Reclaim your power in the battle against fraud
As much as 70% of reported economic crimes are committed by internal actors, making internal fraud the biggest risk:
Social engineering is one of the biggest crime threats for banks and other financial institutions. Social engineering attacks rely on human error, so they are hard to predict. Such attacks may progress in one or more steps and regularly defeat all the lower-level IT security measures. Many attacks go undetected for long periods.
Types of social engineering fraud
Invoice fraud is a common way for fraudsters to take money and it can easily go unnoticed as being fraudulent.
Business email compromise fraud involves a hoax email, which fraudulently represents a senior colleague or a customer, who issues instructions such as approving a wire payment or releasing client data.
Phishing scams account for over 90% of data breaches and are growing at more than 65% each year. Many phishing attacks target bank employees, attempting to obtain sensitive information.
SMiShing (SMS phishing) tricks a user into downloading a ‘Trojan horse’ onto a mobile device. The installed piece of malware might steal phone numbers, banking data or spread the virus to all contacts on the phone.
Identity theft & account takeover
Identity theft can take many forms, but account takeover (ATO) is the most prevalent. Fraudsters take over existing accounts to transfer funds to new destination or ‘mule’ accounts at other institutions. ATO takes many forms but the biggest surge has been in online fraud. Funds can be routed to mule accounts in real time and apps have been a catalyst to ATO attacks. Many banks have experienced a ten-fold increase in incident rates within the last year.
Internal Fraud - Enemies Within
Many financial institutions do not realize they have an internal fraud problem because they cannot detect it. Yet it is estimated that about 5% of an organization’s revenue is lost to fraud. The prospect of financial loss can be significant, but this is far outweighed by the risk to reputation and brand. Rulesbased solutions may be incapable of detecting internal fraud or can be easily circumvented. A more sophisticated approach to fraud detection is needed to deliver an integrated solution that can consolidate and analyze data in different formats from multiple sources, as internal fraud can take many forms.
General Ledger Fraud
Sadly, it is often long-term employees who most often abuse positions of trust and privileged access to bank systems and information. The typical internal fraudster has been employed for over 10 years and is familiar with the systems and their shortcomings. For example, certain insiders may have exclusive access to accounts payable or suspense accounts that are used to record loans in process or currency in transit. This can make it easy for experienced employees to move funds between accounts or issue payments to external companies, which may be bogus.
Over time, money can be funneled from general ledger accounts to mule accounts and can easily go unnoticed for a long time. Tackling general ledger fraud requires the right mix of processes and systems. Technology can improve oversight through automated monitoring of journal entries while checking for irregularities.
A Framework for Fraud Detection
A strong system of internal controls
u and auditing is critical. Distributed accountability reduces the potential for identity theft and ATO. Close monitoring is crucial to identify irregularities early and also to act as a deterrent.
Access to customer information must
u also be tightly controlled. Permission should only be granted where it is necessary to perform a clearly defined job. Technology can monitor all systems logins to establish patterns and spot anomalies, such as after-hours logins. Cross-channel monitoring to protect
u multiple portfolios. This is especially important when customers hold products in different channels. Regular training to make staff more
u vigilant. Staff must be aware of their vulnerabilities, especially when they are socially engineered to divulge information or enact payments on behalf of fraudsters.
Don’t react. Outsmart.
When you can predict financial crimes in every channel, you regain power over fraudsters. With highly scalable machine learning and AI capabilities, FIS Memento spots fraudulent transactions across an entire firm in real time and predicts new threats. Plus, you gain all the crosschannel tools your staff needs to efficiently and holistically manage any threat.