This white paper discusses challenges that financial institutions face in managing enterprisewide fraud. It notes that fraud is increasing in volume and sophistication, targeting the fastest growing channels like online and mobile that are most vulnerable. Traditionally, fraud has been managed within business unit silos rather than taking an enterprisewide view. This allows fraudsters, who view the institution holistically, to exploit inconsistencies. The paper recommends analyzing patterns and perpetrators across the entire enterprise to better prevent, detect, and investigate fraud.
Fraud continues to proliferate across financial institutions, through multiple lines of business and banking channels. Increasingly sophisticated criminal tactics and the proliferation of organized crime rings make detecting fraud difficult and preventing it nearly impossible. Adding to the complexity is increased globalization and growth through mergers and acquisition, which make it harder to effectively monitor multiple portfolios and business lines. The presentation discussus best practices and ideas around the prevention, investigation, and detection of possible fraudulent activities across multiple industries.
This white paper discusses best practices for implementing an enterprisewide fraud management system. It notes that traditional fraud management is fragmented across business units and channels. An integrated approach is needed to detect cross-channel fraud patterns and relationships. The paper recommends a three-step approach: 1) Create an enterprisewide view of customer patterns and perpetrators using data analysis and visualization tools. 2) Prevent and detect fraud across the enterprise in real-time using predictive analytics. 3) Investigate and resolve fraud cases in an integrated environment using case management systems. Adopting these analytics-driven best practices can help financial institutions better manage fraud.
Riesgo Risk Management\'s Fraud Management solution is a cost effective means of implementing a Fraud management system that detects, prevents and mitigates fraud. It has adaptors that may sit on servers and trigger alerts to the Fraud Management dashboard.
SAS Fraud Framework for Insurance, an end-to-end solution for preventing, detecting and managing claims fraud across the various lines of business within today's insurers
Recognized as the industry leader in analytics and with more than 36 years of experi¬ence, SAS provides a framework of capabilities to help insurers significantly improve their fraud management processes. With SAS, you get:
• A hybrid approach to fraud detection, including link analysis
• Streamlined case management. Systematically facilitate investigations, and cap¬ture and display all pertinent information without corrupting the system with duplicate data entry.
• Advanced text analytics and data mining.
Enterprise Fraud Management: How Banks Need to AdaptCapgemini
Fraud prevention is becoming one of the biggest areas of concern for the financial services industry. But first generation Fraud Management systems are falling short. By moving towards more enterprise approach to fraud management, financial institutions can combat the increasingly treacherous fraud and cyber crime landscape while reaping numerous benefits for the organization.
Dear Delegates,
Corporate fraud costs businesses hundreds of millions of dollars each year. It affects livelihoods and is a common
cause of corporate failure. It is the responsibility of the board of directors to prevent fraud by putting in places the
appropriate controls and review procedures. This program shows you why Accounting Information System (AIS)
Threats are ever increasing. Control risks have also increased in the last few years because there are computers
and servers everywhere, and information is available to an unprecedented number of workers. Distributed
computer networks make data available to many users, and these networks are harder to control than centralized
mainframe systems. With the introduction of 3 levels of COSO and value driven ERM, things should be under
control. Recent events at SATYAM proves that in reality things are getting out of control. So, what went wrong ?
Is it time to train the auditors ?
Recognising the challenges that organisations are facing in combating Fraud, CSI In Practice is pleased to present
this 2-days Workshop on Enterprise Fraud Risk Management. This will serve as an excellent opportunity to learn how
best to conduct an internal investigation to protect your organization and step up on controls to deter fraud.
This document discusses operationalizing real-time fraud detection through an integrated decisioning platform. It summarizes fraud loss trends showing check fraud exceeding $1 billion for the first time in 2008. Regulations now allow next-day check availability, benefiting customers but increasing deposit fraud as funds can be withdrawn quickly. The document advocates a unified fraud prevention approach using image analysis and decisioning platforms to enable real-time or near real-time fraud detection across check processing, deposits, and other transactions. This represents a shift from traditional day-two fraud detection practices hampered by paper-based processing.
Fraud continues to proliferate across financial institutions, through multiple lines of business and banking channels. Increasingly sophisticated criminal tactics and the proliferation of organized crime rings make detecting fraud difficult and preventing it nearly impossible. Adding to the complexity is increased globalization and growth through mergers and acquisition, which make it harder to effectively monitor multiple portfolios and business lines. The presentation discussus best practices and ideas around the prevention, investigation, and detection of possible fraudulent activities across multiple industries.
This white paper discusses best practices for implementing an enterprisewide fraud management system. It notes that traditional fraud management is fragmented across business units and channels. An integrated approach is needed to detect cross-channel fraud patterns and relationships. The paper recommends a three-step approach: 1) Create an enterprisewide view of customer patterns and perpetrators using data analysis and visualization tools. 2) Prevent and detect fraud across the enterprise in real-time using predictive analytics. 3) Investigate and resolve fraud cases in an integrated environment using case management systems. Adopting these analytics-driven best practices can help financial institutions better manage fraud.
Riesgo Risk Management\'s Fraud Management solution is a cost effective means of implementing a Fraud management system that detects, prevents and mitigates fraud. It has adaptors that may sit on servers and trigger alerts to the Fraud Management dashboard.
SAS Fraud Framework for Insurance, an end-to-end solution for preventing, detecting and managing claims fraud across the various lines of business within today's insurers
Recognized as the industry leader in analytics and with more than 36 years of experi¬ence, SAS provides a framework of capabilities to help insurers significantly improve their fraud management processes. With SAS, you get:
• A hybrid approach to fraud detection, including link analysis
• Streamlined case management. Systematically facilitate investigations, and cap¬ture and display all pertinent information without corrupting the system with duplicate data entry.
• Advanced text analytics and data mining.
Enterprise Fraud Management: How Banks Need to AdaptCapgemini
Fraud prevention is becoming one of the biggest areas of concern for the financial services industry. But first generation Fraud Management systems are falling short. By moving towards more enterprise approach to fraud management, financial institutions can combat the increasingly treacherous fraud and cyber crime landscape while reaping numerous benefits for the organization.
Dear Delegates,
Corporate fraud costs businesses hundreds of millions of dollars each year. It affects livelihoods and is a common
cause of corporate failure. It is the responsibility of the board of directors to prevent fraud by putting in places the
appropriate controls and review procedures. This program shows you why Accounting Information System (AIS)
Threats are ever increasing. Control risks have also increased in the last few years because there are computers
and servers everywhere, and information is available to an unprecedented number of workers. Distributed
computer networks make data available to many users, and these networks are harder to control than centralized
mainframe systems. With the introduction of 3 levels of COSO and value driven ERM, things should be under
control. Recent events at SATYAM proves that in reality things are getting out of control. So, what went wrong ?
Is it time to train the auditors ?
Recognising the challenges that organisations are facing in combating Fraud, CSI In Practice is pleased to present
this 2-days Workshop on Enterprise Fraud Risk Management. This will serve as an excellent opportunity to learn how
best to conduct an internal investigation to protect your organization and step up on controls to deter fraud.
