Community

I think saying "if you could only do one" can be a dangerous game and is probably not beneficial since I really do believe in a layered approach.

With regards to giving a weight to the various options (event monitoring, multi-factor auth and transaction auth) I think event monitoring should probably comprise about 50% of your total solution (budget/efforts/etc) and the others spread evenly at 25% each.

If you implement a multi-factor auth solution to authenticate logons, then you should be definitely using the same system to authenticate payments or other key account activity as well, to maximise its value.

Fraudsters are always looking for new ways to steal money, and this is an example of how they are working across different platforms to breach security. However, I think it is wrong to say that this necessarily enables them to 'fly under the radar of fraud detection systems'. True - many financial institutions use out-of-band authentication - but it is rarely used in isolation.

The strongest fraud detection always comes back to one key premise - knowing your customer: knowing what transactions they do, who they send money to, what amounts they spend, where they log on to their online banking site from, when they typically do transactions etc. Banks have got, at their fingertips, everything they need to build up a detailed picture of normal behaviour for their customers and any transaction that falls outside of that, even if it has apparently been authenticated by a mobile phone, should still be treated as suspicious.

Of course, it is important to educate customers about threats, and ensure they know not to open suspicious messages or links - but the right security system needs to assume all these things will happen anyway, but the customer is still protected.

Unfortunately, I'm not surprised by these figures. Fraud, of all types, is a serious problem across all areas of society, and I completely agree with the NFA that everyone has to play their part to help beat the criminals. For their part, banks in the UK and around the world make significant investments in their fraud prevention tools and people, using many different techniques to try to identify any suspicious activity and stop fraud as soon as they can. But it isn't enough to leave the problem to the government, police or banks, every single person must also take fraud seriously and try to protect themselves and their money.

This can be as simple as not throwing sensitive personal information in the bin, checking bank statements regularly and flagging anything suspicious, or protecting your PIN when withdrawing cash or using a card to pay in a shop or restaurant. It would be naïve to think we will ever be able to eliminate fraud completely, but there's no reason why we can't all work together to reduce it significantly.