Author: Clari5

Insider fraud, mostly through employee theft, is a growing, global problem and the 2 sectors most impacted are ironically 2 of the most regulated – banking/financial services and government/public administration.

Insider or occupational fraud, both offline and online, is an employee’s misuse or misappropriation of an employer’s resources or assets for personal gain.

About 5% of an organization’s revenue is lost to insider fraud. This translates to a potential total loss approaching $3 trillion a year, according to a new report by the Association of Certified Fraud Examiners (ACFE).

Incidentally, insider fraud caused a whopping $169 million loss to financial institutions in 2018. An analysis by the American Bankers Association concluded that 65% to 70% of fraud dollar losses in banks are associated with insider fraud.

The impact of insider fraud can be severely damaging as most incidents take 18 months to uncover–long enough to put a small/ mid-sized business out of business and/ or erode a bank’s reputation and employee morale. Conventional controls to detect and combat various types of fraud, such as internal audits, are not very effective when it comes to catching insider frauds that must be detected as they are brewing.

Vital therefore to first spot the warning signs of internal fraud schemes. Also, despite generally being viewed as an act of mistrust of employees,implementing a technology solution to monitor employee and transaction activity can expose suspicious behaviour.

The signs

The same qualities that help employees perform well can also help them perpetrate fraud. In four of the most common schemes (GL fraud, Identity theft, ATO and Collusion) insiders devise ways to stay under the radar for years by taking advantage of internal vulnerabilities.

• General Ledger Fraud: Insiders exploit the fact that while most employees have working knowledge of the accounts they access daily, they are often unfamiliar with other parts of the GL accounts. Certain insiders may have exclusive access to accounts payable or suspense accounts, which are used to temporarily record items such as loans in process, interdepartmental transfers, or currency in transit. This makes it easier for insiders to move funds between accounts. An employee who has the authority to create an accounts payable record for a vendor, could very well create a fake company in the system and issue payments to that company.

True cases of incidents where employees abused their authority and access –

• • A personal banker opened both fictitious accounts and accounts with the names and identifying information of bank customers. He used these accounts to funnel money from the GL accounts.

• • An accounting clerk made deposits into a personal savings account from suspense accounts. He used different tellers’ computers, after the tellers had logged into the system, to transfer the funds.

• • A senior banker was indicted for transferring more than $4 million from GL accounts to her own accounts over 8 years and concealing the money in the GL. Since she was in charge of the GL and the corresponding accounts, she handled the journal entries and reconciliations. To execute the scheme, she fudged the information in her monthly reports to the board and gave false information to examiners. This case had 2 critical internal control weaknesses: lack of segregated duties and lack of oversight through continuous, automated monitoring of journal entries.

• • Identity theft: Stealing customers’ identity data is another internal fraud that is on the rise. One of the schemes of a fraud ring recently discovered had certain bank employees using stolen customer identities to create bank and credit accounts. The ring members recruited people to assume stolen identities and withdraw funds because they knew that their target banks did not have sufficient technological capability to safeguard customer information.

• • ATO: A bank employee opens a deposit account for a customer and later sets up online banking on the account without the customer’s knowledge. The employee then makes unauthorised withdrawals from the account or gives the online credentials to an external fraudster, who can use them to siphon money out of the account. The employee may also sell a customer’s PIN and account number to an external fraudster, change the address for the account and request a new debit card.

• • Collusion: One of the more devastating internal fraud schemes, especially for credit unions and community banks, is when bank insiders collude with external fraudsters.For example, a loan officer may apply for a real estate loan under a phony customer name and work with an appraiser, who will submit an inflated appraisal on a property. The employee will then take the funds, making it look like the “customer” absconded with them, and feign ignorance of the situation.

Organized fraud rings are highly sophisticated and plant their members in positions within a bank. A fraud ring may place its member in Human Resources, for instance, to make it easier to get members hired as loan officers, tellers or even loss prevention officers.

Knowing that the collections department has a weak background screening process and broad access to customer information, a fraud ring can place one of its members there to steal customer data.

More elaborate schemes can involve large-scale fraud across multiple departments and branches.

