Blog article
See all stories »

An article relating to this blog post on Finextra:

Financial fraud hit 7.5% of Americans in 2008 - Gartner

Around 7.5% of US adults lost money to financial fraud last year, with a string of high profile data breaches the main cause, according to a survey from Gartner.


See article

Data breaches demand earlier detection, better remediation

Data breaches are becoming all too common -- so common and so large in scale that we are rapidly becoming desensitized to the news. But the effect of a data breach has the potential to crush companies. From the direct financial loss, to protecting consumers whose information has been compromised, to dealing with civil legal issues and penalties and fines from law enforcement and government agencies -- all the way thru to the reputational and confidence damage inflicted on brands that are hit by breaches -- the invisible tsunami can be devastating.

Data breaches are often not found, until days, weeks and months after they've actually happened. When they are discovered, it's usually because damage has already been done. In a world of fast-moving numbers where time truly is money.  When seconds are critical, a week or month is an eternity.  Skimming small amounts from millions of compromised accounts used to be the modus operandi to fly under the radar, but now we see the opposite -- attacking a very small percentage of the stolen data in a rapid coordinated strike to use the "needle in a haystack" principle and speed to escape detection. We clearly need better ways of detecting criminal patterns in real time before they've run off with the money.

Unfortunately, there is no data breach alarm that goes off seconds after the bandits have left the vault.  And sophisticated criminal cabals will continue to evolve their strategies to take advantage of stolen data. Offering consumers a year of credit report monitoring just isn't going to cut it in the future, and we are seeing class action suits being filed in a number of prominent breach cases, some claiming damages in the billions.

The starting point of a solution may be to improve door locks, but in a limping economy filled with worried employees and motivated criminals, fraud will keep rising. Our goal must be rapid detection of fraud at source (usually online retailers, where customer-not-present transactions are the norm and the fraudster can pretend to be anyone he wants to be), before the consumer, merchant and banks are all left holding the bag for losses, damaged reputation and severe inconvenience. (I talked about the extraordinary rise in data breaches reported by ITRC in my last blog post and why this is going to lead to even more online fraud.) If we can meet this standard, we'll also make a dent in the horrific .5% conviction rate, which has more to do with the speed and undetectability of criminal activity before they've long vanished, than even with under-reporting.

a member-uploaded image
4513

Comments: (1)

David Divitt
David Divitt - VocaLink - London 10 March, 2009, 12:57Be the first to give this comment the thumbs up 0 likes

I agree and believe advanced detection systems are the most important tool in fighting fraud. The criminals will always find a way in, be it through data breaches, phishing or targeted hacking - the mindset at some institutions has even gone as far as considering the "front door" as untrustworthy.  

This realisation drives the need for sophisticated detection/prevention systems that can gather information about all aspects of transactions and user sessions - not only identifying fraudulent activity for individual users, but extrapolating trends that can even help banks identify the ‘point of compromise’ of data and therefore other cards or accounts that could be at risk. That being said, without the ability to influence the authorisation decision with sub-second response times, institutions will always be at least a step behind.

The other factor that banks need to consider when managing fraud is how they deal with it when it does happen. The best prevention and detection tools available can’t stop all fraud, so banks need to look at the systems and processes they have in place to make sure that any fraud that does happen does not alienate the customer. Identifying fraud quickly and accurately, proper communication, ensuring the consumer isn’t out of pocket – all these factors contribute to the opinion that customers have about how banks protect them, and how likely they are to stay loyal.

 

 

Andre Edelbrock

Andre Edelbrock

CEO

Ethoca

Member since

27 Jan 2009

Location

Toronto

Blog posts

8

Comments

1

More from Andre

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...


See all