Leading corporate, especially from the BFSI sector and often victims of fraud incidences, generally have decent information risk management practices and information security controls in place. Despite this, this sector has been beleaguered with a rise in the number of frauds. A prime reason could be the absence of dedicated fraud prevention tools that can monitor transactions and data trends, and spot anomalies and blow the whistle much before the damage occurs.
Limitations of risk and info sec controls
The existing risk and information security controls implemented by enterprises are not enough to act as fraud prevention tools. Some of the fraud prevention tools are designed to allow access to information assets and activities on a ‘need to know’ basis. Thus, if a user misuses the rights, it may not be detected as harmful by the controls. Solutions like privilege management are restricted to privileged users like system or database administrators and may not cover some high-ranking officials within the organization who may be susceptible to misusing of their powers.
Moreover, information security controls have now graduated from signature-based to behavior-based and the adoption of security incident and event management tools (SIEM) has, to a certain extent, helped in controlling internal threats. Even if a bank or a financial institution has fraud prevention policies and procedures drawn out, it may not be enough. This may help it to prevent the frauds to some extent, but what it needs are technology controls offered by fraud prevention tools.
Selecting fraud prevention tools
Banking companies in India already employ fraud prevention tools to forestall credit card frauds. But this does not mean that debit cards, ATMs, and mobile phones are immune to frauds. Since banks do not conduct customer profiling across channels using a fraud prevention tool, they could miss out on a fraudster using a combination of two to three channels for his exploits.
Research firm Gartner has identified solutions like Actimize, SAS, Northcom that are well known fraud prevention tools. However, an artificial intelligence based system could have the potential to generate false positives.
Features of a fraud prevention tool
• Fraud prevention tools should include rules, anomaly detection, and predictive modeling for fraud detection.
• A fraudster usually uses multiple channels to perpetrate a fraud; hence a fraud prevention tool should maintain a single profile of the customer across all channels such as POS, ATM, branches, etc.
• With more and more banking systems becoming real time, it is necessary for the fraud prevention tools to be able to detect and prevent frauds in real time.
• The tool should integrate with existing authentication systems, thus enabling risk based authentication. It should also be easy to integrate with the core banking applications.
• The fraud prevention tool should allow for a modular implementation.
• The tool should have a robust workflow and case management system for investigation and enterprise view.
• The fraud prevention tool should have efficient response time.
• It should have the ability to detect frauds among employee activities in various departments.
About the author: D P Dubey is the executive director of Paladion, a managed security service provider. He has more than 25 years of experience in the area of technology risk management and has worked with reputed organization like RBI and IDRBT in past. He has authored a book called ‘Information System Audit and Assurance which includes case studies and checklists from the Banking Industry
(As told to Dhwani Pandya)