Since internal fraud is not easy to detect, it is important to watch for certain behavioural and transactional indicators –

• • • Employees attempting to disguise asset misappropriations can find plenty of places to do so within the GL. They may manipulate records and find other methods of exploiting weak internal controls. In particular, insiders who are responsible for both making journal entries and reconciling accounts require comprehensive oversight.
      Other signs to watch for include insiders, or their interests, frequently appearing on transaction suspense item listings, but not on the ‘updated’ version that is presented to the board of directors or to examiners; GL entries with incomplete transaction descriptions; Bank account reconcilements that are not current or that fail to describe the status of outstanding items.

• • • Employees who have access to customer information may be tempted to steal it for their own purposes, to obtain credit and debit cards and open bank accounts. Or they may sell it to outsiders for a profit.
      Warning signs include after-hours logins to customer accounts; frequent or excessive access to high-net-worth or VIP accounts; employees accessing accounts that are unusual for the scope of their job.

• • • Employees requesting full control of an account, where they or an outsider can make withdrawals or transfers from that account, may be involved in an ATO scheme.Unusual or frequent changes to a customer account are good indicators of this type of fraud and could be an employee changing account statement mailing frequency to a longer period; an employee not from the team handling the customer has changed a customer address; an employee changing a customer attribute and then changing it back within a specific time period (i.e. one month); an employee searching for several dormant customer accounts; an employee browsing dormant bank accounts and then transferring money from a dormant account.

Besides being clued in to the warning signs, it is vital to monitor internal fraud risks in certain roles more closely than others and limit access to data such as Social Security numbers or PAN or Aadhar details. The more credentials and account access privileges an employee has for customer and employee accounts, the bigger the risk they pose.

For example–

• • • Call center customer service staff are targets for fraudsters and fraud rings because they have access to the bank’s database of customers and their identities. If the call center is outsourced, it is even more vulnerable.

• • • The IT department could also be susceptible to fraud. An expert fraudster in the IT department can divert money from customer accounts to dummy accounts, or commit identify theft by accessing customers’ or employees’ personal information. In one sensational case, an IT staff member stole the identities of other bank employees to open accounts at other financial institutions.

Also, despite knowing that it is a risky practice, sharing of login credentials is quite common and carries the risk of suspicious activity.

Given the high-risk potential in customer or employee data theft, employees should be allowed only privileged access to view just the information they need to do their job, and their behaviour must be monitored closely against the warning signs.

Monitoring and preventing

The need of the hour is a framework for timely detection of insider fraud and proactive action.
Besides internal controls and audit, staff awareness and whistle-blowing, the most vital element of identifying internal fraud is real-time knowledge.Also, distributed accountability is more efficient than having a single individual responsible for highly sensitive roles.

Restricting access to customer data can help prevent not just identity theft, but also associated fraud such as ATO. Continuous monitoring of employee behaviour and transactional activity helps uncover warning signs of internal fraud.

Also, deterrence plays a key role. When staff know they are being monitored, they usually don’t attempt violations. It helps the bank send a signal that internal operations are under surveillance.

If an employee is accessing information that is not relevant to his or her job function, a good real-time technology can help link that activity to new deposit or loan activity that has been initiated by that employee. Rules can be updated frequently as the bank fine-tunes its internal fraud prevention program.

Interestingly, most insider fraud prevention solutions are targeted towards the largest population of employees and typically lower-level employees (tellers, customer service reps, lenders, call center reps, etc.). They don’t focus as much on middle/senior managers, and senior executives, who have more authority and can potentially steal much more.

Even banks that rely on anomaly detection to identify insider schemes often fail to catch fraud at the executive level, because there is no class of employees in these senior-level positions to compare to, to determine what is normal.

To increase the efficiency of monitoring efforts, a good real-time technology solution automates the time and labor – intensive process of manual fraud detection. By capturing and recording data across a network, an automated, cross-channel approach can alert a bank to threats and create an audit trail of flagged activity to streamline investigation and loss mitigation.

A critical aspect of this type of monitoring is ensuring that it is in real-time. Post-fact monitoring helps in certain cases, but it cannot prevent significant losses.

Besides accelerating the detection of suspicious activity, a good technology solution can also record internal user activity across the bank that can be used later for investigation. By prioritizing probable fraudulent activity and centralizing case management, it can also help the bank’s fraud investigation team quickly identify, gather, and close cases when an activity is flagged.

