Anti-fraud system in the banking sector
Since researchers and security experts call the same malign two types of crimes: fraud in the financial market and burglary. Recently, banking fraud has been featured in the press more often than burglary. And companies appeared on the domestic market that summarize the experience of victims of fraud and offer a system for a comprehensive solution to the problem.
Assessment of the level of protection of the banking system against fraud
Banks in Russia are backbone entities that accumulate funds of individuals and enterprises, and carry out settlements. Violation of the recommended standards determining the level of protection against fraud risks undermines customer confidence in banks. While the reputation of a banking institution is important for capitalization, and for raising ratings, and for attracting new clients.
The number of banks is gradually decreasing, small players are leaving the market, who more often became a target for fraudsters. The largest banks from the first hundred are introducing progressive information security technologies, and market professionals assess the overall level of protection as high.
The threat posed by so-called fraudsters - individuals who use computer technology to illegally access data and commit fraud in the banking sector - is rapidly decreasing. The basis for the positive changes was a number of novelties in the legislation on the national payment system, adopted in 2014.
The norms forced banks to actively monitor the means of protection against unauthorized access to networks and information arrays, to update and improve the methods and means of information security. In the area of anti-fraud, the implementation of the regulations was a giant step forward. Almost all banks have implemented specialized software that allows them to deal with the risks associated with remote banking channels, threats of fraud with funds on the accounts of legal entities and payment cards of individuals.
It is important that many banks do not just purchase ready-made assemblies of software products, but they themselves create their own systems of protection against fraud. This increases the level of information security, since it is easier to cope with the known program code than with the know-how created by experienced programmers and specialists in the field of information security. For a number of banks, the development and sale of software of this level became an independent source of income and helped to achieve competitive advantages in the market.
In addition, in order to manage fraud risks, it is in the field of information technology that banks are actively introducing:
- anti-fraud systems that protect against most of the known methods of penetrating information bases;
- digital signature with several security levels;
- cryptographic algorithms to encrypt streams of information;
- available methods of recognizing devices from which clients enter their personal accounts or use the "client-bank" systems;
- other methods and means that provide the level of authentication and verification of users and private payments recommended by the regulator - the Central Bank of Russia.
To protect payments using bank cards, technologies such as SmartVista and 3D Secure are being actively implemented, which limit the ability of fraudsters to intercept the payment card number and write off funds in their favor.
Main risk areas
Banking fraud is not limited to fraud technicians. There are various types of fraud in the field of lending, a common practice is the receipt of funds using forged documents. Moreover, the types of crimes are constantly evolving, and fraudsters invent new schemes. When developing security systems for banks, it is important to identify the most vulnerable pain points.
In the information security standards, the Central Bank noted that the greatest risk is concentrated within the bank. Insiders - employees of a credit institution with access to all internal information - are associated with 80% of information security incidents. Employees often help fraudsters who steal funds from credit institutions. Insiders may be motivated by money or internal conflict, but even greedy and resentful employees are rarely the organizers or the only participants in the act. Most often, they are part of a team of information technology professionals who operate from outside the lending institution.
Interestingly, such complex, "two-way" banking frauds are classified as external threats. And despite the generally well-developed software, its capabilities are often insufficient for detecting and investigating crimes.
It is especially difficult to investigate incidents in which several bank employees are simultaneously involved, especially if the team includes employees of the information department or security service. Then it is easier for the participants to hide their tracks, destroy evidence, forge paper documents and electronic data.
If a high-ranking bank manager is among the members of the group, the incident will not be publicly investigated for the sake of preserving its business reputation, and the perpetrators of the bank fraud will not be punished.
The practice of combating fraud contains many examples when the commission of an act becomes obvious during the next audit. At the same time, the culprit of the disappearance of the money left the bank long ago and it becomes almost impossible to find the facts connecting the theft with the dismissed employee.
For banks, the risk of losing their reputation outweighs the risk of financial damage, which is why financial institutions prefer not to disclose information about banking fraud. Such situations are publicized either after the publication of judicial practice, or in cases of super-large damage from which clients have suffered. Insider scams never go public. However, the specialists in the field of banking security invited for the investigation are well aware of the methods used to steal funds, and the methods of investigation, and the amount of stolen funds.
It is easier for law enforcement agencies to investigate simple cases of bank fraud. For example, when a client takes out a loan with the deliberate intention not to repay. In such cases, the criminological characteristics of crimes have been studied for a long time, the fraudsters rarely manage to hide the evidence and find the culprits more often, even in the case of collusion with bank employees.
Elements of a system for combating fraud in the banking sector
Countering cybercriminals who want to steal bank funds requires an integrated approach. First of all, you need to abandon the intention to consider each incident separately. Organized criminal groups operate in banks, especially in remote branches and branches. Understanding the problem will suggest methods of struggle.
Experts are cautious about the formation of organized banking cybercrime, set on industrial rails. Therefore, a system for countering banking fraud must be built together with law enforcement specialists. In addition, information security specialists are involved in the investigation of incidents and frauds for the examination.
