Our 'Newsletter on Financial Fraud' is your monthly insight into the various new fraud types and methods used by fraudsters globally in the banking space.
In this issue, we bring to light the effect of banking fraud creeping in and making banks lose millions to this plaguing menace.
Technology will continue to change the battlefield for fraud in 2016, not only by creating new challenges but also new opportunities for companies to fight fraud and be customer champions while doing so. This is particularly true for the financial-services industry, which will face unique challenges in 2016. Below are five predictions on what will shape the fraud landscape, and the fight to prevent and detect fraud in the year 2016.
Social networks will help fraudsters get more sophisticated - Fraudsters are constantly deploying an array of advanced tactics to obtain personal information. In 2016, as major social networks become more easily searchable, fraudsters will take advantage of these capabilities to target their victims. By closely examining an individual's status, photos, friends, check-ins and location data – all easily searched anonymously – it's getting easier for fraudsters to create more sophisticated social engineering attacks that trick people into revealing additional information.
The coming year is sure to see a level of automation and scale to these attacks that will continue to surprise us all. For consumers, avoiding these attacks means following some basic consumer safety tips: Make your social profiles visible to only friends and family; use strong passwords, change them often; and report phishing attempts.
More fraud will move to mobile. Fraudsters follow the money - As mobile shopping continues to gain popularity with consumers, fraudsters will be sure to up their mobile targets in 2016. Using standard, off-the-shelf capabilities for mobile will fall short. Success in fighting fraud on the mobile platform will depend on how we make innovative use of the unique data and capabilities that the mobile platform creates – from location information to unique IDs. There is opportunity to not only fight fraud well on mobile but also enable user experiences that are intuitive and easy. For instance, the use of fingerprint sensors in mobile devices is making it easier and more secure for people to authenticate.
Financial companies will have to do more with less data - Changes in technology will force companies to do more, but with less data. Today, customers can walk into a store with a mobile phone, and tap it to buy an item. Frequently (especially with NFC-equipped devices), the transaction is tokenized, meaning the merchant doesn't receive any financial or personal information. So instead of knowing customers, merchants find themselves selling to anonymous "guests." As a result, financial companies will need to find unique ways to do more to verify a customers' identity with less information about them.
Advanced machine learning combined with human detectives will be critical for fraud prevention - Just as fraudsters take advantage of new technology, the most important tools we'll see used in 2016 to fight fraud are improvements in technology. However, human intelligence and understanding how your customers interact with your services will remain key to leverage the technology.
Data and advanced analytics will play a larger role in regulatory & compliance efforts - In 2016, private enterprises and government regulators will need to increase discussions about what can and can't be done with big data and unstructured data. The use of data and advanced analytics will not only remain critical in fighting fraud, but will also play a bigger role in other areas key to payments such as anti-money laundering efforts. Tighter collaboration with regulators, combined with greater use of data, will enable an effective and scalable approach to meeting regulatory and compliance requirements, while enabling customer experience that companies can be proud of. For instance, the ability to use existing transaction data to meet "Know Your Customer" requirements will help improve accuracy and eliminate the need for customers to separately upload information like driver's licenses and bank statements.
The ease and flexibility of digital and mobile banking is creating a revolution which is providing consumers with more ways to access their finances than ever before. At the same time however, this convenience and accessibility is opening new doors to fraudsters who are always looking for vulnerabilities to exploit to siphon money from consumer and business accounts. The more that banks open up new channels to allow consumers easier access to their money, the greater the risk that those same channels can be exploited for fraud.
In terms of fraud prevention, both financial institutions and their customers need practical solutions. As a first step, it’s important to identify and implement the easy, tactical things that can provide the most protection. Here are top tips to help protect banks from fraud.
Implement multi-factor authentication- The first step for banks is to implement a robust multi-factor authentication process during account registration. Whether the consumer is registering for online banking at home, or downloading the mobile banking application, having a robust multi-factor authentication strategy that leverages things such as out-of-band authentication is the critical first step in preventing fraud online.
