Battling attacks from global criminal networks in the financial sector
Every now and then, banks and financial institutions (and their customers) are targeted by opportunistic hackers, but they are much more worried about those that are smarter, have access to better technologies and knowledge of new techniques, and have considerable funding provided either by organized crime groups or nation-states.
“These organised global criminal networks channel their resources into accessing data, executing attacks and laundering the proceeds of these attacks to further fund their agenda,” says Gareth Evans, a Senior Fraud and Financial Crime Consultant at BAE Systems.
In 2019, he expects the sophistication of these attacks to increase even more.
Striking the right balance
Banks and financial institutions are under ever-increasing pressure to protect their customers’ assets, while at the same time balancing regulatory changes and business pressure to provide optimal customer experience in a very competitive world.
Another balance they need to strike is between showing their security measures to make customers feel safe and obfuscating their processes and procedures so that criminals are unable to exploit them.
“Take the difference between an airport and a super market as an example. At the airport, you have to remove your shoes and belts, laptops, and belongings to pass through scanners. The security is very overt. At a supermarket such systems would discourage customers from entering the store, so instead, security is more subtle with hidden cameras, store detectives and the like,” he explains.
“Banks do a bit of both, at the front they show their security with one time passwords, secure tokens, use of biometrics and so on, while behind the scenes they use a raft of covert techniques to monitor behaviour and identify attempts to steal money, goods or to move the proceeds of ill-gotten gains through the banking infrastructure.”
The customers are given a key (password) to their account door and are tasked with keeping it safe, but as we all know passwords (and to a lesser extent biometrics) have vulnerabilities, they can be captured, guessed or forced, so the bank can’t just rely on them.
In order to spot intruders and stop them from taking the customers’ money or information, they have to be able to tell whether the user who used the right key is the legitimate user, and they do that by understand their customers at a much more personal level through their activity and banking behaviour.
“Financial Institutions are for the most part reacting to the threats by improving their own arsenal. We are seeing advancement in technologies such as the adoption of big data technologies, artificial intelligence and machine learning to enable banks to do better more effective decision making,” Evans told Help Net Security.
“Whether the challenge is fraud or money laundering and compliance, banks are looking to identify the criminals by analysing more data, faster, and with more precision. We are also seeing banks looking beyond the immediate transaction adopting techniques such as social network analytics and network link analysis to establish wider connections for a wider view then in traditional rules based transaction monitoring.”
Finally, financial institutions are also working at getting smarter at managing fraud alerts and cases and filing SARs (Suspicious Activity Reports) through more automation and better operational management.
Information sharing is the key to success
In many other sectors but the financial one in particular, exchanging information about fraud/money laundering attempts should be de rigueur.
“There are a couple of really positive information-sharing initiatives out there at the moment. The first that springs to mind is in the UK: the Joint Money Laundering Intelligence Taskforce (JMLIT) showed that banks, regulators and law enforcement can have a huge impact when they cooperate closely, and achieve real, measurable results,” he noted.
“However, it’s also important to note that, in many cases, banks can be very risk-averse when it comes to sharing data with each other and with the authorities. This is entirely understandable, and so explicit permission from those authorities to banks to share data is often a first step – even where it’s covered by existing legislation.”
Another issue that has to be solved is the problem of internal data sharing.
“There are excellent cultural, hygiene and security reasons for banks to operate with internal compartments or silos, but that can often mean that intelligence, data and information sharing between the fraud, banking compliance and cyber security teams is difficult or non-existent,” he pointed out.
“A lot of banks are wise to this, and we think that breaking down intelligence silos within the organisation in a safe and effective manner can really help create more effective Anti-Money Laundering, Counter-Fraud and Cyber Security teams and better results.”