This document discusses operationalizing real-time fraud detection through an integrated decisioning platform. It summarizes fraud loss trends showing check fraud exceeding $1 billion for the first time in 2008. Regulations now allow next-day check availability, benefiting customers but increasing deposit fraud as funds can be withdrawn quickly. The document advocates a unified fraud prevention approach using image analysis and decisioning platforms to enable real-time or near real-time fraud detection across check processing, deposits, and other transactions. This represents a shift from traditional day-two fraud detection practices hampered by paper-based processing.
Regulations, compliance and overall risk management place a significant operational burden on financial services.
Online lenders are no different. You have to comply with multiple regulatory requirements, and you are- like any other financial service- very susceptible to fraud.
If you want to prevent and reduce loan application fraud, your strategy and fraud detection system should include a combination of identity verification, account onboarding protection, and account monitoring.
In this post, we’ll explain how identity verification and Know Your Customer processes are related, and how you can expand them for better fraud coverage.
We’ve also provided specific recommendations for identity verification security tests, and account origination protection strategies that can help you prevent fraud during the loan application process.
Cyber-attacks destroy the trusted relationship with customers and partners, the lifeblood of financial services. The industry is also behind the curve when it comes to adapting to the changes in working practices and consumer behaviour, driven by rapidly evolving smart devices.
Balancing Security and Customer ExperienceTransUnion
Using Device Insight to Balance Fraud Prevention and Customer Experience
Today, your customer’s device has become their proxy for a large percentage of their online retail and banking activity. By using insight from those devices, you can reduce risk and ensure a smooth experience along the entire customer journey.
In this webinar, you’ll learn from Max Anhoury, our VP of Global partnerships, about:
* Today’s fraud and security trends
* What a fraud ring looks like
* The evolving online experience with EMV
* How to create frictionless security across the consumer journey
MIG has created a dedicated fraud investigation team to help insurance clients minimize losses from fraudulent claims. The team focuses on providing professional, timely, and cost-effective investigative services at every stage of the process. This includes conducting due diligence on claimants to verify information and assess fraud risk. MIG investigators specialize in various techniques like surveillance, neighborhood canvassing, video interviews and electronic report delivery. They help establish the facts of claims objectively to save clients money.
A detailed analysis on one of the biggest data breaches in history...What JP Morgan Chase & Co did wrong and proposed mitigation techniques. The data breach at J.P. Morgan Chase is yet another example of how our most sensitive personal information is in danger.
.
This document provides a risk assessment report on the 2014 data breach at JPMorgan Chase based on the ISO 31000 framework. It summarizes the breach which compromised 83 million customer records, identifies stakeholders, assesses risks, and provides strategic recommendations. The key risks identified are operational, strategic, financial and legal. Recommendations focus on improved controls, authentication measures, and cooperation between the bank and external partners to prevent future breaches.
ThreatMetrix ARRC 2016 presentation by Ted EganKen Lam
ThreatMetrix® is the market-leading cloud solution for authenticating digital personas and transactions on the Internet.
ThreatMetrix analyzes more than 15 billion transactions annually, from 30,000 websites across 4,000 companies globally through the Digital Identity Network. ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain, and lower fraud and operational costs.
Mobile Banking Security Risks and Consequences iovation2015TransUnion
This document discusses mobile banking security risks and consequences. It begins with an overview of how identity can be viewed from the perspectives of the user, attributes, devices, and mobile devices. It then covers evolving guidance from FFIEC on layered security, challenges in assessing risk from transactions, and maturity of mobile banking features. The document argues that updated guidance is needed to address capabilities of mobile banking, big data analytics, and fraud management since the last update in 2011.
Security Compliance Models- Checklist v. FrameworkDivya Kothari
The document discusses and compares three compliance standards - PCI, GLBA, and HIPAA. It categorizes them based on whether they use a checklist model, risk management framework, or a hybrid of both. PCI is described as an industry standard checklist aimed at protecting card data. GLBA uses a risk-based approach giving financial institutions autonomy in compliance. HIPAA takes a hybrid approach with both checklist and risk-based elements, suited to the varied healthcare industry. The intent behind each is also discussed - with PCI providing a standardized baseline, GLBA enabling flexible risk management, and HIPAA's hybrid nature accommodating different entity types. Examples are given of entities that would need to comply with each standard.
The document discusses emerging threats to digital payments and outlines steps businesses can take to protect themselves. It notes that cyber attacks are a major security risk and new payment methods are fueling more attacks. The problems section details how criminals exploit new technologies, learning resources, and expanded access points. It asks questions around detecting and responding to attacks. The solutions section recommends training, vulnerability scanning, network segmentation, access control, monitoring, and intelligence sharing to help close security gaps against sophisticated attackers.
The rise of fraudulent activity is at the top of the list of concerns for treasury today. Even though many organizations are investing in treasury technology, there is still room for improvement. These principles span multiple departments and will guide practitioners to a more well-rounded set of controls.
This slide presentation will provide six straightforward and actionable security principles that can support an organization’s security framework.
The document summarizes a presentation given by Albert Hui on cyber fraud trends at the 2014 Asia-Pacific Fraud Conference in Hong Kong. The presentation covered evolving threats like phishing and whaling attacks, how cybercriminals monetize stolen data and laundering money, and the underground economy and tools that enable cybercrime. It also provided an overview of essential cybersecurity defenses like layered protection, security monitoring, threat intelligence, and incident response capabilities that can help detect and respond to modern cyber attacks.
FICO Falcon Fraud Manager is a leading payment card fraud detection solution that uses advanced analytic techniques and data from billions of accounts to identify fraudulent transactions in real-time. It provides a single platform for detecting debit and credit card fraud. The solution uses patented cardholder profiling and neural network modeling to accurately score transactions and detect unusual spending patterns. It also leverages data from thousands of issuers to identify regional and portfolio-specific fraud patterns. This helps improve fraud detection rates while minimizing customer impact from false positives.
The document discusses cyber security threats facing the financial services industry based on data collected by IBM between 2012-2013. It finds that:
1) Financial services firms experience a high rate of cyber attacks and security incidents, with an average of over 111 million security events and 87 incidents annually requiring action.
2) The most common incidents are malicious code (42% of incidents) and sustained probes/scans (28%). Over half of attacks are carried out by a combination of insiders and outsiders.
3) Most attacks (49%) are opportunistic in nature. Preventable factors like misconfigured systems or end-user errors are the primary reasons for security breaches across industries.
Fair Isaac is a leader in fraud detection and decision management solutions. Their Falcon Fraud Manager uses advanced analytics like neural networks and profiling to detect fraud across multiple channels. It has helped reduce credit card fraud losses significantly. The document discusses how debit fraud is evolving and Falcon Fraud Manager's capabilities for protecting debit transactions through profiling of cardholders, devices, and merchants.
The presentation provides overall insight of operational fraud risk management. It explains the operational fraud risk and mitigation strategies. The role of Internal audit and audit committee is further exemplified
Introduces real-time software systems and discusses differences between these and other types of system. Accompanies video at:
https://youtu.be/_U6Le3_eL2I
This document summarizes a project to reduce fraudulent card transactions for a US national bank. An ensemble technique using logistic regression and K-nearest neighbors was developed to classify transactions as fraudulent or legitimate in real time. The project was estimated to reduce fraudulent losses by $16-18 million while costing $4.2 million to develop. Testing on 1 year of transaction data accurately classified transactions and reduced fraudulent cases by 80-90%, saving the bank $16 million.
