How to monitor activity to counter fraud

In the second of a two-part review of cyberfraud and risk management approaches, James Richardson, Head of Market Development Risk and Fraud for Bottomline Technologies, reviews the benefits of advanced activity-monitoring to provide the highest levels of fraud prevention The first part of this payments security review looked at how a comprehensive fraud prevention approach needs …

by | May 2, 2017 | Bottomline

In the second of a two-part review of cyberfraud and risk management approaches, James Richardson, Head of Market Development Risk and Fraud for Bottomline Technologies, reviews the benefits of advanced activity-monitoring to provide the highest levels of fraud prevention

The first part of this payments security review looked at how a comprehensive fraud prevention approach needs to extend well beyond identity authentication and intrusion protection in order to safeguard against the full threat profiles the global financial community faces.

Recognising that 78% of fraud losses involve insider employees (KPMG), focusing solely upon strengthening our digital perimeter defences against unauthorised access overlooks the significant internal ‘authorised’ vulnerabilities. This second instalment expands upon the steps organisations can take to counter the threats we face.

Inside the house

To the financial institutions charged with protecting other people’s money, fraud poses a monumental risk. An increasing number of banks have faced significant financial loss and reputational damage because of payment fraud and cyber-crime. Understanding that a clear majority of fraud is initiated internally or in collusion with third parties, financial institutions face considerable challenges to address a highly complex threat environment.

You may have adopted for the highest levels of security to protect your networks and systems from external cyber-assault, but how can financial institutions further protect themselves from malicious insider activity?

Simply put, without visibility into authorised users' behaviour and end-to-end payments life-cycle monitoring, organisations are missing critical layers of defence and are unable to effectively stop fraud and data breaches before they happen. Process-wide user behaviour monitoring and payments analysis systems go far beyond securing the ‘borders’ of your organisation, and can deliver unparalleled risk-mitigation, visibility and real-time alerts based on user activity.

Highly sophisticated technology is available today that can provide a virtual ‘surveillance camera’ of process activities. These powerful fraud prevention capabilities form a critical and effective infrastructure for combating internal fraud and information leakage, enabling proactive defences against internal and external threats, rather than mere ‘after-the-fact’ responses.

Automated detection

With the ability to non-invasively record, monitor, and analyse authorised user activities across all your major payment applications and processing platforms, behaviours or trends that deviate from established norms can be flagged and even automatically stopped. These capabilities could have prevented some of the recent payment fraud cases that have hit the headlines over the past twelve months. The most common issues leading to payment fraud, such as payment instructions being initiated by users at odd hours, for anomalous amounts, at significantly increased volumes, or benefiting unfamiliar recipient accounts, need never be a worry.

Any review of enhancing your existing fraud detection capabilities should include ensuring that automated blocks can be made in real time, with security officers able to receive instant alerts so they can act on suspicious behaviour as it occurs. Detecting fraud at the end of day is already too late.

Fraudsters are utilising increasingly sophisticated tools and technologies to counter established defences and security systems. A flexible, configurable and comprehensive user monitoring methodology provides a highly agile and versatile detection environment to counter the evolving threat landscapes we face.

Behaviour monitoring

What is the likely impact on your employees following the introduction of this level of automatic detection capability? Creating user accountability can have a positive impact in helping to foster a secure and transparent environment for staff. Several case studies confirm that once users are aware system actions are being monitored, unauthorised activity is deterred and prevented.

The insights from implementing such a comprehensive fraud prevention approach can provide several risk-management benefits:

  • • Creates accountability among authorised users
  • • Shifts from transaction tracking to human behaviour monitoring
  • • Increases organisational security with central visibility into user behaviour across all sensitive applications
  • • Acts on suspicious behaviour as it occurs, rather than reacting after crimes and fraud have been perpetrated
  • • Can reduce investigation time significantly and improve its effectiveness in identifying, analysing, and documenting suspicious behaviour

With user behaviour monitoring, financial institutions have been able to prevent fraud and improve productivity through increased speed of investigations. Any evaluation of monitoring capabilities should ensure all applications (including legacy systems) can accommodate non-invasive data inspection, with a common set of reports and dashboards that combine information across systems.

Costs of complacency

With growing rates of financial fraud, it is important that your existing risk mitigation and fraud prevention systems are regularly reviewed. A comprehensive cyber fraud and risk management approach can ensure you keep your finances, your data and your business reputation secure. The costs of complacency can be significant – in many instances the direct financial impact from fraud can be eclipsed by the severe reputational damage that can follow from highly publicised exposure.

External intrusion prevention and user authentication best-practices should of course be followed, but this needs to be viewed as an outer base layer to a more comprehensive security approach. Can your organisation afford anything less?

Download your copy of the 5 Keys to Staying Ahead In a Fast-Moving Threat Environment whitepaper by Bottomline Technologies to learn more.

Categories:

Resources

IBS Intelligence Managing Editor Robin Amlot speaks to Mohammed Kateeb

Best Practice | Banking IBS Intelligence Managing Editor Robin Amlot speaks to Mohammed Kateeb

Path Solutions

IBS Intelligence Managing Editor Robin Amlot speaks to Mohammed Kateeb

One year after the start of the novel Coronavirus pandemic worldwide, Robin Amlôt asked Mohammed Kateeb, the Group Chairman &… Continue Reading

View resource
General Ledger: Easy to Overlook, Impossible to Ignore

Other | Asset management General Ledger: Easy to Overlook, Impossible to Ignore

FundCount

General Ledger: Easy to Overlook, Impossible to Ignore

Today’s general ledger is such an integral part of any accounting process that it is easy to overlook the power… Continue Reading

View resource
Regulatory reporting: 7 Questions with Philip Flood, Gresham Technologies

Other | Behavior detection & predictive analytics Regulatory reporting: 7 Questions with Philip Flood, Gresham Technologies

Gresham Technologies

Regulatory reporting: 7 Questions with Philip Flood, Gresham Technologies

Philip Flood, Business Development Director, Regulatory and STP Services, recently joined the ‘7 questions with…’ podcast with Gert Raeves of… Continue Reading

View resource
Case Study: Portfolio & Partnership Accounting Software - Multi-Family Office

Case Study | Asset management Case Study: Portfolio & Partnership Accounting Software - Multi-Family Office

FundCount

Case Study: Portfolio & Partnership Accounting Software - Multi-Family Office

FundCount’s comprehensive accounting and reporting software seamlessly integrates all investment and partnership accounting through a single general ledger. It enables… Continue Reading

View resource