Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here
What We Do
Since 1989, Bottomline has been modernizing global business payments with connected solutions for more than 800,000 financial institutions and businesses in 92 countries.
AP Automation AP Automation For Real Estate Payments Hub
Payouts Automation Payments Processing Receivables Automation Payments Hub
Paymode Pay Vendors Receive Payments Partner With Us
Connectivity Services Message Transformation & Enrichment Message Vault Risk Solutions
Connectivity Services Message Transformation & Enrichment Message Vault Payments Verification Payments Verification for Businesses
Global Cash Management Hub Digital Banking
Global Cash Management Hub
Who We Serve
Our Company
A bank employee, because of their position and access to money, is recruited by a criminal ring intent on skimming from large accounts. Or, struggling with crushing debt, a bank employee starts stealing money by tapping into dormant accounts. Difficult economic times or disruptive world events—such as the current ongoing COVID-19 pandemic—can also create new opportunities to stimulate financial fraud. Digital technology can make it easier and more tempting. It’s no surprise that insider fraud is a stepped-up problem for banks.
A January 2020 report by Aite Group[1] warned that financial institutions should prepare for a resurgence of insider fraud in 2020. Forty-eight percent of financial institutions (FIs) surveyed stated that the number of employee fraud incidents had increased compared to two years ago, with forty-three percent reporting an increase in employee fraud losses. Bank employees need access to customer accounts to do their jobs and they themselves are often customers, so the stage is set for intensified fraud.
Detection of fraud has gotten more challenging over the years with the built-for-speed and openness of the digital banking infrastructure and the growing digital sophistication of bad acting individuals. Yet, 39% of FIs say groups responsible for monitoring employee fraud are understaffed or underfunded, while 83% monitor all employees regardless of position. Traditional fraud prevention measures (such as network-data log reviews) and processes (such as manual audits) are often too slow, ineffective or non-scalable.
Obviously, the best way to combat insider fraud and retain targeted funds is to prevent it in the first place. But the “how” has proven elusive.
Many banks have invested heavily in Insider and Employee Fraud operations, usually consisting of a combination of people, processes and technology, with varying degrees of success.
That’s because insider fraud is inherently difficult to combat. It occurs at the intersection of pressure, rationalization and opportunity in humans, according to early criminologist Dr. Donald Cressey (considered the father of the so-called Fraud Triangle.)
Financial institutions can’t control pressure (“I really need this money”) or rationalization (“I have no other choice” or “It’s only a little, and I’ll pay it back before anyone knows it’s missing”) But they can control the level and ease of exploiting opportunity.
Banks have responded with system security, roles-based access control, policies like separation of duties, and dedicated Insider/Employee Fraud (IEF) operations aimed at discovering, investigating and shutting down fraud. Ideally preventing incidents from ending up in the newspaper, where it can undermine the institution’s brand and/or create a loss of customer confidence.
Unfortunately, when that happens, it’s too late. Therefore, the name of the game in today’s IEF protection is reducing time-to-deterrent: how fast you can shut down opportunity. Savvy FIs are using next-generation behavioral-based technology that:
The use of behavior-based interdiction technology in bankingisn’t new, however the demands on its functionality are changing.
Specifically, bank insider-fraud squads today need to be able to:
Read (or identify)what people are doing at all times, at a granular level: screen-by-screen and step-by-step. Collecting and analyzing clicks isn’t enough; it’s a must to identify individual actions and link them with related business processes across the organization in real-time. Behavior is constantly changing, moving faster and becoming more obscure. Forget downloading purloined account information to a thumb drive: today, anyone can take a photo of an account screen and message it to oneself or a co-conspirator. Banks need the equivalent of a videocam or a nannycam, along with the ability to analyze all that streaming, visual data in real time.
Respond to the behavior in real time. This includes real-time, relevant and granular alerts, and easy-to-understand graphical displays of activity and analyses. Investigators need to be able to respond to what’s important and not be distracted with false positives, unimportant data points or lack of clarity.
React to the situation with irrefutable evidence, with visual capture of actual actions and digital audit trails. Such evidence shuts down the bad guys (through restitution and/or firing or prosecution) and demonstrates to would-be fraudsters that the opportunity window has closed(a video “short” is worth a thousand words).
Repeat these processes reliably and consistently, as well as continually adapt them to new behavior patterns and “in the wild” events. Analytics guided by AI and machine-learning are critical. They can help identify (and adjust) for emerging trends in penetrating systems: who, what, how they did it, points of vulnerability, and so on.
Newer, AI-based behavior-based monitoring solutions can keep up with the inventiveness of motivated perpetrators and business scale. Banks can now simultaneously monitor behavior cross-channel and across multiple applications and platforms (mainframes, Internet and mobile environments), ideally without invasive monitoring (agents). Pre-set, “out-of-the-box” rules can ease configuration and updates for administrators. Fine-grained, pre-packaged analytics and visual displays for investigators can simplify deployment of sophisticated interdiction.
All of this, of course, takes a lot of computing firepower, making cloud deployment pretty much essential. Today, the devil truly is in the details.
For example: one national bank found that its existing behavior-monitoring solution for tracking internal account activity was having growing pains: too customized and hard to modify. By moving up to a more-modern, cloud-based solution, the bank reports that it now is able to seamlessly monitor the activity of numerous employees accessing more than 5 million accounts and performing 400K internal transactions daily, with screen-by-screen, auditable trails.
“One of the changes needed in the industry is for banks to implement analytics solutions that highlight abnormal patterns and behaviour to detect insider and employee fraud rather than relying on people, processes and whistle-blowers. [1] The 2020 ACFE Report to the Nations cites only 3% of fraud was detected by a monitoring solution which doesn’t mean fraud isn’t occurring, it means that organizations don’t monitor enough with a detection system to identify insider and employee fraud.” – Omri Kletter, VP, Cyber Crime and Fraud Management, Bottomline
Next-generation, cloud-based IEF technology is essential in today’s fight against fraud, but it’s not enough on its own. To be truly effective, it needs to part of a layered defense strategy comprised of:
Banks will only have a real shot at reducing fraud when they have the sophistication to apply behavioral-based interdiction at scale as a seamless part of daily operations.
Meanwhile, count on new challenges to continually emerge. At this writing, remote workforces appear to be semi-permanent in business and a factor in digital transformation. Mobile devices offer ever-creative fodder for “hacks.” Finally, a world riddled with new uncertainties presents fertile ground for new fraud vectors. Banks—singularly and cooperatively—need to push now to keep a hard line, making insider fraud less attractive and less lucrative.
It’s about time (literally).