This document proposes a mechanism to detect credit card fraud in online transactions using a Hidden Markov Model. The model would classify users as having low, medium, or high spending habits and flag transactions as potentially fraudulent if a user makes a payment outside their normal spending category. The mechanism was implemented using HTML, CSS, JavaScript, PHP, and MySQL and could help reduce fraud by adding an additional layer of security validation for online payments. However, it may not detect all fraudulent transactions accurately as the Hidden Markov Model requires at least 10 prior transactions to properly classify users.
Yesterday Pierluigi Paganini, CISO Bit4Id and founder Security Affairs, presented at the ISACA Roma & OWASP Italy conference the state of the art for the Internet of Things paradigm. The presentation highlights the security and privacy issues for the Internet of Things, a technology that is changing user’s perception of the technology.
Regulations, compliance and overall risk management place a significant operational burden on financial services.
Online lenders are no different. You have to comply with multiple regulatory requirements, and you are- like any other financial service- very susceptible to fraud.
If you want to prevent and reduce loan application fraud, your strategy and fraud detection system should include a combination of identity verification, account onboarding protection, and account monitoring.
In this post, we’ll explain how identity verification and Know Your Customer processes are related, and how you can expand them for better fraud coverage.
We’ve also provided specific recommendations for identity verification security tests, and account origination protection strategies that can help you prevent fraud during the loan application process.
Cyber-attacks destroy the trusted relationship with customers and partners, the lifeblood of financial services. The industry is also behind the curve when it comes to adapting to the changes in working practices and consumer behaviour, driven by rapidly evolving smart devices.
Balancing Security and Customer ExperienceTransUnion
Using Device Insight to Balance Fraud Prevention and Customer Experience
Today, your customer’s device has become their proxy for a large percentage of their online retail and banking activity. By using insight from those devices, you can reduce risk and ensure a smooth experience along the entire customer journey.
In this webinar, you’ll learn from Max Anhoury, our VP of Global partnerships, about:
* Today’s fraud and security trends
* What a fraud ring looks like
* The evolving online experience with EMV
* How to create frictionless security across the consumer journey
MIG has created a dedicated fraud investigation team to help insurance clients minimize losses from fraudulent claims. The team focuses on providing professional, timely, and cost-effective investigative services at every stage of the process. This includes conducting due diligence on claimants to verify information and assess fraud risk. MIG investigators specialize in various techniques like surveillance, neighborhood canvassing, video interviews and electronic report delivery. They help establish the facts of claims objectively to save clients money.
A detailed analysis on one of the biggest data breaches in history...What JP Morgan Chase & Co did wrong and proposed mitigation techniques. The data breach at J.P. Morgan Chase is yet another example of how our most sensitive personal information is in danger.
.
This document provides a risk assessment report on the 2014 data breach at JPMorgan Chase based on the ISO 31000 framework. It summarizes the breach which compromised 83 million customer records, identifies stakeholders, assesses risks, and provides strategic recommendations. The key risks identified are operational, strategic, financial and legal. Recommendations focus on improved controls, authentication measures, and cooperation between the bank and external partners to prevent future breaches.
ThreatMetrix ARRC 2016 presentation by Ted EganKen Lam
ThreatMetrix® is the market-leading cloud solution for authenticating digital personas and transactions on the Internet.
ThreatMetrix analyzes more than 15 billion transactions annually, from 30,000 websites across 4,000 companies globally through the Digital Identity Network. ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain, and lower fraud and operational costs.
Mobile Banking Security Risks and Consequences iovation2015TransUnion
This document discusses mobile banking security risks and consequences. It begins with an overview of how identity can be viewed from the perspectives of the user, attributes, devices, and mobile devices. It then covers evolving guidance from FFIEC on layered security, challenges in assessing risk from transactions, and maturity of mobile banking features. The document argues that updated guidance is needed to address capabilities of mobile banking, big data analytics, and fraud management since the last update in 2011.
Security Compliance Models- Checklist v. FrameworkDivya Kothari
The document discusses and compares three compliance standards - PCI, GLBA, and HIPAA. It categorizes them based on whether they use a checklist model, risk management framework, or a hybrid of both. PCI is described as an industry standard checklist aimed at protecting card data. GLBA uses a risk-based approach giving financial institutions autonomy in compliance. HIPAA takes a hybrid approach with both checklist and risk-based elements, suited to the varied healthcare industry. The intent behind each is also discussed - with PCI providing a standardized baseline, GLBA enabling flexible risk management, and HIPAA's hybrid nature accommodating different entity types. Examples are given of entities that would need to comply with each standard.
The document discusses emerging threats to digital payments and outlines steps businesses can take to protect themselves. It notes that cyber attacks are a major security risk and new payment methods are fueling more attacks. The problems section details how criminals exploit new technologies, learning resources, and expanded access points. It asks questions around detecting and responding to attacks. The solutions section recommends training, vulnerability scanning, network segmentation, access control, monitoring, and intelligence sharing to help close security gaps against sophisticated attackers.
The rise of fraudulent activity is at the top of the list of concerns for treasury today. Even though many organizations are investing in treasury technology, there is still room for improvement. These principles span multiple departments and will guide practitioners to a more well-rounded set of controls.
This slide presentation will provide six straightforward and actionable security principles that can support an organization’s security framework.
The document summarizes a presentation given by Albert Hui on cyber fraud trends at the 2014 Asia-Pacific Fraud Conference in Hong Kong. The presentation covered evolving threats like phishing and whaling attacks, how cybercriminals monetize stolen data and laundering money, and the underground economy and tools that enable cybercrime. It also provided an overview of essential cybersecurity defenses like layered protection, security monitoring, threat intelligence, and incident response capabilities that can help detect and respond to modern cyber attacks.
FICO Falcon Fraud Manager is a leading payment card fraud detection solution that uses advanced analytic techniques and data from billions of accounts to identify fraudulent transactions in real-time. It provides a single platform for detecting debit and credit card fraud. The solution uses patented cardholder profiling and neural network modeling to accurately score transactions and detect unusual spending patterns. It also leverages data from thousands of issuers to identify regional and portfolio-specific fraud patterns. This helps improve fraud detection rates while minimizing customer impact from false positives.
The document discusses cyber security threats facing the financial services industry based on data collected by IBM between 2012-2013. It finds that:
1) Financial services firms experience a high rate of cyber attacks and security incidents, with an average of over 111 million security events and 87 incidents annually requiring action.
2) The most common incidents are malicious code (42% of incidents) and sustained probes/scans (28%). Over half of attacks are carried out by a combination of insiders and outsiders.
3) Most attacks (49%) are opportunistic in nature. Preventable factors like misconfigured systems or end-user errors are the primary reasons for security breaches across industries.
Fair Isaac is a leader in fraud detection and decision management solutions. Their Falcon Fraud Manager uses advanced analytics like neural networks and profiling to detect fraud across multiple channels. It has helped reduce credit card fraud losses significantly. The document discusses how debit fraud is evolving and Falcon Fraud Manager's capabilities for protecting debit transactions through profiling of cardholders, devices, and merchants.
