4 Ways Banks Can Improve Their Fraud-Fighting Efforts
Connect Fraud, AML, Security Data To Spot Patterns
While techniques evolve, today’s threats are as old as the financial system itself. Cyber criminals are after money or other assets of value. Hacktivists are politically and socially motivated so their attacks are often highly visible (e.g., DDoS). While they aim to disrupt services, attacks can result in financial loss and reputational damage. Criminals may use DDoS as a diversionary tactic while executing fraudulent activity.
It’s challenging to understand “normal” customer behavior across devices and entry points. Many are implementing identity- and behavioral-based fraud detection systems designed to identify and address issues before they become major problems. Banks should connect fraud, anti-money laundering and security data to recognize patterns and suspicious behavior.
It’s a delicate balance to successfully protect against fraud while minimizing customer disruption. Banks should acknowledge that the customer end point is compromised. Real-time, behavioral-based fraud detection helps allow legitimate transactions while blocking malicious attacks. Early detection is critical to minimizing consequences.
Security must be an ongoing practice, not a one-time exercise. Rules should continuously be updated in response to new attacks. With mobile applications, operating system updates should trigger an assessment. Independent security assessments should be an integral part of the process.
According to EY’s Global Consumer Banking Survey 2012, greater confidence in security would encourage 78 percent of young people to make greater use of mobile banking. Banks should communicate to provide their customers with greater assurance about the security of online and mobile banking. Security is a shared responsibility. Conveying how security practices will benefit the customer will promote accountability and more secure online behavior.
-- Chip Tsantes, Principal for information Security Advisory Services, EY