Banking and Finance Fraud

According to data from the Association of Certified Fraud Examiners, organizations witnessed a record loss of a staggering  5% of its annual revenue due to fraud. This brings potential global fraud losses close to $4 trillion.  As technology promotes rapid fraud and creates new opportunities for the use of fraud prevention systems, financial institutions need innovative ways to compensate for any weaknesses in their fraud protection measures to prevent the daily losses that banks and credit unions suffer. It is important to recognize that technology plays a vital role in detecting and preventing fraud, while also improving the customer experience.

How Fraud affects the Banking Industry

 The banking industry faces many risks, and these risks keep evolving and changing. Fraud is one of the risk banks face and is one risk that tops the list, and if it not properly  controlled, will result in heavy losses. Currently banks are taking every step necessary to reduce the cases of fraudulent attempts, and the only way to do this is to take a more  proactive approach to stay ahead of these fraudsters.

Recently, a large percentage of banks have invested heavily in physical and network security to defend against traditional threats, but today, even greater threats are emerging in the form of more and more peripheral devices in the Internet of Things (IoT) and corporate networks.  These devices include video surveillance, identity and access management, and other physical security systems that are critical to the daily operations of financial services institutions.  

These technologies were previously based on analogue technique and basically isolated from other IT systems. They have now transitioned to IP and have become a greater threat to network security. With the growth of the Internet of Things, a large part of which consists of safety sensors, this problem will only become more serious.  In fact, according to data from the research company Gartner, the number of connected devices used in 2017 exceeded 8 billion, and it grew to about 20 billion in 2020.

Limiting the threats

For most banks, the problem is that they have installed thousands of cameras in their various corporate offices and branches. This to a large extent makes it a bit more difficult in trying to solve the issues of  network vulnerabilities making it a much more complex issue to resolve.  For example, take a typical branch monitoring deployment as an example.  Usually, there are both existing analogy cameras and IP cameras, as well as encoders, network switches and network video recorders (NVR) connected to the network. 

NVRs, switches, encoders, and IP cameras are all equipped with firmware, this firmware needs to be updated to eliminate potential network risks. It is also important to point out that most firmware usually comprises of a username and password. This gives hackers a loop hole to exploit.  Updating these devices site by site can create a logistical nightmare, which makes it necessary to have some type of centralized management utility. 

Identity and Access Management

Identity and access management (IAM) simply refers to having defined roles of management on access privileges of individual network users, as well as the environment in which user privileges are granted or denied.  Users in this scenario might refer the apps customers (customer identity management). Users can also be used to refer to employees (employee identity management).  One of the major objectives of the Identity Access Management is to create a digital identity for every individual. This digital identity must be maintained, ability to be modified and also monitored whenever individuals continually require access throughout the life cycle":

The concept used is authenticating and identifying users is called Identity management, it is also known as Identity and Access Management (IAM). IAM is responsible for helping users gain access to a specific systems. Here, authentication and user control is important in protecting users data, by regulating and monitoring the level of access given to each user in a given system.

Identity management and access control has become part of our everyday life as we interact with the authentication mechanism on a daily basis.  When you enter your username and password to access your profile, make use of a PIN code, scan your fingerprint or click on a bank card your identity is being verified. After verifying your identity, access control will be implemented to determine your access level. That is why when you enter a wrong pin or passcode you are denied access to the profile you are trying to access. It is very important for applications and services that have different authorization levels for different users. For example, access control will allow software administrators to add users or edit configuration files, while also prohibiting lower-level users from accessing certain functions and information.

Multi Factor authentication in fraud prevention

The financial services industry is developing rapidly increasing customer expectations. The financial service industry is also witnessing a fundamental shift towards digital channels (mobile), the tsunami of new regulations such as the (PSD2, GDPR, MiFID2, Dodd-Frank Act...), the evolution of new technologies has also hit the financial sector. Financial Technology (Fin-tech) start-ups has emerged creating competition among Fin-tech players . This competition has intensified over the years as organizations are all coming up with innovations on a daily basis. These rapid developments are forcing banks to quickly provide innovative and compelling financial services and provide an excellent and smooth user experience interface.  At the same time, the financial services industry should be extremely careful not to lose the trust of its customers.  This means that customers should be confident that their transactions will be executed correctly and that their financial information is safe for the bank. Security is crucial in this story, but since the financial services industry has been the biggest target of cybercriminals in recent years, ensuring security should be of utmost importance to all financial institutions. The activities of cybercriminals has placed a heavy burden on financial service institutions to protect the transactions and data of their customers. For example, in the UK, payments and financial services account for approximately 75% of cyber-attacks.

Malware, phishing, social engineering and fraud attacks are increasing year by year, new mobile technology attack methods are currently on the rise. Examples of some of these attacks include mobile spoofing and cloning. Due to this, financial institutions witness security breaches which occur daily.  Since financial data is some of the most sensitive information stored on the Internet, such violations will not only cause financial losses, but also lead to serious damages to both the customer and bank.  Today, the annual cost of online identity fraud is estimated to exceed $1 trillion. 

 The first step to ensure security is authentication; authentication is vital to data protection as it helps verify that people are who they say they are, rather than someone stealing that identity.  For the financial services industry, having a secure but user-friendly identity verification process is no longer an easy task, but a necessity. 


By Joseph Sordi, SVP 

Strategic Security Corp.