The presentation provides overall insight of operational fraud risk management. It explains the operational fraud risk and mitigation strategies. The role of Internal audit and audit committee is further exemplified
Introduces real-time software systems and discusses differences between these and other types of system. Accompanies video at:
https://youtu.be/_U6Le3_eL2I
This document summarizes a project to reduce fraudulent card transactions for a US national bank. An ensemble technique using logistic regression and K-nearest neighbors was developed to classify transactions as fraudulent or legitimate in real time. The project was estimated to reduce fraudulent losses by $16-18 million while costing $4.2 million to develop. Testing on 1 year of transaction data accurately classified transactions and reduced fraudulent cases by 80-90%, saving the bank $16 million.
This document proposes a mechanism to detect credit card fraud in online transactions using a Hidden Markov Model. The model would classify users as having low, medium, or high spending habits and flag transactions as potentially fraudulent if a user makes a payment outside their normal spending category. The mechanism was implemented using HTML, CSS, JavaScript, PHP, and MySQL and could help reduce fraud by adding an additional layer of security validation for online payments. However, it may not detect all fraudulent transactions accurately as the Hidden Markov Model requires at least 10 prior transactions to properly classify users.
Yesterday Pierluigi Paganini, CISO Bit4Id and founder Security Affairs, presented at the ISACA Roma & OWASP Italy conference the state of the art for the Internet of Things paradigm. The presentation highlights the security and privacy issues for the Internet of Things, a technology that is changing user’s perception of the technology.
Fraud can take many forms but generally involves deception for financial or personal gain. There are three main types of fraud: corruption, asset misappropriation, and financial statement fraud. Fraud is most often committed due to pressure, opportunity, and the ability to rationalize one's actions. Companies can help prevent fraud by breaking this fraud triangle through strong internal controls, monitoring, and creating a culture of integrity and accountability.
Big data analytical driven fraud detection for finance; banks and insuranceSyed Danish Ali
Big data and machine learning analytics can help banks and insurers combat fraud and reduce losses from hacking. Techniques like anomaly detection can flag suspicious transactions to identify issues before they become major problems. While not a perfect solution, these tools provide insights and alerts that go beyond traditional methods. Their use can decrease fraud incidents and strengthen organizations' technological defenses, but hacking will still remain an ongoing challenge given human factors and hackers' continuing innovation.
SAS - A Unified Front- Making the Case for Integrating Fraud and Anti-Money L...Vivastream
This white paper discusses the growing threats of financial crime like fraud and money laundering due to increasing sophistication of criminals and new payment technologies. It notes that losses from fraud have cost companies billions and that criminals are exploiting new electronic channels like mobile payments which are expected to grow rapidly. The paper argues that traditional approaches to combating financial crime are insufficient for these new threats and that integrated fraud and anti-money laundering systems with advanced analytics are needed.
This document discusses cybercrime and its economic impacts. It reports that the global cost of cybercrime is estimated to be $445 billion annually, and that over 800 million people were affected by cyber espionage and theft in 2013. Financial losses from cybertheft could cause up to 150,000 job losses in Europe. Cybercrime damages trade, competitiveness, innovation and global economic growth by slowing the pace of innovation. Governments are called on to systematically collect and publish cybercrime data to help countries and companies assess risks and policies.
Part of the Rosetta series of communications studies, this article uses real-world case studies of fraud to look at how organizations have managed issues and crises.The article provides tools to help organizations more effectively manage these sorts of situations.
This paper was presented at several conferences around the world, it is a few years old, but the concepts, trends and risks identfied in the is paper are still relevant today
Payment card fraud costs billions each year and is becoming more sophisticated. An online carding course was designed to teach novice criminals carding techniques over 6 weeks with 20 lectures and instructors. The course cost nearly $1000 and taught students how to make thousands each month. It covered buying stolen credit card details from online shops, committing fraud, and cashing out illegally obtained goods. Understanding these courses helps defenders address the latest criminal methods.
State of Cyber Crime Safety and Security in BankingIJSRED
The document discusses cybercrime threats facing the banking system, including online fraud, malware, and hacking. These threats have grown significantly over the past 20 years, costing banks billions annually. Common cybercrimes impacting banks are phishing, identity theft, ransomware, and money laundering. To improve security, banks need better authentication systems, employee training, and integrated cybercrime laws. Overall, the rising costs of cybercrime pose a major risk to banks that must be addressed through increased security efforts.
Securing information in the New Digital Economy- Oracle Verizon WPPhilippe Boivineau
Situation : A lucrative information black market has created a data breach epidemic. The perimeter security that most IT organizations depend on has become largely ineffective.
Why it matters : IT organizations devote almost 70% of security resources to perimeter security controls, but while
the threats are external, the vulnerabilities exploited are mostly internal.
Call to Action : Securing the new digital economy means thinking security inside out and focusing more on data and
internal controls.
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Tech and Law Center
The document discusses cybercrime and digital investigation. It begins with defining cybercrime and listing its common forms. It then discusses the underground economy of cybercrime, describing how criminal networks operate similarly to legitimate businesses. Several specific cybercrimes are examined in depth, including malware, data theft, identity theft, phishing, and botnets. The document also profiles some case studies of major cybercriminal groups and hacking incidents to illustrate how crimes are committed. It aims to outline the scope and techniques of cybercrime threats.
The document discusses current trends in online payment fraud, including how fraudsters use increasingly sophisticated methods like malware, phishing, and stolen credit card numbers. It provides statistics on the scale of the online "shadow economy" and common fraud detection tools. The document recommends merchants strengthen protections by knowing their enemies' methods in order to help reduce fraud losses.
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docxwlynn1
Running head: HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1
How to avoid internet scams at the workplace
Christophe Bassono
CIST3000: Advanced Composition IS&T
Amanda L. Gutierrez, M.S. & M.A.
UNO-Fall 2018
HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 2
Online Fraud: How to Avoid Internet Scams in the Workplace
This section outlines how the researcher envisions presenting the report. The outline
demonstrates the different sections in which the report will be broken into and the
information that will be contained in each section
Introduction
Definition
Online fraud refers to deceitful schemes that are done using the internet. Online fraud may
come in the form of financial theft, identity theft or a combination of both.
History of Online Fraud
An influx of online fraud began to be experienced in the 1990s with the increased technology
use and e-commerce. In the beginning, online fraud was done by using the names of famous
celebrities of the time to commit internet crimes. Over time, more technical and sophisticated
plans were developed such as creating card-generator applications with real credit card
numbers, setting up dummy merchant websites and mass identity theft. Today, despite
attempts by various governments to regulate and mitigate online fraud, more sophisticated
online fraud schemes have been established ranging from credit card fraud to phishing,
hacking, and identity theft (Saeger & Probert, 2015).
