The hybrid work environment looks like it’s here to stay, and it continues to be a breeding ground for a dramatic increase in insider fraud. That’s one of the key takeaways from the joint Themis-Bottomline survey report, “Insider Fraud in Banks: The Post-COVID Threat Landscape,” which found that 75 percent of banks perceived an increase in insider fraud risks since the start of the pandemic. The issue is compounded by the finding that 50 percent of survey respondents identified insufficient technology tools as a major obstacle to detecting fraud and collusion.
“The technology employed by many banks is consistently falling short in its ability to prevent and detect insider fraud,” the report found. “Many firms are still relying on outdated and traditional forms of fraud prevention which, while important foundational elements of a fraud prevention strategy, are no longer sufficient and are often undertaken too late, after the damage is already done. Strategies which are proving wanting in tackling the issue without additional technology can include physical document examination, data log reviews, whistleblowing, manual audits and network automated solutions to counter internal fraud.”
The post-pandemic persistence of the hybrid work model has created more opportunity for internal fraud activity. It’s also made it difficult for banks to track transaction activity and monitor the behavior of remote employees while in certain systems. Combine that lack of visibility with the pressure of personal distractions and stressors among workers, and you find 80 percent of respondents seeing a higher risk for insider fraud and data leakage while employees work from home. Without direct supervision and proximity-based whistleblower mechanisms, many of the old means of identifying fraud have been lost, according to the report.
The findings also made clear that the pandemic exacerbated the three factors which make up the Fraud Triangle – opportunity, pressure and rationalisation – setting the ‘ideal’ stage for a “perfect storm” of insider fraud increases. The fraud triangle concept was originally by criminologist Donald Cressey in 1973, and it’s telling that his work is still applicable today, albeit for a different type of criminal.
The hybrid work environment is the main offender for insider fraud growth. The report also went into other “hot spots” to guide banks as they look to root out the problem. Themis listed common hotspots for internal fraud, which include banking call centers that typically field a high volume of transactions; accounting departments where employees have access to highly sensitive customer account and personal information; third-partysee partners (TPP) that have access to the same type of data but who might not be regularly monitored and vetted; and departing employees who may neglect to dispose of company data properly or leak it intentionally if disgruntled.
Understanding hot spots can help banks know where to look for insider fraud, but it won’t stop it. In the current digital banking landscape, detecting fraud is contingent upon the ability of your platforms to detect and prevent fraud and financial crimes in real-time. This can be difficult, even impossible, for banks that still rely on legacy solutions – which, by nature, are no match for the need for real-time detection and prevention.
The uptick in off-site, digital transactions explains why an overwhelming majority of banks (80 percent of respondents) understand the importance and value of using automated technology to combat insider and other types of fraud, including payment fraud. Updating fraud prevention controls with those that use artificial intelligence and machine learning is an important part of any strategy to mitigating your fraud risk.
But dated technology isn’t the only challenge banks face when reevaluating their prevention strategies. The report found that 26% of respondents don’t have the staffing levels required to adequately monitor fraud activity. Nearly double that (50%) find the tools they do have in place are used too broadly. They’re not targeted at the most likely sources of compromise, which can lead to duplicated effort and tax already-strained resources.
“Insider fraud mitigation efforts must be layered with a number of different techniques that approach the threat with flexibility and agility, and from various angles, both basic and high tech,” the report suggested. “Indeed, 73 percent of survey respondents said a combination of tools – including artificial intelligence/machine learning, network analytics, and network monitoring – should be considered to mitigate insider fraud. Such a layered response enables faster detection – and speed is key in deterring future crime by demonstrating the consequences of fraud.”
The Bottomline: The Themis-Bottomline report is most on point when it urges banks to use technology to deter, detect and prevent insider fraud. A more effective approach will allow FIs to monitor evidence of fraudulent employee interactions through user behavior tracking, content analysis, and recording of user activities at the application level through non-invasive network traffic monitoring. This allows the company to reconstruct user sessions via a screen-by-screen replay of suspicious interactions, providing indisputable evidence if unauthorized access or information theft has indeed occurred. This can be done regardless of whether the users work from their homes or from their offices without invading their privacy. Screen-by-screen replay avoids the reliance on log files and gives the maximum amount of information both to the anti-fraud analytics and to investigators. It addresses the challenges of collecting relevant data and conducting effective investigations because the data produces actual evidence rather than log files that often lacks the detail and context of application-level monitoring.