection, many of the services that were traditionally provided face-to-face have moved online. Cybercriminals want to change that. Especially in financial transactions, phishing scams that steal ID and password information used for "authentication" to prove identity are intensifying. In 2021, there will be an increase in smishing (SMS Phishing), in which messages are sent to mobile phone numbers to direct users to fake sites by pretending to be the name of a bank, and the police and industry groups are calling for caution.

　In addition to raising awareness of fraud methods among users, it is also necessary to strengthen technical countermeasures. Comarch, an IT company born in Poland, supports such financial institutions.

Solid implementation track record in the financial industry

Comarch is headquartered in Krakow, Poland. Since its founding in 1993, it has a track record of introduction in a wide range of fields such as telecommunications, telecommunications services, IoT & healthcare, and public institutions, and is also working on innovation by setting up an IoT laboratory on the headquarters campus in Krakow.

In 2017, with the support of JETRO, the company established a Japanese subsidiary, Comarch, and entered the Japanese market. We propose solutions directly to customers or jointly with multiple partner companies such as SCSK.

　One of the fields in which Comarch excels is in the financial industry such as banking, insurance, and securities. Deploying a wide range of financial portfolios, including corporate banking, factoring, loan origination, and asset management, both on-premises and in the cloud, and has a track record of being adopted by major financial institutions such as MUFG Poland branch, BNP Paribas, Allianz, and AXA Life Insurance. .

　The company has been focusing on cybersecurity and anti-money laundering related products in recent years. “We have met the stringent security needs of financial institutions,” said Julia Poyata, business development manager at Comarch. Based on our track record of complying with European regulations such as the EU General Data Protection Regulation (GD), which imposes strict personal information regulations, and various certifications such as PCI DSS, which protects credit card transactions, It is said that adoption is spreading beyond financial institutions.

All developed in-house, balancing remote access security and convenience

Comarch provides products that protect devices from cyber threats, multi-factor authentication, transaction authentication, ID access management (IAM: Identity and Access Management) in both software and hardware, and a consulting service that surveys the security level of customers and advises on issues and what they need. At its core is a suite of solutions that enhance the security of external access to bank services and systems.

"Nowadays ID and password alone cannot ensure sufficient security. Comarch's threat protection software 'Comarch Smooth Authentication' prevents access to the financial system by asking 'Is the state of the device safe or rooted?' Is it in debug mode? Is there malware or unauthorized software lurking? Is there evidence of past unauthorized access?” (Mr. Poyata)

　If the score exceeds a certain value, it is judged to be "risky" and two-factor authentication or multi-factor Require authentication. Furthermore, it is possible to refer to the location information tied to the IP address and the GPS location information, and to deny access if they do not match.

Comarch provides a tool "tPro" that implements a series of multi-factor authentications. There are hardware tokens, smart cards, smartphone applications, and libraries available, and it can be used in combination with the biometric authentication function of smartphones or incorporated into applications developed independently by user companies. Furthermore, through access control after passing authentication, comprehensively control what users with what IDs access from what IP addresses and what they use, and save that information for future investigations and audits.

``Requiring users to manage complicated passwords can be a burden,'' says Poyata. Comarch offers dynamic, risk-based authentication to balance user convenience and security.

　Teleworking at financial institutions is considered difficult due to security issues. However, Comarch comprehensively provides authentication tools, access control, and VPN, which can also be applied to telework security. The company itself said that during the 2020 pandemic, about 5,000 employees transitioned to a telework system in three days using tPro's multi-factor authentication and VPN.

"Both the device and the code are all controlled at our base in Poland. By developing everything in-house, we eliminate the risk of contamination with malicious parts and software imported from overseas in the supply chain, reducing costs. It is compatible with fields that require a high level of security while at the same time dropping security.” (Mr. Poyata)

Use AI to accurately detect money laundering and support efficient fraud countermeasures

　In recent years, AI has been attracting attention among the financial products provided by Comarch. It is an anti-money laundering solution that utilizes

　Financial institutions around the world are working on countermeasures against illegal remittances. In 2008, the Third Financial Action Task Force (FATF) Mutual Evaluation of Japan evaluated 25 out of 49 items as "requiring improvement." , Financial institutions are working on anti-money laundering by reviewing procedures and systems.

　However, the "cat-and-cat game" with criminals continues. In recent years, it is said that there have been cases in which an internal collaborator has been created to understand the rules of an anti-money laundering system, and attempts have been made to evade detection by disguising normal transactions. In the "FATF Fourth Review Report on Japan" released in August 2021, Japan was positioned as a "priority follow-up country." Eleven priority actions to combat money laundering and terrorist financing will be designated, requiring three follow-up reports before a follow-up assessment after five years.

　Based on the fact that measures tend to be delayed globally, domestic financial institutions are required to take further measures. The challenge is how to reduce false positives and efficiently detect fraudulent transactions.

　Currently, many banks are adopting rule-based systems based on conditions such as 'raise an alert if there is a transaction of this amount at this frequency from this country'. Thousands and tens of thousands of alerts, including detections, are raised every month, and analysts are busy examining them.This operation is inefficient and costly, and needs to be improved." (Mr. Poyata) )

Comarch solves this problem by combining an existing rule-based system with a detection module that utilizes AI.

``By analyzing patterns with AI, scoring risks, ranking suspicious ones, and providing them to experts, efficient fraud countermeasures are possible. It will also be possible to respond quickly in cooperation with other organizations,” says Poyata. Since the system is modular, it can be introduced without replacing existing anti-money laundering systems.

　In the verification conducted by Comarch with customers, 6% of all transactions were judged to be "suspicious of fraudulent transactions". Upon closer inspection, 89% of them were found to be money laundering. "We've achieved a very high degree of accuracy," says Poyata confidently.

　In the uncertain future of the corona crisis, it is necessary for companies to develop new businesses in order to survive. But that's only possible with the backing of security and anti-fraud measures. Mr. Poyata said, "I would like you to look around the world and introduce the best options while creating an environment that is easy to use and safe." .

Related Links