In the recent past, computer fraud has evolved through a series of advancements outplaying
the traditional security defenses such as the two-factor authentication, antivirus, and SSL
encryption in the process. Zeus and SpyEye are the most common attack tools used by
hackers since they support the gathering of vast volumes of extremely sensitive
authentication data. It has been established that no single application is immune to attacks
and the malicious attackers are focusing more on online banking accounts because they offer
HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 3
most direct payoff. Online fraud is based on three core technologies: the botnet controllers
capable of handling hundreds of thousands of bots, highly effective data collection, and
sophisticated Trojans that are updateable.
Form grabbing for PCs running IE/Windows has been a simplified approach for fraud. The
technique helps attackers to extract data within browsers. The deployment of form grabbing
on compromised PCs allowed hackers to obtain numerous numbers of online bank account
IDs and passwords. The password-based authentication was termed no longer safe for online
banking prompting the introduction of two-factor authentication (Mellinger, 2011).
Nevertheless, criminals still found the loophole that helps them to challenge the security of
two-factor authentication through web injects. Malicious attackers that promote online fraud
have created various techniques.
Study: Identifying Fraud and Credit Risk in the Smallest of Small Businessesclaytonroot
XOR conducted a study analyzing nearly 6 million small business applications from 2011-2014 to identify patterns in small business fraud and credit risk. They developed models to predict fraud and credit risk by matching applications across industries and incorporating alternative data sources. The study found that cross-industry data sharing improves risk predictions and that small business fraud patterns are becoming more sophisticated over time. XOR's new risk models can help reduce $1 billion in annual losses for small business accounts.
Fraud is becoming a highly lucrative and organized criminal industry. Today's fraudsters operate openly like legitimate businesses, recruiting top talent from universities. They leverage advanced technologies like machine learning and collaborate in large organized groups. First Data works to combat fraud through solutions that analyze transactions in real-time to identify 80% of fraud attempts before they happen. They also mine data from billions of transactions to identify compromised information early and warn institutions to prevent criminal use of stolen data. First Data's large dataset and machine learning capabilities help them continuously improve fraud detection and outsmart increasingly sophisticated fraud organizations.
FraudDECK includes pre-packaged business workflows for transaction surveillance across ATM & POS channels. It can be extended to facilitate surveillance of fraudulent transactions on other channels like mobile banking or payment transactions like Wire fraud or AML. For more information please visit: http://www.esq.com/transaction-surveillance/
This research paper analyzes ATM fraud, including cash withdrawal fraud, fund transfer fraud, password hacking, and pin misplacement. The paper proposes combining biometric identification like thumbprint scans with PINs to authenticate ATM users and reduce fraud. Currently, fraudsters can use stolen card information and PINs obtained through phishing emails to commit ATM fraud. The paper suggests designing ATMs with integrated biometric scanners without slowing down transaction speeds to strengthen security.
A Contextual Framework For Combating Identity TheftMartha Brown
Identity theft is a growing problem, with reported cases in the US rising 33% from 2002 to 2003. The framework proposes that there are four main stakeholders in combating identity theft: identity owners, identity issuers, identity checkers, and identity protectors. Each stakeholder plays a distinct role through prevention, detection, and legal prosecution activities, and they must collaborate for effective identity management. The framework provides a way to understand identity theft risks, develop solutions, and evaluate prevention and detection methods from multiple perspectives.
Shield - Stay one Step Ahead Using TechnologyShield
In 2018, the World Economic Forum released data that highlighted fraud and financial crime as a trillion-dollar industry. Watch the presentation or read the blog to know more at https://bit.ly/3KyfAxF
IRJET- Credit Card Fraud Detection using Hybrid ModelsIRJET Journal
This document discusses credit card fraud detection using hybrid models. It begins by introducing the problem of credit card fraud and how billions of dollars are lost to fraud each year. The document then discusses how standard models and hybrid techniques using AdaBoost and majority voting are used to detect fraud. Experimental results on a public credit card dataset and a private dataset from a financial institution show that the majority voting technique achieves good accuracy in detecting fraud cases. The key challenges in credit card fraud detection are also summarized, such as imbalanced data, different costs of misclassification, overlapping data patterns, lack of flexibility, and fraud detection costs.
An overview of plastic card frauds and solutions for avoiding fraudster trans...eSAT Journals
Abstract Payment card fraud is causing billions of dollars in losses for the card payment industry. Besides direct losses, the brand name can be affected by loss of consumer confidence due to the fraud. As a result of these growing losses, financial institutions and card issuers are continually seeking new techniques and innovation in payment card fraud detection and prevention. Credit card fraud falls broadly into two categories: behavioral fraud and application fraud. Credit card transactions continue to grow in number, taking an ever-larger share of the US payment system and leading to a higher rate of stolen account numbers and subsequent losses by banks. Improved fraud detection thus has become essential to maintain the viability of the US payment system. Increasingly, the card not present scenario, such as shopping on the internet poses a greater threat as the merchant (the web site) is no longer protected with advantages of physical verification such as signature check, photo identification, etc. In fact, it is almost impossible to perform any of the ‘physical world’ checks necessary to detect who is at the other end of the transaction. This makes the internet extremely attractive to fraud perpetrators. According to a recent survey, the rate at which internet fraud occurs is 20 to25 times higher than ‘physical world’ fraud. However, recent technical developments are showing some promise to check fraud in the card not present scenario. This paper provides an overview of payment card fraud and begins with payment card statistics and the definition of payment card fraud. It also describes various methods used by identity thieves to obtain personal and financial information for the purpose of payment card fraud. In addition, relationship between payment card fraud detection is provided. Finally, some solutions for detecting payment card fraud are also given. Index Terms: Online Frauds, Fraudsters, card fraud, CNP, CVV, AVS
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Similar to Sas wp enterrprise fraud management (20)
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
How Can Hiring A Mobile App Development Company Help Your Business Grow?ToXSL Technologies
ToXSL Technologies is an award-winning Mobile App Development Company in Dubai that helps businesses reshape their digital possibilities with custom app services. As a top app development company in Dubai, we offer highly engaging iOS & Android app solutions. https://rb.gy/necdnt
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
Unveiling the Advantages of Agile Software Development.pdfbrainerhub1
Learn about Agile Software Development's advantages. Simplify your workflow to spur quicker innovation. Jump right in! We have also discussed the advantages.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
UI5con 2024 - Bring Your Own Design SystemPeter Muessig
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
SMS API Integration in Saudi Arabia| Best SMS API ServiceYara Milbes
Discover the benefits and implementation of SMS API integration in the UAE and Middle East. This comprehensive guide covers the importance of SMS messaging APIs, the advantages of bulk SMS APIs, and real-world case studies. Learn how CEQUENS, a leader in communication solutions, can help your business enhance customer engagement and streamline operations with innovative CPaaS, reliable SMS APIs, and omnichannel solutions, including WhatsApp Business. Perfect for businesses seeking to optimize their communication strategies in the digital age.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
1. WHITE PAPER
Enterprisewide Fraud Management
Analytically powered best practices for detecting, preventing and investigating
fraud in financial institutions
2. i
ENTERPRISEWIDE FRAUD MANAGEMENT
Table of Contents
Introduction......................................................................................................1
Outwitting the Criminal Mind – The Challenges..............................................3
Bank Fraud Is Increasing in Volume and Sophistication ..............................3
The Fastest-Growing Channels Are Also the Ones Most at Risk...................3
Fraud Is Usually Managed in Business Unit Silos.........................................4
Cross-Channel Fraud Is Widespread.............................................................4
Fraud Detection Has Been Sketchy..............................................................5
Slow Detection Leads to Higher Losses.......................................................5
The Trouble with Traditional Fraud Management...........................................6
Best Practices in Fraud Management – Combating Fraud with the
Technology Available Today.............................................................................7
Step 1: Create an Enterprisewide View of Patterns and Perpetrators..........7
Step 2: Prevent and Detect Fraud in an Enterprisewide Context..................7
Step 3: Investigate and Resolve Fraud in an Integrated Environment........11
Future Trends in Enterprise Fraud Management...........................................11
Closing Thoughts............................................................................................12
About SAS.......................................................................................................14
3. ENTERPRISEWIDE FRAUD MANAGEMENT
ii
Ellen Joyner-Roberson, Fraud and Financial Crimes Marketing Manager for
SAS, is responsible for defining industry strategy for the global banking segment.
