After extreme weather conditions and natural disasters, the World Economic Forum ranks cyberattacks as the third most likely global risk to economies in 2018. And it’s understandable when you consider that every 40 seconds, a company somewhere in the world is being hit by ransomware.
A minor lapse in cybersecurity means inviting a host of cyberthreats and malicious attacks that can cost your business dearly. And nowhere is this risk more keenly felt than in the financial services sector, where occurrences of fraud are on the rise and the potential for reputational damage is enormous.
It goes without saying that trust is paramount in financial services, and instances of fraud inevitably erode that trust. For the financial services firms themselves, they are often perceived to be at fault, even when it is the customers that make critical mistakes like giving up their passwords or inadvertently downloading malware.
As such, firms must be vigilant in protecting both themselves and their customers by eliminating risks whenever possible and educating their customers on behavioural best practices.
Financial fraud is a persistent threat, and as digital transactions continue to proliferate, so does the scale of this threat. Consequently, cybersecurity and fraud detection/prevention sits at the top of the strategic agenda for financial services firms.
Increasingly, financial firms are turning to technology to bolster their defences by leveraging it to help identify, monitor, and prevent fraudulent transactions. And there is a very obvious benefit to openly pursuing such a strategy — if employees and bad actors know about an organisation’s anti-fraud monitoring and surveillance, they are likely to move onto “softer” targets.
To keep up with the wide variety of frauds and schemes they face every day, firms need to build a fraud detection and prevention architecture that helps to improve their transaction monitoring and fraud risk analysis.
For a start, they should look to deploy more sophisticated transaction and identity authentication technology and analytics. There is a prevailing belief that biometrics and thumbprints, rather than passwords, provide better security against transaction fraud, but stolen fingerprint scans can pose an even bigger security risk for customers.
Instead, behavioural analytics and pattern analysis are likely to gain momentum over the coming years as firms look to analyse customers’ activities as another way of authenticating their identity. Whatever the approach, it needs to be flexible enough to deal with changes in fraud schemes and tactics, regulatory expectations, data sources, and reporting requirements.
It is also important to note that as firms bolster their fraud detection and prevention capabilities, the security (and sensitivity) of data becomes more important as well. While many employees need access to customer account records, care should be taken to restrict access to transaction-monitoring strategies and records.
The same goes for investigations of alerts and suspicious activity reports. To this end, master data management (MDM) and data governance (GRC) should be priorities, especially in compliance and fraud management.
To help improve and increase the effectiveness of fraud detection and prevention monitoring, firms should look to aggregate data sources and deploy advanced analytics tools that can augment and automate their existing fraud systems.
There is a pressing need to actively assess and reduce fraud risk across the firm. This could include internal threats, outside threats, and emerging threats. In this regard, fraud detection, fraud prevention, and data security have taken on a new urgency, particularly given the constant change in emerging threats and the high-profile nature of some of the bad actors.
Firms must also look to act as a deterrent by creating fraud detection and prevention mechanisms that deter bad actors and keep them guessing. Employees should be made aware that they are being watched closely, and they should be trained to watch closely too.
Fraud threats are increasing, but with a risk-based fraud prevention program and advanced analytics, you can show fraudsters that your firm is more progressive about detection and prevention, and bad actors will take their fraud schemes elsewhere.
Reducing opportunities for fraud must be the ultimate objective, and this can be achieved by expanding the line of sight for fraud detection programs and analysis by aggregating internal data and data from third-party providers. It is here where advanced statistical and analytics techniques (e.g., pattern detection, machine learning, and cognitive computing) will show their true value.
It is not realistic for you to stop every bad actor, as some will inevitably slip through the net. But the very least your customers expect is for you to put forth your very best efforts to identify threats and mitigate the risk of them becoming yet another victim of fraud.
The columnist is group vice-president and regional managing director for the Middle East, Africa and Turkey at global ICT market intelligence and advisory firm International Data Corporation (IDC). He can be contacted via Twitter @JyotiIDC. Content for this week’s feature leverages global, regional, and local research studies undertaken by IDC.
