By John Ginovsky

To the three forces driving bank strategies today—regulation, competition, and technology—a fourth needs to be added: protection against digital-based crimes. Modern criminals more than ever exploit the gaps and blind spots caused by well-managed financial institutions trying to juggle compliance, profitability, and technical relevance.

Ironically, elements of regulation, competition, and tech advances can and are being used to thwart criminals. It’s a complicated situation and crafty crooks are still slipping through the cracks.

IBM has a special team, called “X-Force,” which studies security attack techniques. As examples, its midyear report listed these emerging threats:

•    Teams of professional attackers, through stealth, sophisticated technical capabilities, and careful planning, gain and maintain access to critical computer networks—manifesting as so-called “advanced persistent threats.”

•    A new type of phishing has emerged, called “whaling,” which targets individuals (“big fish”) most likely to have critical information, using information provided at social media sites.

“Although we understand how to defend against many of these attacks on a technical level, organizations don’t always have the cross-company operational practices in place to protect themselves,” says IBM’s Tom Cross.

It’s not surprising those practices are not in place. Ernst and Young recently surveyed a broad range of business sectors and concluded that in general “the threat of security breaches is an after-thought in the rush to adopt new technologies and media.”

“A growing gap is developing between global organizations’ business needs and their ability to tackle new and complex security threats,” says a prelude to Ernst and Young’s report. Adds E&Y’s Bernie Wedge, “For many companies, this means the current mind-set needs to change from a focus on short-term fixes to a holistic, strategic approach.”

Here’s a case where regulation may advance the cause for banks. KPMG in September found that 60% of financial institutions increased investments in anti-money laundering programs since 2007. Says KPMG’s Richard Girgenti, “Despite the high costs of preventative programs, management and board interest in the risks associated with money laundering remained high, amid a growing sense that financial institutions must anticipate regulatory changes to quickly adapt compliance programs and internal controls.”

Of course there’s more to online crime than money laundering. There’s also fraud, both old school and new. Mobile technology, cloud computing, and social media all provide new fraud potential. IBM’s X Force cited increasing instances of malicious malware targeting mobile phones. Ernst and Young found most companies have no controls to mitigate cloud risks, while more than half simply block access to social media sites.

Again, though, financial institutions are not most companies. As an industry, they have to provide all their services, all the time, in all the many ways their customers want, and still make or at least avoid losing money. That’s where competitive pressures and new technology come into play.

Fiserv released research that resonates with E&Y’s call for a holistic approach. The company found a growing demand for a unified platform to deal with money laundering and fraud, including those associated with cards, mobile payments, and internal threats.

“The increase in volume and complexity of financial crimes is driving financial institutions to look more closely at their operations in order to be more accurate and efficient in the processing and detection of these crimes. Inefficient operations are a drain on resources for many financial institutions. As a result we are getting increasing demands for technology that moves financial crime prevention onto a single platform,” says Fiserv’s John Filby.

There’s certainly no dearth of technology vendors willing to come forward, all citing opportunities for greater efficiency and cost savings. Product announcements in just the last couple of weeks include:

•    Open Solutions Inc. partnered with Verafin to provide converged fraud detection and anti-money laundering software.

•    FICO and Infoglide Software collaborated to combine identity and link analysis to a suite of fraud detection and risk management products.

•    ACI Worldwide upgraded its existing product to better identify suspicious activity by flagging unusual user activity.

These and many more solutions certainly are worthy of consideration. However, as much as regulation, competition, and technology can stand up against the bad guys, someone—namely the bank’s top strategists—has to lead the defense.

E&Y’s Bernie Wedge puts it this way: “Today, information security is a board-level priority, and the days of delegating cyber-security are over. The board is accountable for its information security strategy and must have confidence in what it entails and how it is executed.”

Links to sources cited here include:

IBM X Force report: http://www-03.ibm.com/press/us/en/pressrelease/35530.wss

 

Ernst & Young security threat survey: http://www.ey.com/US/en/Newsroom/News-releases/Threat-of-security-breaches-is-an-after-thought-in-the-rush-to-adopt-new-technologies-and-media

 

KPMG Anti-money laundering investment survey: http://www.prnewswire.com/news-releases/us-institutions-invest-more-in-anti-money-laundering-programs-as-majority-see-rise-in-suspicious-activity-says-kpmg-survey-130291933.html

 

 

Fiserv AML/Fraud platform survey: http://investors.fiserv.com/releasedetail.cfm?ReleaseID=614750

 

 

Open Solutions/Verafin converged fraud detection and AML: http://verafin.com/page/946/open-solutions-inc-partners-with-verafin-to-provide-converged-fraud-detection-a

 

 

FICO/Infoglide Software collaboration: http://www.fico.com/en/Company/News/Pages/10-25-2011.aspx

ACI Worldwide fraud management solution: http://www.aciworldwide.com/en/News-and-events/Press-releases/ACI-Worldwide-Launches-Online-Banking-Fraud-Management-Solution.aspx

 

 

About the Author John Ginovsky is contributing editor of ABA Banking Journal and editor of the publication’s TechTopics e-newsletter. For more than two decades he has written about the commercial banking industry. In particular, he’s specialized in the technological side of banking and how it relates to the actual business of banking. He previously was senior editor for Community Banker magazine (which merged with ABA Banking Journal) and was a staff writer for ABA’s Bankers News.