She has 25 years of experience in the application of information technology to
solve customer needs, including a focus on the financial services industry for
more than 20 years.
4. ENTERPRISEWIDE FRAUD MANAGEMENT
Introduction
Sue was just buying pillowcases, paying with the store’s own credit card. But
within days, that card number would reach a fraudster in Florida, who would punch
out new plastic with her number – later, it would be used to buy dozens of store gift
cards at a time, each for an amount just under the review limit.
The debit card came back to the table in no time, and Robert signed the tab for
dinner. He made sure only the last four digits of his card number were displayed on
the merchant’s copy. But Robert didn’t know that in the 30 seconds the waiter had
the card, he had photographed both sides with his cell phone – and would later
use the account to order merchandise and concert tickets by phone.
These events are everyday occurrences – thousands of times a day, actually. In the
first case, the store’s parent company detected the security breach, but only after
three years, 200,000 counterfeit cards and US$1 million in fraudulent purchases.
And if Robert opened his bill to find surprise charges he didn’t make, he was in
very good company; identity fraud is an estimated US$54 billion crime. Some
11.2 million Americans were victimized by card fraud in 2010 – an increase of
12 percent – which was the highest level since the Identity Fraud Survey Report
survey began in 2003, according to Javelin research.1
His bank’s zero liability policy
meant Robert didn’t have to pay the charges, but the bank did.2
1 Kim, Rachel and Monahan, Mary. Javelin Strategy and Research, Identity Fraud Survey Report.
February 2010.
1
6. ENTERPRISEWIDE FRAUD MANAGEMENT
3
“Interestingly, while FSIs struggle
to capture a full view of each
customer’s relationship with the
institution, enterprising fraudsters
are already achieving this
understanding as they strive to gain
more information about financial
services and products to exploit.”
Rodney Nelsestuen
Senior Analyst, Financial Strategies
and IT Investments, TowerGroup
Outwitting the Criminal Mind – The Challenges
Financial services institutions are well aware of the negative impact of fraud. Even
at industry average levels, fraud hurts an institution’s reputation, customer loyalty,
regulatory compliance and the bottom line. But even the most well-intentioned financial
institutions face some daunting challenges in this area.
Bank Fraud Is Increasing in Volume and Sophistication
“The credit and debit card fraud category of financial services is among the fastest-
growing and best-known means of criminal profit,” says Rodney Nelsestuen of
TowerGroup. “What makes card fraud of great concern is the fact that international
organized crime rings are often involved, turning card fraud from random criminal
activity into industrial-strength enterprises.”5
The sophistication of their tactics makes detecting fraud difficult and preventing it
nearly impossible, especially as the volume of bank transactions grows by about 10
percent a year.
The Fastest-Growing Channels Are Also the Ones Most at Risk
ATM and branch office transaction volumes are flat (as a percent of total transactions),
while call center channels are growing modestly, and electronic access (online and
mobile) is booming. According to research firm IDC, the number of mobile devices –
from smartphones to tablet PCs – accessing the Internet by 2013 will surpass 1 billion,
creating more opportunities for cybercrime.6
Unfortunately, these fastest-growing channels are also the most vulnerable. The
FBI has observed a trend in which cybercriminals — using the compromised online
banking credentials of US businesses — sent unauthorized wire transfers to Chinese
economic and trade companies located near the Russian border. As of April 2011, the
total attempted fraud amounts to approximately $20 million; the actual victim losses
are $11 million.77
5 Nelsestuen, Rodney. TowerGroup. Surrounded by the Enemy: The Case for Enterprise Fraud
Management. March 2008.
6 Shah, Agam. “IDC: 1 Billion Mobile Devices Will Go Online by 2013.” CIO.com.
www.cio.com/article/510440/IDC_1_Billion_Mobile_Devices_Will_Go_Online_By_2013.
Dec. 9, 2009.
7 Fraud Alert Involving Unauthorized Wire Transfers to China. Internet Crime Complaint Center.
April 26, 2011.
“A broad approach will avoid
redundant project work, minimize
system platforms and the number
of vendor partners, increase
staff productivity, and – most
importantly – catch more fraud.”
Gartner, Inc.
Avivah Litan
Gartner Research Enterprise Fraud
and Misuse Management Solutions:
2010 Critical Capabilities
October 2010
8. ENTERPRISEWIDE FRAUD MANAGEMENT
Fraud Detection Has Been Sketchy
About half the time, fraud is detected by the victims themselves when they review a
monthly statement or are turned down for credit. Imagine the loss of confidence a
consumer would feel to discover fraud before the bank did. Only about 25 percent of
the time does the bank detect the fraud first.
Slow Detection Leads to Higher Losses
Speed is crucial. According to the 2010 Identity Fraud Survey Report, victims who
detected the fraud within 21 hours were defrauded for an average of $373. Victims
who did not discover the fraud up to a month later suffered an average loss of $572.
Those who took up to five months lost nearly three times as much ($1,207) as victims
who detected the fraud within one day.9
This, of course, is no surprise. What can be
a surprise is how much that figure escalates when you add associated costs, such as
lost wages, loss of goodwill and legal fees.
Collectively, these realities create a daunting environment for financial
services institutions:
• They would like to accurately identify the patterns and perpetrators, but they
usually lack the analytical modeling rigor to establish a strong defense.
• They would like to identify cross-channel fraud, but their operational systems
often don’t cooperate well across organizational boundaries.
• They would like to monitor every transaction in real time, but they can’t alienate
customers and merchants with long processing times.
• They would like to implement rigorous rules to detect fraud, but they know they
would turn up a lot of false positives that are costly and fruitless to investigate.
• They would like to unify the fraud management process, but disparate data sources
and cryptic interfaces make the system inaccessible to all but a few people.
9 Kim and Monahan. Javelin. Identity Fraud Survey Report.
5
“EFM also analyzes behavior among
related users, accounts or other
entities, looking for organized
criminal activity, fraud rings,
corruption or misuse.”
Gartner, Inc.
