Detica, IT and fraud consultancy, has warned that banks which rely solely on new or improved vetting procedures will only succeed in weeding out a small proportion of potential insider fraudsters.
This comes just days after warnings from the Financial Services Authority (FSA) that "organised" criminals are applying for jobs in finance firms to commit fraud.
What they say
Imam Hoque, Head of the Technology Innovation Group at Detica, says: "Most organised crime syndicates use people with a ‘clean’ criminal record. This is backed up by statistics from the US Association of Certified Fraud Examiners stating that just 12pc of fraudsters have a conviction for a fraud-related offence. As such, whilst better vetting is to be welcomed, it is not a stand-alone solution as most fraudsters appear to be honest individuals with good backgrounds. Financial institutions need to be much more proactive and make better use of the data they collect already to spot fraud patterns."
Five points
Detica advises financial institutions to follow a five-point plan: 1 Understand what types of fraud are already being perpetrated, then formalise the capture and categorisation of known crimes in order to set up effective anti-fraud policies.
2 Use the frauds you know about to heighten awareness of those you haven’t yet come across. By creating rules and employing monitoring techniques based on existing crimes, you can start to generate potential alerts. For example, if an insurer has established that fraudulent employees are accessing closed files to make further insurance claim payouts, a rule can be introduced to detect and draw attention to any closed file activity. 3 Pull together all available data – from computer log-on times to phone call usage – in order to spot odd trends or patterns of behaviours. The techniques used for this include data mining, trend analysis and clustering, and can provide valuable insight into discovering frauds you don’t know that you don’t know about. 4 Use searchable, electronic approaches to manage cases, as fraudsters repeat their behaviour and evidence may only become conclusive over a period of time. Allow the system to be your memory. 5 Fully understand the impact of fraud on the business and have an ongoing process to keep policies and rules up-to-date through analysis.
Hoque concludes: "This is about a more ‘holistic’ approach to detecting fraud. Because financial institutions already have to archive masses of data, the information they need to combat fraud is often there. It’s really just a question of being much smarter at working with existing systems and complementing these with sophisticated techniques to spot anomalies which could point to fraudulent activity."
