Authentication is failing, so turn on the burglar alarm

The Federal Bureau of Investigation recently issued a warning about ACH and wire transfers being routed to China after discovering that millions of dollars were being lost in bogus transfers.

The scheme is aimed at U.S. small business accounts where the fraudsters are unleashing Zeus and other malware on unsuspecting commercial customers who unknowingly click on links and open attachments that expose them to fraud.

In a recent blog article by Tracy Kitten at BankInfoSecurity she mentions that fighting malware with authentication is a losing battle. Attacks like the one from China simply bypass authentication.

So are we fighting a losing battle? The rising figures for financial crime seem to imply she might be right. The UK National Fraud Authority, for example, recently put the loss to the UK economy from fraud at £38.4 billion. This is a staggering figure. This represents fraud costing each adult member of the population an average of £765 per year!

Based on such figures, the industry now knows that traditional front-end detection tools, such as ID authentication, will no longer stop criminals from getting into the system and stealing money.

This is not the case with back-end detection technology, because, no matter which channel the fraudster uses, whether it is via the Internet or using ATMs, their criminal behavior will give them away. This is one of the key benefits of back-end transaction monitoring solutions that provide behavioral profiling and pattern recognition detection techniques. It is also one of the reasons why even the regulators are recommending banks to analyze the activities of their customers to identify possible fraud. FFIEC guidelines state this very clearly, “Financial institutions should rely on multiple layers of control to prevent fraud and safeguard customer information. Much of this control is not based directly upon authentication. For example, a financial institution can analyze the activities of its customers to identify suspicious patterns.”

So, if front-end detection tools like authentication act as a lock on the door, they also need a burglar alarm to give that all important warning of suspicious activity. This alarm must have a series of systems that analyses the data received, provides early detection, investigates the suspicious activity conducted and quickly alerts the bank on whether or not to act on it.

While nobody is supposing that back-end detection tools will in themselves solve the rising figures of financial crime, it is clear from endorsements such as from the FFIEC that it is needed.

By combining front and back end detection methods, financial institutions can better align their detection activities with the way the modern day criminal perpetrates fraud across multiple channels, products and devices. With criminals finding new ways to ‘pick the locks’ of financial institutions, holistic technology is the way banks can best fight back and, most importantly, stay that one step ahead.