Smart AI-based real-time monitoring systems dovetail well with other banking systems such a score banking systems, CRM and HRMS to synthesize cross system intelligence and help identify suspect behaviours, target fraud at the source and enables the bank to stop fraudulent behaviour before it starts.

These solutions include customizable business rules, which can be preset to automatically stop transactions or flag them for further investigation. Rules can also be set for expected employee behaviour .They also have hierarchical case management capabilities for accelerating investigation and closures.

When employees (who could be potential fraudsters) operate in a manner that is inconsistent with their behavioural profile, the bank is automatically and immediately alerted. This helps pinpoint activities such as redundant account changes, excessive password changes, and demand drafts.

By watching out for internal fraud schemes as they happen,real-time technology helps banks respond to threats faster, prevent financial losses and reputational damage.

Internal fraud is becoming more complex, and implementing an intelligent technology solution as part of a bank’s enterprise-wide fraud monitoring and prevention framework helps reduce fraud risks vastly. With the capability to watch more closely and guard areas that are likely to be targeted, quickly pick up on warning signs, and strengthen internal controls, a bank can not only combat immediate threats, but also keep future internal fraud at bay.

References

• • • Insider fraud preventing the attack from inside – Huntswood
    • Biggest bank frauds – Business Insider
    • Cost of Insider Threat – Ponemon Institute
    • Insider Threat Statistics: 2018 Research Reports and Surveys – IT Security Central
    • Insider Threat Study – Carnegie Mellon Software Engineering Institute

Even as financial institutions implement more sophisticated fraud-mitigation techniques, they have not been keeping pace with criminals. A study by ISMG during fall 2018, to gauge fraud’s evolution and the impact of emerging technology, surveyed 150 financial institutions (primarily in the US), of which 37% had assets under management of $2bn or more.

79% said the number of fraud incidents has remained steady or increased over the past year, while 70% said financial losses from these incidents have also stayed steady or increased.Top forms of fraud were Payment card fraud at 56%, ACH/wire fraud at 49% and phishing (non-business email compromise) at 44%.

When asked about the biggest barrier to improving fraud prevention, 23% said their controls don’t speak with one another and that they don’t want to add any new anti-fraud controls that would impact customer experience. 33% believed technologies like artificial intelligence, machine learning and data analytics have high capability to detect / prevent fraud.

Despite complex processes and procedures in place, the reasons for continued fraud incidents are many. They range from lack of due diligence, inadequate auditing and lack of stringent checks and balances and anti-fraud technology from a bygone era. Meanwhile, sophisticated fraudsters nimbly change strategies to evade detection, even as the quantum of data generated daily by banks becomes more and more massive to sift through.

While banks are doing their best to further tighten their controls, processes and various audits (such as statutory audit, risk-based internal audit, concurrent audit, information systems audit and special audits), they also need to equally importantly consider some of the key technologies available to combat the menace.

Machine Learning

Being able to use ML to spot shifting patterns can form a vital part in improving detection rates while eliminating false positives.

While AI and ML are closely related, there are a few key differences. AI is the ability of a machine to perform actions without human intervention, while ML refers to a particular approach to AI that can take data and algorithms and apply it to new scenarios and patterns without being programmed directly.

AI can mimic actions it has either seen or been previously taught, without any new intervention, and is used to perform a range of specific tasks. Applied AI has been around for a while, for activities like auto-trading stocks based on a predefined set of rules, identifying/sorting images, or even playing chess.

ML is an extension of AI and is the next level in the evolution of the technology. The key characteristic of an ML algorithm is its ability to ingest large volumes of data and ‘learn’ for itself how to apply its knowledge to future scenarios.

This does not mean that ML is the only option for fraud detection use cases. For specific scenarios, where banks are looking for a narrowly-defined set of parameters, or reacting to a new fraud vector, using rules can be the answer for fraud prevention in real-time.

ML meanwhile is better-equipped to deal with spotting evolving patterns and reacting without instruction or human intervention. In fraud detection, AI can monitor the transaction patterns of a customer and send out an alert if it spots a deviant transaction.

With ML, the system can recognize more comprehensive changes in behaviors and bring in data from elsewhere to build its understanding of what a fraudulent transaction looks like without human influence.

