Taking the right security measures: Layered protection

0

Instances of cross-channel organized crimes and cyber-crime in banking, insurance and other sectors continue to rise across the globe. And, 2012 kicked off with the same, if not more momentum than 2011. Organized criminals are working harder than ever to keep the black market alive with ever-changing sophisticated crime schemes: Phishing, smishing, account takeover and cybercrimes are keeping many corporate executives and government officials worried over what can be done to prevent these criminals from performing their egregious behavior.

About 8.1 million Americans were victims of identity fraud in 2010, with total losses estimated at $37 billion, according to a report from Javelin Strategy & Research, a financial services firm that has been tracking identity fraud for eight years. A recent high-profile example involves Zappos.com and its parent company, Amazon.com. In 2012, Zappos.com will fight a class action lawsuit stemming from a data breach affecting more than 24 million customers.

The security market including fraud, compliance, public safety and national security is one of the main drivers of technology spend globally. The Homeland Security Research group estimates the amount of money spent to improve security and prevent fraud globally is around $188 billion, with around 2 million people employed worldwide. The cost of fraud is skyrocketing too. While there are no official government statistics, industry estimates for US Medicare fraud puts the amount at more than $50 billion a year. And, Gartner estimates that small business account takeover in the US alone has already led to at least $3 billion in losses.

Compliance has always driven spending on software and services either directly or closely related to fraud and security. For example, in the US healthcare sector, this includes the HITECH (Health Information Technology for Economic and Clinical Health Act) , which defines a new right for members or patients to see the names of all users that viewed their data in all electronic designated record sets. In the US financial services sector, this includes the 2011 FFIEC Guidance on “Authentication in an Internet Banking Environment” that mandates financial institutions implement risk-based layered security to protect their customer accounts from fraud.

Public Sector Fraud

In addition to fraud and compliance, public safety and national security are on the radar of most government agencies. Homeland security includes protection against threats such as terrorism, organized crime and cybercrime. Providing protection against and response to major catastrophic events is also a good reason to take tighter security measures.

Earlier this year, the hacker group Anonymous claimed it was responsible for denial-of-service attacks on US Justice Department websites after federal authorities shut down the file-sharing website Megaupload.com and arrested some of its leaders. The criminal enterprise generated more than $175 million in criminal proceeds and is causing more than half a billion dollars in harm to copyright owners, the DoJ and FBI said.

Fortunately, technology and analytical advances are making it easier to detect those rare and highly costly security and fraud challenges.

Fighting fraud

SAS Security Intelligence employs the innovative use of technical acumen, domain expertise and statistics to create business solutions that provide protection against regulatory and compliance breaches, fraud and improper payments, and public security threats.

Gartner recommends 5 Layers of Fraud Prevention and Security where layers 4 and 5 are critical to fraud prevention across multiple channels and products. This approach requires technology vendors that have the capability to:

  • Monitor and analyze user and account behavior and identify anomalous behavior using rules and statistical models across channels and correlate alerts for each entity across channels and products and
  • Enables the analysis of relationships among internal and/or external entities and their attributes.

Insurance company improves fraud prevention

Let’s look at an example. A large US commercial insurer was incurring significant fraud losses across their lines of business. They were seeking a solution that would provide the most lift over their current rules and models and enhance effectiveness of the triage and fraud investigation teams.

The predictive capabilities of the SAS Security Intelligence solutions were applied to 4 years of historical data. Client investigators evaluated the results during a 3-week validation period to identify incremental fraud detection at the claim and network levels, reduction in false positives and enhancements to investigative efficiency.

Some noteworthy results included:

  • 35 percent better results than competition.
  • Incremental estimated savings of $10.3M annually.
  • 57 percent lift over current process.
  • 45 percent correct hit rate on claims.
  • 67 percent correct hit rate on networks.

I’ll leave you with a final quote from Aite Group on the Federal Research breach from an inside consultant. Julie McNelley, a research director and fraud analyst for Aite Group, says the case reinforces the value of information. "It's not just money that's the target, but also intellectual property, which can then be monetized in a variety of ways," she says. "As organizations are looking to secure their infrastructure, they need to be aware of all the ways in which valuable data could be exposed and stolen, and implement technologies and procedures to mitigate that risk."

When looking to prevent, comply, and secure your organization, be sure and evaluate technology that has proven success, can deliver on advanced analytics, domain expertise, and real-time transaction decisioning. Learn more about how to consolidate your fraud and security programs in today's press announcement about SAS Security Intelligence.

Share

About Author

Ellen Joyner-Roberson

Global Marketing Advisor

Ellen Joyner-Roberson, CFE is Global Marketing Advisor at SAS, where she defines industry strategy and messaging for the global fraud and security markets in banking, insurance, health care and government. With more than thirty years of experience in information technology, she helps clients capitalize on the power of analytics to combat fraud and keep the public safe. This includes bringing greater awareness of how to apply machine learning and AI to detect evolving fraud tactics, while realizing ROI in technology investments. In addition, she consults with clients to reduce fraud losses and mitigate risk across their enterprise. Joyner-Roberson graduated from Sweet Brier College with a degree in Math and Computer Science. Most recently, Ellen has brought to market our Intelligence and Law Enforcement solution called SAS® Intelligence and Investigation Management and a cross industry solution focused on Procurement Integrity.

Leave A Reply

Back to Top