Fighting Financial Fraud: 4 Pillars of a Successful Defense in Digital Banking
With financial fraud and cybercrime on the rise, many organizations are unsuccessful in protecting their customers despite sizable investments in new tools and technologies. This results in an average cost of around $18 million per organization each year1. In this blog, we take a deeper look at the most common reasons financial institutions are unsuccessful in their defense approach towards their end-users.
There are four key pillars to building a successful financial cybercrime defense: people, process, technology, and governance. Let’s identify some of the most common mistakes and questions that occur when building a cybercrime defense approach and I will propose guidelines to help financial institutions stay on the right track.
Technology is often discussed when it comes to defense. With a wide variety of vendors offering many different tools, it's only natural that you will find the most information on the topic of tools, features and functionality.
So what should you be looking for in terms of tools and technology? Your most important tool will be your fraud monitoring system. In contrast to the more traditional form of fraud monitoring where you are monitoring only financial transactions, today you should monitor all activity on your different digital channels. That means your fraud prevention tools should be capable of complete digital session monitoring, which includes authentication data that often comes from a different device.
From a data perspective, both technical data (e.g., endpoint data, session data, and network information) and business data elements (e.g., financial transaction data and event data) should be used. It is key to bring together business and technical data to build complete digital profiles of your users and their interactions with your channels.
In addition to your fraud detection system, you may want supporting tools such as case management (if not included in your fraud detection system), data visualization and analytics software. These tools can help a financial institution understand their digital ecosystem, speed up investigation and correlate between malicious actors, their properties and your users.
Learn more about the challenges of creating a trusted, secure experience in this interview with Security Guy TV
One of the most common mistakes organizations make when investing in fraud prevention tools and technology is to then hand off the operations to the wrong teams. Not all financial institutions have the mandate, focus, necessary skills or even budget for their anti-fraud operations. In many cases, we see the operations handed over to anti money laundering (AML) or transaction monitoring departments that don’t have the right skills and focus to deal with digital banking session information or that don’t have a deep understanding of how a financial cybercrime attack works and propagates. This leads to improper configuration of tools, incorrect investigations and overall ineffective fraud prevention and protection of users. (That’s not to say it’s not important for these teams to collaborate. It’s essential that they do. The collaboration between cybercrime defense, AML, transaction monitoring and IT Security should be best practice in every organization. As an example, when cybercrime defense identifies attacker attributes, they could also share that information with IT Security so that those same identifiers can be blocked on the entire network. In return, IT Security may already have a list of indicators of compromise that they could share with the cybercrime defense team to watch out for.)
Some of the most important skills for financial cybercrime analysts include understanding network data and applications, combined with a solid business understanding. Knowledge of common types of attacks and how to recognize them using digital banking session information is crucial for a successful fraud analyst. For example, an analyst may know that a phishing attack includes a payment to an unknown beneficiary, but do they also know how to identify the attacker session from a normal user session? Are they aware that a suspicious HTTP referrer in a user session can be an indicator that a user has been phished? Finally, the ability to work with large amounts of data and draw conclusions from it is an important skill when it comes to preventing digital financial fraud.
We’ve found that it is very effective when a dedicated team is created in the organization to focus on financial cybercrime. The team needs to have appropriate budget, focus and mandate to be successful. The size of the team will often depend on the organization’s objectives, budget, size, and overall approach to risk management. It's not always necessary to have a 24/7 team in place, as this can be costly for an organization of small to medium size. Effective use of available tools and automation can reduce the required staff size and save money.
While dedicated financial cybercrime defense teams are often new within financial institutions and not as widely discussed, it is still important to have clear processes and guidelines that can be followed. Thankfully, a lot of existing information from incident response and network defense can be re-purposed to fit this new part of the organization. For example, the NIST incident response framework can easily be optimized towards defending the organization’s users and all assets that are accessed digitally. That means while the definition of an incident may be slightly different, the framework itself still provides excellent guidance in terms of which steps are required.
We also recommended running an attack simulation exercise to test your processes and overall approach to handling an incident.
When establishing your defense department and approach, we recommend you set up a governance forum around it. The governance forum should have stakeholders from different parts of the organization, such as business, risk and IT/development. It’s important to have those areas of the business represented when defining your approach, processes and risk appetite. The forum should also monitor the performance of the defense department against its success criteria once operational.
Fighting Financial Fraud: A Deeper Dive
In upcoming blogs, we will explore these pillars in more detail to provide guidance to organizations interested in building up or enhancing their financial fraud and cybercrime defense department. In the interim, if you want to explore how OneSpan consultants can help you in establishing or enhancing your financial cybercrime defense operation, contact us.