Implement and use online activity logging and behavioural analysis- Monitoring consumer’s online and mobile access to their accounts is a critical component of preventing account takeover. Activity should be tracked to the Device ID or the IP address and monitored for anomalies such as access from foreign countries, access from devices known to be involved in a prior fraud, a high velocity of recent logins, an escalation in bad login attempts and other unusual circumstances. Monitoring online activity is an important component of protecting consumers against online and mobile fraud.
Implement multi-channel fraud and suspicious activity monitoring solutions- A fraud monitoring solution is an important component in protecting against mobile and online fraud. Fraud monitoring platforms have many off-the-shelf capabilities that help banks to prevent, detect and report instances of fraud.
The most critical components that these systems have are:
Enterprise view - The ability to take in multiple sources of data across different channels to get a holistic view of each customer’s account and relationship. This includes checks, electronic payments, access to accounts online and access to accounts through mobile devices.
Scores, rules, and alerts - the ability to generate a risk assessment of a customer’s account based on business rules or sophisticated analytic scoring models that use profiles and other techniques to find fraud and create alerts.
Fraud reporting - the ability to generate business and regulatory reports when fraud does occur so that it can prevented in the future.
Source: Information Age
2015 has proven to be one of the most challenging in terms of the scope and severity of security breaches. The biggest and most interesting known breaches this year affected over 150 million people, putting billions of dollars at risk and costing businesses millions of dollars.
These breaches demonstrate the broad and deep spectrum of the security challenges and impact across the both the public and private sectors. In short, the exposure and problem is real, the impact is significant, and reputations are severely damaged.
What Went Wrong?
A review of the 2015 breach cases reveals several major findings:
Lack of sufficient cybersecurity/information security and risk management – Enterprises failed to provide the necessary cybersecurity/information security and risk management to prevent these breaches.
Disregarded cybersecurity/information security guidelines and standards – Despite being readily available, private sector best practices and government standards and guidelines were not being implemented or followed consistently.
Ignored the cybersecurity/information security professionals – The “corporate information security officers” and hundreds of thousands of certified and noncertified security professionals are available to assist with implementing adequate security controls and risk management processes, but are not being properly empowered and utilized to secure the enterprise.
Insufficient escalation of known risks – In many cases, there was an awareness of these weaknesses/vulnerabilities within the organization, yet inadequate remediation was taken.
Ineffective governance and management structure – Each enterprise has its own character, culture, principles and way of conducting its business or fulfilling its mission. All have some form of governance and management, albeit some more effective than others. In all of these cases, both governance and management failed to provide these enterprises with sufficient cybersecurity/information security and risk management. Governance failed by not providing proper direction and oversight, while management failed by not implementing and monitoring sufficient security/risk controls despite sufficient available guidance and security professionals to prevent the majority of the breaches.
No 'Silver Bullet' Solutions
There is no “silver bullet” that can resolve such challenges, but there are a few basic steps that can be taken to significantly strengthen cybersecurity/information security and risk management across the enterprise:
Governance bodies need to get and stay more engaged in setting cybersecurity/information security and risk management objectives and priorities. Governance must ensure fulfillment of these objectives is monitored and reported on, significant vulnerabilities/risks are identified and escalated, and a risk management decision is made and accepted.
Management needs to ensure enterprise security objectives are defined and accomplished and follow best practices and security risk management guidelines. Management must provide the necessary resources and prioritization to properly implement agreed upon objectives, establish clear lines of authority and responsibility, and ensure all levels of the organization are held accountable. When a significant risk is identified, it must be escalated, monitored consistently and reported upon promptly.
Enterprises must make cybersecurity/information security and risk management a top priority and a critical part of the organizational culture. Awareness training must be implemented throughout all levels of the organization, and compliance of security policies must be demonstrated.
Bank frauds have been in existence from a long time in the form of insider trading, stock manipulation, accounting irregularity etc. But now-a-days the frauds have become more sophisticated and the Indian banking sector is overwhelmed with more advanced frauds.
There are many types of scams prevailing like ID theft, fraudulent documentation and diversion of funds etc., but the leading scam among all of them is Non Performing Assets (NPAs).
This info graphic below reflects the increasing percentage of banking fraud in India year after year.
Archive Section[-]  2018