Blog article
See all stories »

It is time for banks to up the ante against fraudsters

There’s no doubt that cyber criminals are becoming increasingly proficient in bypassing traditional fraud prevention tools. Recently the Financial Times reported on the attack on Citigroup – which compromised the account names and numbers of 200,000 Citi card customers  – and a  survey carried out by Unisys  in the first quarter of 2011 reported a four-year high in financial crime in the UK.

At risk of reputational damage and hefty payouts, and faced with increased pressure from regulators to enhance procedures for authenticating online customer accounts, banks are certainly being kept on their toes. So what steps can they take to bolster security?

Moving away from the preventative strategy of passwords and encryption, financial institutions can now adopt a more effective approach to detect crime. Customer behavioural profiling, for instance, can now accurately spot transactional behaviour that is potentially criminal. Taking into consideration factors such as age and postcode, it can carry out peer group analysis, which flags extreme deviations when a customer’s behaviour is significantly different from others in its peer group. Put simply, their behaviour will give them away regardless of what channel they use.

So with front end detection tools, such as ID authentication, no longer resilient enough to single-handedly deter criminals, banks are under pressure to keep one step ahead of their cyber fraudster adversities. Couple this with the significant time and cost savings of back end transactional monitoring and you’ll quickly realise that it’s not a nicety, it’s a necessity.


Comments: (2)

Michael Wright
Michael Wright - Tilte, Taxd, Welleasy - London 27 June, 2011, 15:20Be the first to give this comment the thumbs up 0 likes


I agree that banks should do more - however I'm worried that consumers will cede their responsibility to the banks and reduce their vigilance if they think that the banks will catch fraudulent activity on their behalf.


A Finextra member
A Finextra member 28 June, 2011, 12:37Be the first to give this comment the thumbs up 0 likes


I agreed customer profiling is a valid anti-fraud technique once data has been compromised, but the priority for banks should still be on preventing data loss in the first place. What recent high profile cyber attacks, such as the Citibank breach have highlighted, is the ever-increasing sophistication of security attacks and the volume of highly personal data that banks hold. With fraudulent techniques continually evolving, banks, just like any other organisation that needs to be trusted, must put themselves under constant scrutiny from both internally led teams and independent audit organisations.

In practice, this means ensuring any new or updated applications, whether internal or external facing, are subject to non-functional test cycles, such as penetration testing, before being trusted with any production data. If banks want to keep one step ahead of their cyber fraudster adversaries, the best thing they can do is adequately protect what is arguably their most value asset - their data.

Now hiring