It is very clear from the figures released by the various fraud prevention agencies that there is a dramatic increase in cybercrime and real-time fraud. Should the losses continue to persist at the current growth rate, the financial services industry is in for torrid times?
Ultimately, it is the attitudes around fraud that need to change. The institutional practise of covering up fraud is unacceptable. The cost of fraud in the UK, from the Annual Fraud Indicator 2016 report is £193 billion. This is four times the previous estimate of £52 million in 2013. The expense is becoming so monumental that banks’ will have no other alternative but to pass the costs through to their clients.
I attended the Worshipful Company of Information Technologists (WCIT) and Digital Policy Alliance (DPA) roundtable on cybercrime and real-time fraud with a cross section of the financial service industry, the police and government and the conclusion: prevention is not easy. A number of concurrent initiatives are required with an overriding need for urgency to combat this global threat. It also became abundantly clear that cybercrime could not and would not be stopped using a simple gatekeeper.
There is an immediate need for action on:
Aspects of the wider education requirements include the understanding of the business model of the criminal gang. Where “the crown jewels are” in the organisation. Awareness training to protect the organisation and their clients is key. And if your computer says, ‘unsafe to use’, then it is, so don’t go there. Compliance training should go to every level of the bank and the proof that the training has been completed will satisfy the bank’s management and the regulators.
- Employing the latest technology
To be used by each and every one of us to combat cybercrime including:
- The potential use of blockchain technology for trust and reputation;
- Prediction using AI and genetic algorithms;
- Automating system responses for increased speed of response;
- Using real-time, big data crunching in-memory computing power.
- The Inside Threat
It is vital to identify the ‘Bad Actor’ / ‘Bad Agent’, who is someone with access to the inner workings of the bank. A Bad Actor is involved in 60% of frauds. Technology has to be utilised to minimise this threat. Start with HR information, coupling in social media and then the use of transactional history that an employee or contractor is involved in, patterns will emerge. Utilising three-dimensional models, visualisation and predictive analytics increase early detection.
It will be necessary to look into how we educate, change culture and enact policy, within organisations that may be the subject of fraudulent activity. This also includes collaboration that respects the data protection required for privacy but this privacy should not be there to protect the cybercriminals and fraudsters engaging in fraudulent activities.