Avivah Litan
Gartner Research Enterprise Fraud
and Misuse Management Solutions:
2010 Critical Capabilities
October 2010
9. ENTERPRISEWIDE FRAUD MANAGEMENT
The Trouble with Traditional Fraud Management
To detect fraudulent activity, many banks use transaction monitoring systems – often
homegrown, niche software that requires manual intervention. Still, traditional systems
can work well for detecting individual real-time, point-of-sale fraud. But that’s only one
slice of the fraud pie, and not the biggest slice either.
Few banks have strong, enterprisewide fraud management programs that can correlate
a customer’s behavior across all contact channels and products to identify bust-out
scenarios, social networks and cross-channel fraud. “An institution may have state-
of-the-art security and fraud detection technologies and procedures to protect its
deposit lines of business, but not the same for small business banking or third-party
investments delivered by an alliance partner,” wrote Nelsestuen.10
Furthermore, even the fraud management process itself is fragmented. “Fraud
detection, alert and case management practices are still too often viewed as separate
activities, when in fact they should be managed as a whole,” says Nelsestuen.11
To support real-time monitoring of all types of transactions across all channels – while
adhering to constantly changing regulations such as the authentication guidelines first
established in 2005 – financial institutions must update their fraud prevention practices
along with related fraud technology.
The ideal result would be a fraud management solution that:
• Protects against fraud at the point and time of transaction.
• Accurately detects incidents of fraud in completed transactions.
• Spans all the ways customers interact with the institution.
• Provides structured oversight for the fraud management program.
This is not a halcyon vision. The technology is available today.
Let’s take a look at how a robust, enterprisewide fraud management system can
redefine the economics of fraud. We’ll walk through the process with a hypothetical
bank based on a real one – we’ll call it First Best Practice Bank (FBPB) – a multiservice
institution with more than a million active cardholder accounts.
10 Nelsestuen, Rodney; TowerGroup, Surrounded by the Enemy: The Case for Enterprise Fraud
Management, March 2008.
11 Nelsestuen, TowerGroup, Surrounded by the Enemy.
6
“We estimate that this market
will grow at least 15 percent in
2011, mainly because global FIs
are investing in EFM technology
against a backdrop of increasingly
frequent and sophisticated fraud
attacks, and because they want
to achieve operational efficiencies
by consolidating fraud prevention
and financial crime efforts across
the enterprise.”
Gartner, Inc.
Avivah Litan
MarketScope for Enterprise Fraud
and Misuse Management
January 14, 2011
10. ENTERPRISEWIDE FRAUD MANAGEMENT
7
Best Practices in Fraud Management – Combating Fraud
with the Technology Available Today
In 2011, First Best Practice Bank (FBPB) implemented a complete, end-to-end IT
platform for detecting, preventing and investigating both opportunistic and organized
first-party fraud. To begin with, they wanted real-time scoring of all card transactions –
purchase, payment and non-monetary – for faster, more accurate fraud detection on
a global scale. Ultimately, they hoped to prevent fraud before it happened, even as the
fraudsters evolved their methods and hid their deeds in obscure relationships.
Step 1: Create an Enterprisewide View of Patterns and Perpetrators
The new system enabled FBPB to create a true enterprisewide view of fraud. The
knowledge base incorporates data from operational/transactional systems across
separate business units, from Human Resources and audit records, even from external
data sources such as fraud consortium databases. Integrated data quality routines
cleanse and validate the data.
FBPB customized the system with fraud models unique to the institution. Since there
were no preconfigured system limits on rules, they created a deep set of complex rules
for identifying potential fraud.
Step 2: Prevent and Detect Fraud in an Enterprisewide Context
Analytics reveal potentially suspicious patterns and transactions
FBPB’s fraud system goes beyond the typical customer view to provide a holistic view
of fraudulent activity – including related perpetrators and unrelated channels – and
enables a much deeper understanding of customer behavior.
Each transaction – account opening, ATM access, online banking transaction, wire,
ACH, call center encounter, etc. – is passed through a set of rules and predictive
models. In real time, the system checks transaction activity against vast, enterprisewide
intelligence about the customer and potentially suspicious behaviors. Is this an
unusually large deposit for this individual? Is this account linked to another known to be
in a suspected fraud ring? Does this entity hold multiple accounts or similar identities in
unusual ways?
Within milliseconds (for most transactions), the system delivers a score that accurately
predicts fraudulent activity – within or across channels. Even though the system can
operate on billions of records, this transaction monitoring doesn’t bog down real-time
decision making and authorization.
“As financial institutions become more
sophisticated in their fight against
fraud, they are going to demand
software solutions that provide more
flexibility in addressing emerging
fraud issues, analyzing transactions
and activities in real or near-real time
and identifying fraudulent activity
that spans diverse data sources and
payment channels.”
Dan Barta
Director, Enterprise Fraud and
Risk Strategy, SAS
11. 8
ENTERPRISEWIDE FRAUD MANAGEMENT
Every night, FBPB also runs a batch process of existing customer accounts to
detect and investigate existing fraud as well as prevent new fraud. The system
parses the data and creates a complete update of all account holders and their
key linking attributes. Driven by metadata, all records are exhaustively linked based
on combinations of attributes within the data. Then, using statistical techniques,
common entities are identified and collapsed to produce single views of entities within
networks. Discrete bounded networks within the data are also generated, representing
statistically relevant groups of activities and relationships.
An advanced scoring engine uses independent and combined scores based on three
core processes:
• Application scoring based on scorecard-driven models and text analysis.
• Scoring of individual customers and their full histories.
• Scoring of associated networks, including behavioral data (transaction patterns,
network growth rates, activity levels) and other data provided (current/previous
addresses, contact numbers, employers).
Shorthand customer signatures
Customers are not static. Their personal or professional conditions change. A fraud
management system should recognize and work within this dynamic reality. But how
do you capture it? It would be unrealistic to try to assess every data point around a
customer with every transaction. And if you wait 90 days for a quarterly report, the
opportunity to respond to a change of state may have passed.
The answer can be to use customer signatures – sets of data elements that sufficiently
capture a customer’s state. Examples might be dollars spent on airfare, cash
withdrawals from a credit account or transactions over the median for the cluster.
These data elements are established using regression and correlation analysis. They
then can be used in a shorthand method of identifying the customer’s state – and the
associated marketing opportunities or risk.12
12 Tubin, George. TowerGroup. Consumer Banking Fraud Trends: Welcome to the No-Hype Zone.
May 2008.
“Real-time transaction monitoring
is key to mitigating fraud.”
George Tubin
TowerGroup
Consumer Banking Fraud Trends:
Welcome to the No-Hype Zone
May 2008
12. ENTERPRISEWIDE FRAUD MANAGEMENT
9
Is real-time transaction monitoring too cumbersome?
Historically, running thousands of transactions an hour through a host of complex rules
could have been a slow process, noticeably delaying authorization. New processors
and processing techniques have radically changed that, so real-time monitoring is
feasible even for billions of records.
For example, a bank with 30 million active cardholders in the US adopted SAS®
Fraud
Management to check every credit card transaction. In the first three months, this bank
reported the following results:
• An 87 percent increase in the number of card transactions and customer
information processed, while reducing mainframe processing overhead
12 percent – resulting in a 53 percent decrease in mainframe processing cost
per data item.
• A 30 percent decrease in the computing resource cost of processing card
transactions flagged as potentially fraudulent.
