Cybercrooks are stealing as much as US$1 billion a year from small and mid-sized bank accounts in the US and Europe, according to Don Jackson, a security expert at Dell SecureWorks. Online banking, in particular, has been bombarded with new, sophisticated malware and Zeus banking Trojan attacks. Banks are faced with continued risks in the growing trend of internal or employee fraud, where employees learn weaknesses in internal processes or have been entrusted with the company’s sensitive information and override controls to gain access to clients’ personally identifiable (PII) data. According to the 2011 KPMG report, Analytics of Global Patterns of Fraud, this type of fraud often involves collusion with third parties. Online and employee fraud can be very difficult to catch since oftentimes the information is sold to organized criminals for sophisticated account takeover attacks.
It’s not the thought that counts
Fraud experts at many financial institutions know they need to do more to deter and detect fraud. Fortunately, today’s advanced analytics provide a means for organizations to sift through volumes of data and transactions to make intelligent, real-time decisions to determine if a transaction is fraudulent and decide what steps should be taken. Unfortunately, many banks have not taken the necessary steps to implement the type of layered analytics that are required to thwart early signs of invasion. This layered or hybrid analytics approach includes rules, anomaly detection, predictive analytics and social network analysis that can be called on based on the specific type of fraud instance that is occurring. This is part of a risk-based approach that can quickly triage specific alerts that might be more costly to the financial institution – based not only on dollar impact, but also reputation.
For example, a fraudster steals a client’s credentials and then patiently monitors the types of transactions the client usually makes, such as regular bill payments, deposits, spending, withdrawals and inquiry habits. Then the fraudster makes his move using the client’s credentials to call into the call center and open a small business account with the same phone number but possibly a different address. The intention of the criminal is to deplete the clients account, transfer funds over to the new account, wire the money oversees and move to the next victim. By the time the bank’s systems or banking client realize the account is depleted, the money is gone and the client is furious. Due to the sophisticated types of malware, this has become a typical scenario and financial institutions are usually one step behind.
Stepping up the game
Real-time customer behavior analytics on every transaction becomes the secret sauce to differentiate what most fraud technology solutions are lacking today. Add to that the ability to access social media data such as unstructured data from sites including Facebook, LinkedIn and Twitter. Other types of important data can include web browser data, IP device data, various black list and white list and you start to add to the power of what the analytics can do to help make decisions more accurately. Take that a step further and utilize network analytics to visualize any associations to known bad guys or unusual behavior. This level of analytical approach is not easily accomplished with most systems implemented today. When applied to the earlier scenario and leveraging all of that unique data regarding the client’s behavior; the bank might have detected movement in and out of the account that was coming from a suspect IP address, or that there were multiple inquiries into the account at the same time. This level of knowledge can only come from multiple analytical techniques working from both traditional and nontraditional data inputs with real-time transaction analysis.
It is time for a new strategy and approach that requires new analytical approaches, new sources of data, and collaboration between organizations on known bad data and emerging fraud threats. Without a fresh and innovative approach using the right level of analytics, the decisions made today might just be working in the favor of fraudsters. If you want more information on stopping fraudsters in their tracks, download the white paper Hit ‘em Where It Hurts.