Skip to main content Skip to Footer

LATEST THINKING

Converging fraud risk management with IT security

Banks will need to converge fraud risk management and IT security for cyber threats.

Overview

For financial institutions, particularly in the areas of retail banking and payments, there are enormous opportunities to be gained from enhancing their digital offerings to customers. The challenge for banks, however, is to implement these offerings at speed so they can maintain a competitive edge in the market, but without putting security at risk.

In this report, we look at how banks, that have rapidly evolved their technology and service offerings, can re-organize to get their counter-fraud strategies up to the same pace.

Background

Customers today benefit from contactless card payments, mobile banking apps and person-to-person payments. What this means for banks is that in tandem with the technological developments underpinning an ever-increasing set of new service offerings, organized criminals have been developing multi-pronged strategies to exploit fresh weaknesses and vulnerabilities for fraudulent gain.

Traditionally, banks have managed different categories of fraud within silos. As traditional risks converge with new risks, such as cyber threats, banks are becoming exposed to security threats that can fall between the cracks of the various silos. At the same time, organized criminals are targeting several channels.

Analysis

Many banks are unable to connect the dots and spot wider patterns of behavior as a result of historic structures and the lack of a holistic approach to risk and security. Legacy information security, event log management, and fraud and risk management software solutions, which still form the backbone of many risk and security architectures, lack the ability to provide deep insights into real-time user behaviors, transactions and data.

If security solutions remain siloed and banks continue to extend their offerings, then sophisticated criminals will simply bypass existing controls and protections by abusing the business logic across multiple channels.

To fight this organized crime, banks need a sophisticated, organized approach of their own.

Recommendations

Creating an organized approach will require financial institutions to concentrate more of their budget on developing advanced solutions to support the future shape of the industry, rather than focusing investments to respond to issues from past transgressions or remediation activities.

Financial institutions will need to address challenges around:

People - Banks must ensure that there is formalized knowledge sharing between those in the fraud risk function and the IT security function. The wider business must also ensure that these two functions are in a position to be proactive, rather than reactive as has historically been the case.

Process - Banks must shift to enterprise case management, enabling them to look at every fraud or risk case that arises within the organization as a single portfolio, to protect themselves more effectively.

Technology - The foremost technology priority for banks is to ensure that organizational data is freed from silos and shared upon common platforms.

Convergence is a significant undertaking and cannot be achieved overnight. As with any business change of this scale, a phased approach will be required. And importantly, will need to be aligned to the strategy and desired positioning of the bank.