• A 10 percent increase in efficiency by agents investigating potentially
fraudulent cases.
Furthermore, the bank reduced IT costs by eliminating three software applications that
were no longer needed with their new, integrated fraud management system.
Alerts from multiple systems are aggregated and
systematically managed
FBPB’s fraud management system aggregates and prioritizes alerts from the bank’s
various fraud detection and money laundering tools. Alerts from all these different
systems are correlated to provide a full picture of the risk associated with an account
or relationship. Analytics can be applied to the alerts to post-score, determine how to
route alerts and support other case management decisions.
An alert database stores the alerts and the results of their disposition. This database
itself becomes a valuable resource for fraud management in several ways:
• Analysts can mine this alert data to determine how well fraud management
tools are generating and feeding the alert management system and to better
understand the nature of false positives.
• The database can automatically communicate with the bank’s host systems
about interventions that have taken place, such as holds placed on funds’
availability, account closure or other actions.
• Performance management systems can use the statistics and metrics associated
with alerts to assess the success of fraud detection and prevention initiatives.
“ In many cases, the lack of
transparency into the risks a
company takes is due to poor
operational control and reporting. …
Technologies are available that can
help overcome these challenges. …
These technologies [include] flexible,
broader approaches such as SAS’
enterprise case management.”
Rodney Nelsestuen
TowerGroup
The Global Imperative for Better
Operational Risk Management: EU
Financial Industry Leads the Way
May 2, 2011
14. ENTERPRISEWIDE FRAUD MANAGEMENT
11
Step 3: Investigate and Resolve Fraud in an Integrated Environment
Entities and transactions that have been flagged for review are automatically sent to
an integrated case management component. Suspicious cases are automatically
assigned to an investigator. When an investigator logs into the system, he or she is
presented with a list of tasks and a structured environment in which to manage them.
Information is entered in smartforms that are dynamically linked to workflows. The
investigator can:
• See active and pending tasks in context in a visual workflow diagram.
• Display details by case.
• Add freeform notes to the case diary.
• Auto-generate letters from predefined templates and customer
database information.
• Generate summary and detail reports on demand.
The case management component is modular, so it is easy to update as regulations
and circumstances change.
Investigators know their time will not be wasted. Between real-time transaction
monitoring and batch processing, FBPB now sees far fewer false positives. Whereas
traditional approaches yielded one accurate fraud hit for every 30 cases referred for
investigation, the new solution can accurately identify one instance of fraud in every
three – a big improvement.
The case management component also measures productivity and other information
to help direct the fraud management function more effectively. For FBPB, the
automated system with network visualization has reduced the time and effort of
investigating organized fraud by 50 percent to 66 percent. A securities firm reported
that the increase in productivity has enabled them to conduct the same volume of
investigative activity with 26 percent fewer work-hours.
Future Trends in Enterprise Fraud Management
To more effectively prevent future losses, fraud management systems will have
to become self-learning, adaptable to a dynamic environment and evolving
fraud techniques.
Financial institutions already can seamlessly test the effectiveness of fraud-detection
rules and models – and update them when test reports indicate the need. Ideally
though, the system would automatically capture the outcomes of investigations and
reuse those outcomes in future scoring. Models would thereby adapt readily to new
knowledge and continually be refined. Auto-generated network diagrams would
enable strategists to see patterns and symptoms that lead to improved controls and
new monitoring techniques.
“Case management not only provides
a tool for corporate security to
record losses and develop cases
for civil and criminal litigation; it also
provides a repository for detailed
information about fraud exposure
that is essential for maximizing the
effectiveness of fraud detection tools
across the organization.”
Dan Barta
Director, Enterprise Fraud and
Risk Strategy, SAS
“Banks are increasingly looking
to buy EFM and financial crime
software that helps them manage
financial regulatory programs from
the same vendor.”
Gartner, Inc.
Avivah Litan
MarketScope for Enterprise Fraud
and Misuse Management
January 14, 2011
16. ENTERPRISEWIDE FRAUD MANAGEMENT
13
• Data analysis and alert generation: The ability to assimilate data from multiple
sources and apply predictive analytics to accurately assess transactions, activities
and customer state in real time.
• Alert management: The mechanism for accepting, prioritizing and distributing
alerts from the various fraud detection and money laundering tools used across
the enterprise.
• Case management: A structured environment in which to manage
investigation workflows, document loss incidents and report on fraud
management performance.
The technology to implement this approach is available today. The right platform will:
• Integrate with the bank’s existing cardholder and authorization systems.
• Create and manage “signatures” that identify an account holder’s total
behavioral profile.
• Use sophisticated analytic models and business rules to perform on-demand
scoring.
• Make information and alerts immediately available to the people who need
this information.
• Provide a structured environment to manage investigations and
track performance.
The benefits of this approach are substantial. A financial institution could:
• Gain a holistic view of fraudulent activity, including related perpetrators and cross-
channel fraud, and gain a much clearer understanding of customer behavior.
• Improve investigator efficiency with unique network visualization, data drilldown
and other investigation tools.
• Increase ROI per investigator through fewer false positives, prioritization of higher-
value networks and more accurate investigations.
• Prevent future fraud by better understanding emerging threats and taking the right
proactive action.
• Extend the value of the fraud management solution by using it to prioritize alerts
for anti-money laundering, credit risk and marketing applications.
Losses stopped. Fraud avoided. Time saved. The ROI comes from many directions.
TowerGroup estimates that for every dollar spent on fraud management, the enterprise
gains back as much as $8. If enterprisewide fraud management sounds like a good
answer for your financial services institution, flag it for investigation.
“According to The Faces of Fraud
report, 45 percent of businesses
cite loss of productivity as their top
nonfinancial fraud loss.”
Information Security Media Group
2010 Survey Results: The Faces
of Fraud: Fighting Back
December 2010
17. 14
ENTERPRISEWIDE FRAUD MANAGEMENT
About SAS
SAS provides the capabilities described in this document based on the proven SAS
Enterprise Financial Crimes Framework for Banking. This solution takes a unique
approach that blends multiple alerting techniques in both real time and batch and
provides a systematic framework for investigating and managing fraud cases. A hybrid
solution, it detects and prevents both opportunistic and professional/organized fraud –
including emerging threats such as ACH, wire and mobile. Financial institutions can
significantly reduce losses by detecting more fraud with fewer investigators.
SAS has worked closely with top financial institutions for 35 years to create solutions
to address critical business needs. In the financial services industry alone, SAS data
integration, fraud detection, risk management, regulatory compliance, CRM and
other software is used by more than 3,100 financial institutions worldwide, including
97 percent of banks in the Fortune Global 500®
. Our award-winning solutions handle
the challenges specifically associated with the volatile financial services industry,
and we can help institutions better manage their strategy, risk, customers and
channels to maximize profitability, achieve greater shareholder value and gain a clear
competitive advantage.
SAS is the leader in business analytics software and services, and the largest
independent vendor in the business intelligence market. Through innovative solutions
delivered within an integrated framework, SAS helps customers at more than 50,000
sites improve performance and deliver value by making better decisions faster. Since
1976 SAS has been giving customers around the world THE POWER TO KNOW®
.