Emerging trends in fraud


One of the hottest topics on today's agenda for financial institutions is FFIEC's recently released guidance supplement calling for layered fraud secuity and authentication. So, during the recent Terrorism Financing and Money Laundering Forum in Cary, North Carolina, a panel discussion on fraud was developed to discuss emerging trends in fraud - the threats and how financial institutions are handling the challenges posed by the new guidance.

The panel members were:

  • Dennis Lormel, President and CEO, DML Associates.
  • Patrick Russ, Vice President of Enterprise Operational Risk Management, Wells Fargo Bank.
  • Bill Ward, CAMS, Executive VP and Chief BSA & Security Officer, Union Bank.
  • David Stewart, Director, Financial Crimes Practice for Banking, SAS (moderator).

Why updated guidance?
Bill Ward from Union Bank fielded this question. He said that if a commercial customer falls victim to a man-in-the-middle attack because there is no sophisticated email protection programs protecting against such attacks at his or her organization, the bank is now liable.

According to the panel, phishing schemes currently popular among fraudsters are:

  • The “man-in-the-middle” attack – an interaction between two parties on the Intranet, such as a banking customer and the bank, is, unbeknownst to them, being initiated, controlled and routed through a third party thought by each victim to be the other.
  • The “man-in-the-browser” attack, similar to man-in-the-middle, in which fraudsters install malware on a victim’s computer that manipulates the victim’s transactions with the financial institution.
  • Spear phishing,” in which fraudsters research their targets so that they can pose as trusted sources, such as co-workers.

"Bankers are going to be held responsible for these attacks, " said Ward. "This guidance is the reaction we are getting to hundreds of thousands of millions of dollars of loss. As a financial institution, we can't control what a commercial customer does to protect their own network, but that lack of protection gets followed right into my network - now, there is no question. The guidance says that banks must have a level of protection that prevents this. You can't control what your commercial customer does; what you can control - stop fraud before it happens."

Dennis Lormel has almost 28 years of FBI Special Agent experience, particularly in complex financial-related investigative matters. According to Lormel, spear phishing is an up-an-coming fraud that is going to be getting a lot of attention. According to Lormel, regardless of the type of fraud, the problem is a lack of vigilenge on the part of the banks and victims and of diligence on the part of fraudsters. "It doesn't matter how good your systems are if you aren't following the processes and staying vigilent," he said.

Patrick Russ says the new guidance calls for institutions to create an environment where they are constantly looking at the risk and making adjustments. "We looked at our current risk assessment process and made sure it is in alignment with the guidance."

You'll recall that Union Bank fully converged its fraud and AML teams two or three years ago, so the multi-layered approach called for in the new FFIEC guidance has already been in place at the bank for some time. "To me, the guidance makes sense," says Ward. "It's in alignment with our strategy. The guidance really addresses the middle part - is the payment falling into a queue to be checked before it goes out. We have a system in place to check that middle part - the queue."

What about the data?
Union Bank's convergence included building an incorporated team of both fraud and anti-money laundering specialists. According to Ward, this team looks at all of the data and don't leave the decisions in silos. Wells Fargo has also converged its fraud and AML teams, and Russ agrees that an enterprise fraud management team such as this should have access to all of the data. "When doing the fraud models, it is helpful to have more data - more context - about what the customer is doing," he said. "Where the trouble lies is that the silos often have data specific to the silo - data that isn't necessary holistically. That can be a challenge."

Ward offered one final bit of advice. "Getting the data, getting accurate data, and then using that data to detect links is important," he said. "That is the direction we should be taking. It looks good on the drawing board, of course, but executing is the challenge."

Read all the posts about the Turning Point conference.


About Author

Waynette Tubbs

Editor, Marketing Editorial

Waynette Tubbs is a seasoned technology journalist specializing in interviewing and writing about how leaders leverage advanced and emerging analytical technologies to transform their B2B and B2C organizations. In her current role, she works closely with global marketing organizations to generate content about artificial intelligence (AI), generative AI, intelligent automation, cybersecurity, data management, and marketing automation. Waynette has a master’s degree in journalism and mass communications from UNC Chapel Hill.

Comments are closed.

Back to Top