Layering Up for Fraud Defense
As a former Federal Reserve executive as well as currently a director for a regional bank, I’ve had the unique opportunity to observe how fraud in the financial arena has evolved. Likewise, I’ve also watched how financial institutions and the government responded – or failed to respond – to these new and emerging threats.
These days, traditional financial institutions must prepare themselves for fraud across a broad variety of attack vectors. From counterfeit currency and check fraud to mobile phishing and debit card skimming, financial institutions are under siege like never before. As security breaches become more visible to the general public, “brick and mortar” banks must also think about how their security posture is being perceived by customers. This is especially true as a new breed of pure play Internet banks such as Simple and Moven, who have built their offerings on a foundation of hardened security, begin to compete more aggressively with their more conventional peers. For this new generation of online-only banks, security is being built from the ground up and has become a core business requirement, not just a bolted-on feature to an existing service.
Almost 20 years ago while working at the Fed, we began the process of building a framework for an anti-fraud program as we witnessed these types of nefarious activities grow in size and scope. Being at the Fed was like being on top of a mountain; we could see at a high level how financial institutions across the entire landscape were being targeted but we couldn’t always help at a tactical level. While we could never be sure of how hackers might specifically attack financial institutions, we understood that a continuous arms race was being waged and that we needed to equip banks with both the technological knowhow as well as a more proactive mindset for reacting to these types of fraud attempts.
With that background in mind, here are three pieces of advice:
A multi-layered defense is mandatory. When it comes to technology and security, there will never be a single magic bullet. The best secured networks are the ones that feature multiple points of failure and redundancy so that if one system fails to detect, another one will. This seems like common sense but I’ve been surprised by how many financial institutions put too many eggs in one security basket.
Criminal organizations are using artificial intelligence (AI) and so should you. Few criminals are using 20 year old technology to hack into online bank accounts, yet many financial institutions continue to rely on woefully outdated technologies to protect their customers. In fact, criminal syndicates are employing increasingly sophisticated AI technologies such as Domain Generating Algorithms to squirrel their way into hardened networks. Consequently, financial institutions should adopt the latest AI technologies such as Behavioral Anomaly Detection to identify suspicious behavior and evaluate the relative risk of an individual transaction before a fraudulent activity occurs.
Monitor the black market sites. They say that if you want to understand the mind of a criminal, you have to learn how to think like one. I would counsel any financial institutions that issues credit cards to invest time and resources into understanding exactly how credit cards are marketed and sold in the dark underbelly of the Internet.
They say that if a shark stops moving it will die. Traditional financial institutions, along with their online counterparts, will need to heed the same advice if they are to not just survive, but thrive in today’s digital reality.
Mr. del Busto is chairman and CEO of Del Busto Capital Partners, Inc. and is the former regional executive of the Miami Branch of the Federal Reserve Bank of Atlanta. He can be reached at [email protected].