The banks themselves should get enough legal and technical tools that do not work to prevent and detect crimes. Internal security services are required to learn how to track fraudulent schemes at the preparatory stage and take measures in time to avoid theft of customer and shareholder funds.
The basis for a reliable anti-fraud system in the banking sector is laid even at the stage of hiring employees. However, it is extremely difficult to screen employees for involvement in banking fraud if incidents remain hidden. Therefore, it is in the interests of the credit institutions themselves not only to identify potential members of criminal gangs, but also to create common databases. The disadvantage of sharing information is a highly competitive environment in which disclosure of this kind of data can harm both the bank itself and the employee if the accusations turn out to be unfounded.
When selecting candidates, even for positions of the lowest level, bank security services use several methods to identify possible criminal interests:
- testing, up to lie detector tests;
- screening;
- additional special checks.
However, the measures are far from always effective or sufficient. Aware of the problem associated with the inability to thoroughly check an employee, in order to ensure effective fraud prevention, specialists develop specialized banking products that identify all actions of the alleged criminal inside the protected perimeter.
Specialized software saves all steps, the fraudster does not have time to destroy the traces of his stay in the system and the software product reveals an intention to steal funds even before the plan is implemented. The standard protection measures introduced in most banks do not provide such an opportunity, so that the attackers manage to destroy the traces of the crime in advance, and the perpetrator successfully switches to the next bank, where he continues his criminal activity.
Software solutions help to separate employee actions into standard and non-standard ones. The occurrence of any non-standard action activates the protection system, information about a suspicious event goes to the security service, which decides whether the behavior is similar to the intention to commit a criminal act.
The advantage of such solutions over standard ones is the ability to prevent crime and theft of funds from the accounts of private and corporate clients. The complexity of solutions allows you to carry out several steps at the same time:
- take under increased control the actions of the employee about whom there are suspicions;
- increase the level of acceptable risk for employees of various departments in order to check for conspiracy to commit fraud;
- apply additional control measures, including technical means permitted by the current legislation.
Such software products are installed together with common anti-fraud systems and allow reducing the risk level to an acceptable level. The inherent profiling capability of the system provides advantages over other methods of detecting criminal intent. Describing and creating profiles with this approach includes:
- separation of employee behavior scenarios in the workplace into standard and non-standard;
- assessment of professional behavior according to the employee's life path and cases of deviations from normal behavioral patterns.
If an employee is most actively performing operations at non-standard times, early in the morning or late in the evening, this is a deviation from the standard biorhythms and professional profile and should raise questions from the security service.
The problem is that it is impossible to accurately define all of the human behaviors. Changing the periods of activity will not necessarily be related to criminal intent. In any case, deviations are a reason to apply additional control measures over professional relations and the activities of a specialist in order to confirm or refute suspicions.
A more significant departure from the professional profile is the desire of the employee, under any pretext, to gain access to personal files or the accounts of the bank's VIP clients. The justification can be anything, but such a desire itself, if it is not part of the job, gives rise to suspicions of planning to commit banking fraud with the accounts of these customers. On the other hand, this behavior may turn out to be a simple mistake in the differentiation of user access rights and the desire of the employee to prove himself from the best side.
Another example of a deviation from the standard profile is a change in the load on the processor of a central server or a sharp increase in Internet traffic consumption.
Thus, software solutions offer the banking security service the creation of two profiles: an average and a specific specialist. The characteristic of a particular specialist adds up when observing the features of the work and with the condition of studying the usual job duties on the basis of the instructions.
Analysis of the second profile will allow faster and more accurate identification of deviations from the standard behavior. The use of profile models opens up opportunities for detecting not only typical cases of using IT resources for theft of funds, but also preparing for other crimes. For example, fraud in the field of credit, if an employee suddenly showed interest in personal files and questionnaires of bank customers or began to study the characteristics of a screening system without being a loan officer. Viewing customer profiles with unexpected frequency may indicate that the alleged fraudster is identifying potential victims.
Any lending institution has dormant accounts that belong to clients who have gone missing or who have lost access to their own funds for various reasons. The loss of money from the "sleeping" account will not cause a sharp response from the client and the security service of the credit institution, most likely, will not notice the withdrawal of funds. Meanwhile, such a scheme is among the most common ways of committing internal fraud.
Sometimes cybercriminals use funds from "dormant" accounts temporarily to receive dividends, and then return them to the owners. A specialist in information support services is able to change the program code in such a way that funds are discreetly transferred between dozens and even hundreds of bank customer accounts.
When law enforcement agencies are involved in the investigation, investigators build operational versions based on the behavior and profile of not just bank employees, but members of organized criminal groups specializing in banking fraud. In addition, the combination of software and technical measures with the effective operation of the security and internal control services helps to reduce the risks of banking fraud and protect the funds of private and corporate clients.
08.12.2020