Neural Networks

Neural network technology was born from the need to have an artificial system that could perform “intelligent” tasks similar to those shown by the human brain. The inherent nature of neural networks is the ability to learn and being able to capture and represent complex input/output relationships.

Neural networks resemble the human brain because it acquires knowledge through learning and its knowledge is stored within inter-neuron connection strengths (or synaptic weights).

Traditional linear models are inadequate when it comes to modeling data that contains non-linear characteristics. The real strength of a neural network lies in its ability to represent both linear and non-linear relationships and in their ability to learn these relationships directly from the data being modeled.

Fraud Analytics

Various rule-based anomaly detection methods are already being used by many banks, but they have their limitations. Fraud detection capabilities are vastly enhanced with analytics, giving a whole new dimension to fraud detection techniques.

• • Hidden pattern recognition – Fraud analytics helps identify scenarios, new trends and hidden patterns under which frauds occur. Traditional methods miss out on these aspects.

• • Data integration – Fraud analytics combs through data and combines data from multiple sources including public records and integrates it into a model.

• • Enhances existing efforts – enhances traditional rule-based methods instead of replacing them.

• • Harnessing unstructured data – Deriving value from unstructured data is an unexplored goldmine and fraud analytics helps achieve this. In most banks, structured datais stored in data warehouses. Unstructured data is where there’s a high chance for fraudulent activity to occur. Text analytics plays a key role in reviewing this data and preventing fraud.

• • Fraud analytics along with performance measurement helps to standardize, maintain control and enables continuous improvement.

Entity Link Analysis with Graph Database

Relational databases require datasets to be modeled with sets of tables and columns. By carrying out a series of complex joins and self-joins, rings in such scenarios can be uncovered.These queries complex to build, expensive to run and pose significant technical challenges on scaling. The full extent of this problem becomes apparent as we imagine the exponential explosion that occurs as the ring grows along with the total dataset.

Graphs are designed to convey relationships between data and can help uncover patterns that are difficult to detect using traditional representations like tables. Since they are designed to query intricately connected networks, the graph databases can be used to identify fraud rings in a fairly straightforward manner.

Social Network Analysis (SNA)

The scope of SNA is beyond just social media.The social network is a network of entities connected in a particular fashion. The entities include credit cards, companies, merchants and fraudsters. This can include IP address information, geospatial data, online transactions, and banking data, social media data, call behavior data and other forms of transactional data.

All such data is often stored in unstructured formats in telecom registries, social media, payment gateways or bank servers. There are methods to probe such large networks of relationships and establish suspicious patterns of behavior through graph database technology that has been specifically developed to work with big datasets.

Storing and retrieving interconnected information in a native ‘network graph’ format can deliver interactive network visualizations that identify links in transaction chains, discover hidden structures, locate clusters and patterns, and apply specialized algorithms to identify suspicious patterns.

Advanced analytics methods such as ML are already applied to detect fraudulent transactions. Along with such analytical methods, SNA with graph databases can significantly reduce the false positive ratio in fraud detection. 

Fuzzy Logic

Fuzzy logic is a method of analyzing financial and non-financial statement data. When applied to fraud detection, a fuzzy logic program clusters information into various fraud risk categories. These clusters identify variables that are used as input in a statistical model.

Expert reasoning is then applied to interpret responses to questions about financial and non-financial conditions that may indicate fraud. The responses provide information for variables that can be continuously developed over the life of the bank.

Continuous monitoring of unstructured data helps analyze sentiments, tones, and elements such as incentive, pressure, and rationalization. Fuzzy logic along with SNA can reveal threats of possible collusion.

In Summation

There’s no panacea yet to have a zero-fraud scenario but implementing stricter checks and measures with a layered approach plus architecting and activating an advanced real-time defense framework that harnesses an ideal blend of relevant best of breed technology, helps take a bank’s anti-fraud strategy to the next level.

References

• 5 Tips to Reduce Banking Fraud – Bank Info Security
• How to Start Using AI to Combat Money Laundering – Bobsguide
• Using AI to Fight Fraud and Money Laundering – Diebold Nixdorf Blog
• Cybercrime Damages $6 Trillion By 2021 – CybersecurityVentures