Why cybersecurity and anti-fraud teams need to collaborate
Over the past couple of years, there has been unprecedented change in the world of financial services. The shift to online banking has accelerated the need for digital transformation. As a result, financial institutions are adopting a range of innovative technological solutions to ensure business continuity. But while the world’s leading financial services evolved, so did the criminals who use increasingly sophisticated methods to commit fraud.
Synthetic identity fraud
One emergent form of fraud – and one of the fastest growing crimes in the U.S. – is the creation of fake identities for massive thefts. In synthetic identity fraud (SIF), criminals combine information found on the dark web (account numbers, social security numbers), social media (names, identifying information) and other sources to generate phony identities.
These profiles are then used to take out loans and build increasingly larger lines of credit. They patiently make small purchases, pay bills, and improve their credit rating until they are able to secure more substantial credit card limits, personal and vehicle loans. Once they have maximized their credit, they bust out, never to be seen again. A recent FiVerity report has shown that the average SIF theft is $92,000 and in 2020 alone, SIF cost U.S. financial institutions $20 billion.
Understanding the situation
Successful cyber fraudsters have an intimate understanding of the financial and cybersecurity systems that are tasked with detecting them. They know that there is minimal collaboration between financial institutions or even within an organization itself. Because of this lack of communication, once criminals have a successful synthetic identity, they can utilize it in multiple locations.
The need for internal collaboration
For years, many of the world’s largest financial institutions treated financial fraud and cybersecurity as separate departments with differing roles, responsibilities, and threats.
Today’s criminals have identified this vulnerability and now combine tactics that would typically be handled by the different departments. Criminals will leverage AI to perfect fraudulent credit applications while leveraging cybersecurity tactics to conduct fraud at scale.
To combat cyber fraud, financial institutions need to take a more considered approach than simply saying, “The two of you need to talk.” Criminals have done their homework and understand the weaknesses of current detection systems.
Internal cyber and anti-fraud teams need greater education on the problem. They need to understand their adversaries – from the criminal organizations that use automated tools to harvest millions of dollars from SIF accounts, to the small-time criminals who think they’re smarter than the system.
Once they have a clear understanding of the types of criminals and attacks that they’re facing, they need to reassess their approach to identifying SIF. What does each department bring to the table? Where is there duplication of effort that can be eliminated? Where are the holes that are being taken advantage of? Is it time to combine their departments into one macro department that can handle all threats together?
These are the initial questions that need to be answered if financial institutions are to stand a chance of preventing cyber fraud.
As cybersecurity and anti-fraud departments come together, part of the thinking they must bring to the table should include ways to collaborate with their peers outside of their organization. One of the common characteristics of cyberSIF fraudsters is that they reuse the same identity across multiple banks. That is a loophole that can easily be closed through communication and collaboration with other financial institutions, regulators, and law enforcement.
In the past, there were concerns about confidentiality and privacy that prevented any attempts to collaborate. However, the growth of cyber fraud and the amount of money that’s being lost is forcing banks and financial institutions to re-evaluate collaboration outside of their walls. There are new technologies, solutions, and organizations popping up that can help those ready to take the next step.
It’s time to act
It’s time for the industry to take cyber fraud seriously and stop pretending that the old, siloed methods of combating fraud are still relevant. Attackers know the limitations of these approaches and are more than willing to exploit every advantage the current system gives them. Collaboration – both internally and externally – is the only way we can hope to stop cyber fraud.