Security

10:45 AM
Wesley Wilhelm
Wesley Wilhelm
Commentary
50%
50%

Is Wire Transfer Versioning Protecting Your Wires?

Logging data for every change made to a wire transfer can enhance banks' ability to find fraudulent transactions.

In recent years, high-visibility fraudulent wire transfers have become well documented and the bane of many financial institutions. But it doesn’t have to be that way. Whether the customer is the victim of an account takeover attack, compromised login credentials, or a man-in-the-browser attack, wire versioning analysis technology has proven to offer significant benefits to improve wire transfer fraud detection.

Assessing the risk within a specific wire transfer requires the analysis of the wire at each point in its journey. Changes -- including wire transfer amounts, destinations, payees, comments, and beneficiary banks -- can significantly alter the level of risk inherent in the wire.

Why is risk assessment improved by having the entire lifecycle of the wire transfer request examined?

If the wire system does not log and forward the various iterations the wire goes through before it is released, valuable contextual information is lost. At this point, the bank faces two bad choices: It could choose the wire as it was initiated to get the alerts earlier, and ultimately lose any information that changes the beneficiary, amount, or other important details. Or, the bank has to choose the wire as released, significantly delaying the investigation and providing no visibility to the changes it went through prior to being released. Not monitoring the changes to the wire transfer from its creation, through to its release, is a potentially risky lapse.

This is why versioning is so helpful. Each change to the wire on the portal is logged and added to the versions of the wire analyzed. Comparisons between versions yields informed context for determining if the changes are indicative of fraudulent wire activity. By scoring each wire transfer version, you can flag risk as soon as it appears, providing valuable analysis time for wire fraud investigators, and you can take into account the channel details of each user who touched the wire. 

FFIEC guidance, regarding layered security programs, discusses the need to look at “customer history and behavior.” This guidance should be interpreted to mean, not only completed monetary payment behavior, but also behavior of the users on banking channels. Therefore, it is important to monitor the versions to see if a user is operating in an atypical manner. By scoring each version, you can flag risk as soon as it appears, instead of waiting until the wire is about ready to be released.

Any business that relies on the effective use of wire transfers -- such as escrow and cash management companies -- should know definitively if its banks are evaluating the intermediate versions of the wires they send or if they are just evaluating the wires as they are entered or released. If the answer does not include the use of wire versioning analysis, then a deeper process review should follow.

At many financial institutions, the customary due diligence of wire transfer version monitoring is becoming “best practice.” And where it is not, it should be. This is important because the process permits evaluation of the various versions the wire transfer passes through, and it also addresses the fact that more and more portals are capturing and passing the information through the processing system to fraud systems for evaluation. Wire versioning technology is available to improve your odds against the latest attacks -- but you have to use it well to reap the benefits.

Wesley Wilhelm (Wes) has more than 30 years of experience in banking and consulting to the financial services industry, with extensive knowledge of fraud management, payments, and retail banking technology and operations. He has held numerous management positions in risk and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Byurcan
50%
50%
Byurcan,
User Rank: Author
8/1/2014 | 9:32:38 AM
Re: The common security concerns for businesses and ways to mitigate them
Indeed, even if a data breach is a retailer's fault and not a bank's, the bank will still get blamed so they must be vigilant.
Williams2703
50%
50%
Williams2703,
User Rank: Apprentice
8/1/2014 | 3:37:26 AM
The common security concerns for businesses and ways to mitigate them
Hackers frequently steal important data and misuse them which harm customers trust in an organization. Banks and payment processing companies will have to collectively take responsibility for incidents such as this and take adequate measures to ensure they have a secure and protected payments system. I work with McGladrey and there's a whitepaper on our website that offers useful information on the common security concerns for businesses and ways to mitigate them.   @  "Two common Web application attacks illustrate security concerns"  http://mcgladrey.com/content/mcgladrey/en_US/what-we-do/industries/consumer-products/count--manage-and-move-warehouse-inventory-control-strategies.html
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video
Bank Systems & Technology Radio