News & Commentary

10:40 AM
Lou Anne Alexander, Early Warning Services
Lou Anne Alexander, Early Warning Services

Using Data and Analytics to Fight Fraud

As financial institutions enhance the data they are willing to apply toward helping alleviate fraudulent activity, it could have a game-changing impact in the fight against fraud.

Fraud still poses a very real threat to financial institutions and businesses because, in most cases, they bear the majority of the financial burden.

That is not to suggest that consumers do not pay. We read stories everyday of consumers who struggle to regain losses and reputations after being victimized by fraudsters. As a result, those customers are less likely to engage in day-to-day transactions, open new accounts or explore new services such as automated bill payment and mobile offerings. Their victimization ripples back to institutions and businesses in the form of additional lost revenue.

Consider these numbers:

  • From the latest American Bankers Association research, attempted check fraud totaled $11 billion in 2011. Debit card losses cost the industry $954 million;
  • The 2012 AFP Payment Fraud & Control Survey by the Association of Financial Professionals (AFP) reported that two-thirds of businesses were victims or near-victims of fraud in 2011;
  • CyberSource’s 2012 Online Fraud Report estimates that online fraud resulted in total revenue losses of $3.4 billion to Web-based merchants in 2011; and/li>

  • LexisNexis estimates that in 2012, the “true” cost of fraud for merchants will be $2.70 for every one dollar lost to fraud.

The Financial Crimes Enforcement Network (FinCEN) reports that – based suspicious activity report (SAR) filings – money laundering, consumer loans fraud, debit card fraud and mortgage fraud hit all-time highs in 2011. Fraud remains a serious problem and the perpetrators behind these crimes can cover the gamut: small-scale operators to big-time, global fraud rings.

Chris Swecker, a former top FBI official who now works as a fraud-prevention consultant, said, “International-based crime is extensive. We are seeing incredibly complex credit card and ID theft rings that operate beyond the reach of domestic law enforcement. Many of these rings operate virtually; in some cases, the criminals do not even know one another.”

Lawmakers have recently passed legislation designed to detect and protect consumers, businesses and financial institutions from a multitude of fraud schemes, but author and trend-spotter Don Tapscott is not certain that laws alone are enough to contain the rising threat of fraud. “The financial services industry does not need a fresh infusion of new regulation. It needs a whole new modus operandi; it needs a whole new infusion of collaboration.”

He believes that financial institutions would do better to embrace a collaborative model between them, one that can keep pace with the increasingly complex patterns of fraud that have developed during the same time.

One reason thought leaders such as Tapscott suggest a cross-institution approach is because fraudsters today are more likely to work across many channels, business lines and banks. It is not uncommon for a compromise in one business line or channel to trigger losses in another. A fraudster who has gained access to an online channel may draw down a credit line. These funds might then be disbursed through a variety of channels such as check, ACH, wire, online bill pay, online account-to-account transfer or even a fraudulently obtained card.

Widespread fraud has forced financial institutions to rethink how they treat the problem, recognizing fraud is not a competitive issue. All boats rise in the tide, and by working collaboratively – sharing data and information – it could help the entire industry. It can be likened to fire safety: fireproofing a single home is good; fireproofing the entire block is better. But in today’s global marketplace, is fireproofing the block insufficient?

As one bank executive told me, “The financial ecosystem has become so large that often departments within a single bank may not have an accurate financial picture of their customer.” However, when all different departments and institutions share their information, it creates a much more complete customer picture for them. And individually, they are in a better position to serve them.

There is no end game for us. Fraud is responsible for billions of dollars in losses to banks and credit unions each year. We are never going to eliminate all of the threats – but we can continue to push those threats into corners and make them more manageable. When I began my career in the financial services industry more than 25 years ago, banks focused on fraud detection by submitting an inquiry and receiving a response. Not only have fraudsters become more sophisticated since then, so have financial institutions and the tools they use to fight fraud. Today, we are in a unique position to use shared data and analytics to proactively identify – and in some cases, warn – about high-risk individuals, scammers, thieves and even networks of money launderers operating in the financial ecosystem. These tools are available, and now is the time to take advantage of them.

Lou Anne Alexander is chief market development officer for Early Warning Services LLC

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.