05:07 PM
Connect Directly

4 Ways Banks Can Improve Their Fraud-Fighting Efforts

Banks are investing more than ever in fraud detection and prevention efforts. Here are recommendations for getting the most out of those investments.
4 of 4

Adopt A Layered Approach Leveraging Multiple Analytical Techniques

There has been an increase in both frequency and complexity in bank fraud. Opportunistic fraudsters are taking advantage of financial institutions’ customer-centric programs, while organized fraudsters are becoming more and more sophisticated in multi-dimensional attacks. Today's fraud exposure is growing with more advanced plays involving everything from cyber to organizational and logistical capabilities to attack banks in multiple locations at once.

We believe that banks need to look at layered approaches to predict fraud and protect the organization on multiple levels. Organized fraudsters are smart and know how to defeat your models and your rules, but they leave trails. Banks need the ability to identify these trails, and uncover how the fraudsters mask their identities. On the other hand, opportunistic fraudsters do not leave trails, but can be caught with more sophisticated predictive analytics.

Banks also must widen their observation space, which defines the areas and sources of data that they can analyze and observe behavior. The richer and broader that you can make this space, the more likely you’ll be able to disrupt and defeat the more sophisticated fraudsters.

There’s no magic for balancing fraud protection with customer convenience, but a layered approach can go a long way for financial firms. Banks cannot separate fraud from other customer-centric activities. Launching a customer-focused enterprise or doing a digital transformation and other customer-focused initiatives create avenues and opportunities for fraudsters.

To protect themselves from both organized and opportunistic fraudsters, banks need to be able to model behaviors using predictive analytics and have the ability to recognize and understand history and relationships. Otherwise, if an individual exhibits a behavioral tendency that indicates that he or she is a fraudster, but if a bank doesn’t connect that information to the individual’s identify or relationships, the institution could make a big mistake in flagging the activity as fraudulent. On the flipside, today’s sophisticated analytics may be able to uncover hidden patterns and relationships that can help banks to contain fraud and better manage risk while improving customer relationships.

The normal approach is to use pattern recognition and behavioral tendency, but if you don’t couple that with identity detection and relationship analysis, you could come up with many false positives. It all goes back to the essential layered approach that leverages multiple advanced analytical techniques.

-- Rick Hoehne, Global Leader for Fraud Solutions for IBM Global Business Services, IBM


Peggy Bresnick Kendler has been a writer for 30 years. She has worked as an editor, publicist and school district technology coordinator. During the past decade, Bresnick Kendler has worked for UBM TechWeb on special financialservices technology-centered ... View Full Bio

4 of 4
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.