09:00 AM
Mike Urban
Mike Urban

The Challenges & Opportunities in Electronic Payments Fraud

How banks can take a proactive approach to fraud prevention with systems integration and layered fraud monitoring.

The risks of electronic payments fraud are real and multiplying every day. In 2013, three out of every five organizations were subject to attempted or successful payments fraud, according to an Association of Financial Professionals survey, and 63 percent of organizations reported either adopting new security measures or plans to do so in the near future. As check, ACH, wires, and credit/debit cards are increasingly vulnerable to a growing array of fraud risks, banks are challenged to provide a sophisticated technology strategy for fraud detection and prevention.
As consumers’ preferences continue to shift toward mobile and apps for daily banking activities, financial fraud has become increasingly complex and recurrent across all banking channels. Criminals today coordinate fraud schemes across all transaction channels and threshold detection systems often cannot keep up with the wide array of attacks on data and data sources. The wide range of access points for financial information -- including smartphones, tablets, office, and home computers -- gives fraudsters an array of options to plan and execute their attack. To keep up with this rapidly growing threat, banks must evolve from the traditional, siloed method of fraud detection to a proactive, analytic approach.
A strategic approach to electronic payments fraud prevention will help banks move away from the ineffective and inefficient manual processes still widely in place today. Many institutions perform manual reviews of transactions prior to initiation, an approach that is laborious, not scalable, and significantly more error-prone than an automated strategy. For electronic payments fraud prevention strategies to be successful, the processes must be tightly integrated with transaction processing systems. This integration enables real-time interdiction, reduces "swivel chair" activity between systems and creates tailored actions that are called automatically, based on policy. Automated systems can provide a more comprehensive view of customer behavior by leveraging analytic calculations and algorithms to detect and flag suspicious payments activity. Furthermore, these capabilities deliver very low false positives.
As financial criminals evolve, so too must electronic payments security models. A layered security model is one answer to this challenge. Layered security is characterized by the use of different controls at different points in the transaction process so that a weakness in one control is generally compensated for by the strength of a different control. For example, behavior profiling and fraud alerts are two critical components of transaction monitoring, while phishing site detection and pre-emptive forensics are typically involved in mitigating website fraud. Should one of these capabilities be compromised, the others are still in place, working together to detect and prevent the financial fraud action or attempt.
Despite considerable advances in digital payments technology, the risk of financial fraud remains and, in fact, is growing daily. For banks to stay ahead of these increasingly sophisticated criminals, robust, responsive, and automated technology is key. Banks that implement an integrated real-time fraud detection and prevention system with data analytics capabilities will be well positioned to repel malicious attacks using their strengthened electronics payments fraud defenses.

Mike Urban is Director of Financial Crime Risk Management Solutions at Brookfield, Wisc.-based Fiserv. He has more than 18 years of experience in financial crime management. He analyzes financial crime issues and trends to provide continuous ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
7/10/2014 | 3:14:28 PM
Electronic Payments Fraud
The growing number of access points that Mike mentions is going to continue to explode with tablet adoption expected to accelerate, and the potential for wearables. Add to that the push for real-time payments, which requires faster decisioning, and the measures that Mike talks about will become more and more important.
User Rank: Apprentice
7/9/2014 | 10:33:57 AM
Data analytics is a powerful fraud prevention and policy enforcement tool

Interesting article. Fraud at any level needs to be nipped in the bud to ensure there are no losses or at minimal. Banks can leverage data analytics which will help them in prevention of fraud. I work for McGladrey and there's a very informative whitepaper on our website that readers of this article will be interested. @ Data analytics is a powerful fraud prevention and policy enforcement tool

User Rank: Author
7/9/2014 | 9:09:45 AM
Good article, Mike. Banks must be proactive staying ahead of the constantly changing and evolving fraud landscape.
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.