Combatting Insider Fraud within Banks

Fraud and Financial Crime

Janice Brown Headshot 1

Janice Brown

Oct 15, 2020

Insider fraud within banks: a story as old as time.

A bank employee, because of their position and access to money, is recruited by a criminal ring intent on skimming from large accounts. Or, struggling with crushing debt, a bank employee starts stealing money by tapping into dormant accounts. Difficult economic times or disruptive world events—such as the current ongoing COVID-19 pandemic—can also create new opportunities to stimulate financial fraud. Digital technology can make it easier and more tempting. It’s no surprise that insider fraud is a stepped-up problem for banks.

Why insider fraud is on the rise

A January 2020 report by Aite Group[1] warned that financial institutions should prepare for a resurgence of insider fraud in 2020.  Forty-eight percent of financial institutions (FIs) surveyed stated that the number of employee fraud incidents had increased compared to two years ago, with forty-three percent reporting an increase in employee fraud losses. Bank employees need access to customer accounts to do their jobs and they themselves are often customers, so the stage is set for intensified fraud.

Detection of fraud has gotten more challenging over the years with the built-for-speed and openness of the digital banking infrastructure and the growing digital sophistication of bad acting individuals. Yet, 39% of FIs say groups responsible for monitoring employee fraud are understaffed or underfunded, while 83% monitor all employees regardless of position. Traditional fraud prevention measures (such as network-data log reviews) and processes (such as manual audits) are often too slow, ineffective or non-scalable.

Obviously, the best way to combat insider fraud and retain targeted funds is to prevent it in the first place. But the “how” has proven elusive.

Shortening time-to-deterrent

Many banks have invested heavily in Insider and Employee Fraud operations, usually consisting of a combination of people, processes and technology, with varying degrees of success.

That’s because insider fraud is inherently difficult to combat. It occurs at the intersection of pressure, rationalization and opportunity in humans, according to early criminologist Dr. Donald Cressey (considered the father of the so-called Fraud Triangle.)

Financial institutions can’t control pressure (“I really need this money”) or rationalization (“I have no other choice” or “It’s only a little, and I’ll pay it back before anyone knows it’s missing”) But they can control the level and ease of exploiting opportunity.

Banks have responded with system security, roles-based access control, policies like separation of duties, and dedicated Insider/Employee Fraud (IEF) operations aimed at discovering, investigating and shutting down fraud. Ideally preventing incidents from ending up in the newspaper, where it can undermine the institution’s brand and/or create a loss of customer confidence.

Unfortunately, when that happens, it’s too late.  Therefore, the name of the game in today’s IEF protection is reducing time-to-deterrent: how fast you can shut down opportunity. Savvy FIs are using next-generation behavioral-based technology that:

  • monitors actual behavior (screen behavior vs. behavior interpreted from traditional log files)
  • analyzes it in real time (vs. after the fact, generally from batch files) and
  • generates irrefutable evidence that quickly identifies perpetrators, deals with them, and provides a visible deterrent to all employees for the future.

Fighting the new insider and employee fraud methodologies

The use of behavior-based interdiction technology in bankingisn’t new, however the demands on its functionality are changing. 

Specifically, bank insider-fraud squads today need to be able to:

Read (or identify)what people are doing at all times, at a granular level: screen-by-screen and step-by-step. Collecting and analyzing clicks isn’t enough; it’s a must to identify individual actions and link them with related business processes across the organization in real-time. Behavior is constantly changing, moving faster and becoming more obscure. Forget downloading purloined account information to a thumb drive: today, anyone can take a photo of an account screen and message it to oneself or a co-conspirator. Banks need the equivalent of a videocam or a nannycam, along with the ability to analyze all that streaming, visual data in real time.

Respond to the behavior in real time.  This includes real-time, relevant and granular alerts, and easy-to-understand graphical displays of activity and analyses. Investigators need to be able to respond to what’s important and not be distracted with false positives, unimportant data points or lack of clarity.

React to the situation with irrefutable evidence, with visual capture of actual actions and digital audit trails.  Such evidence shuts down the bad guys (through restitution and/or firing or prosecution) and demonstrates to would-be fraudsters that the opportunity window has closed(a video “short” is worth a thousand words).

Repeat these processes reliably and consistently, as well as continually adapt them to new behavior patterns and “in the wild” events. Analytics guided by AI and machine-learning are critical. They can help identify (and adjust) for emerging trends in penetrating systems: who, what, how they did it, points of vulnerability, and so on.

Newer, AI-based behavior-based monitoring solutions can keep up with the inventiveness of motivated perpetrators and business scale. Banks can now simultaneously monitor behavior cross-channel and across multiple applications and platforms (mainframes, Internet and mobile environments), ideally without invasive monitoring (agents).  Pre-set, “out-of-the-box” rules can ease configuration and updates for administrators. Fine-grained, pre-packaged analytics and visual displays for investigators can simplify deployment of sophisticated interdiction.

All of this, of course, takes a lot of computing firepower, making cloud deployment pretty much essential. Today, the devil truly is in the details.

For example: one national bank found that its existing behavior-monitoring solution for tracking internal account activity was having growing pains: too customized and hard to modify. By moving up to a more-modern, cloud-based solution, the bank reports that it now is able to seamlessly monitor the activity of numerous employees accessing more than 5 million accounts and performing 400K internal transactions daily, with screen-by-screen, auditable trails.

“One of the changes needed in the industry is for banks to implement analytics solutions that highlight abnormal patterns and behaviour to detect insider and employee fraud rather than relying on people, processes and whistle-blowers.  The 2020 ACFE Report to the Nations cites only 3% of fraud was detected by a monitoring solution which doesn’t mean fraud isn’t occurring, it means that organizations don’t monitor enough with a detection system to identify insider and employee fraud.” – Omri Kletter, VP, Cyber Crime and Fraud Management, Bottomline

And don’t forget a layered defense

Next-generation, cloud-based IEF technology is essential in today’s fight against fraud, but it’s not enough on its own. To be truly effective, it needs to part of a layered defense strategy comprised of:

  • Good cybersecurity systems with basic processes, such as role-based access controls.
  • Good fraud investigators, empowered by AI/ML-driven intelligence and analytics that enable proactive, preventive behavioral interdiction across applications and platforms.
  • Employee training, education and support resources. This ranges from emergency loans for financially stressed employees to truly anonymous ways to report fellow employees who might be stealing.

Banks will only have a real shot at reducing fraud when they have the sophistication to apply behavioral-based interdiction at scale as a seamless part of daily operations.

Meanwhile, count on new challenges to continually emerge. At this writing, remote workforces appear to be semi-permanent in business and a factor in digital transformation. Mobile devices offer ever-creative fodder for “hacks.” Finally, a world riddled with new uncertainties presents fertile ground for new fraud vectors.  Banks—singularly and cooperatively—need to push now to keep a hard line, making insider fraud less attractive and less lucrative.

It’s about time (literally).


For further insights into the payments and banking industries, subscribe now and stay up-to-date on the latest tips, trends, and topics. You can also check out The Payments Podcast, where experts engage each other on the real world factors impacting the payments and banking.

[1] “Employee Fraud: Anticipate a Resurgence,” Aite Group, January 2020. Based on in-depth interviews with 23 financial institutions in September and October 2019.

Janice Brown Headshot 1

Posted by

Janice Brown

Janice L. Brown, president of Janice Brown & Associates, Inc., is a technology startup consultant who writes about the business value of emerging technologies. She specializes in using communications to position technology ventures, develop industry thought leader programs, and sell products. Janice is based in Manchester, NH.
Browse all posts
footer curve