Profiles of Internal Fraudsters

Threats from insiders—employees or partners—aren’t uncommon and they shouldn’t be discounted.

These insider threats can come from several sources:

  • Inside Agent – a person who steals information on behalf of criminals on the outside in return for a bribe or money
  • Disgruntled Employee – an unhappy employee who uses assigned credentials to intentionally destroy data or to harm the organisation
  • Malicious Insider – a person who steals data from a company for personal gain, by using existing privileges to gain access to systems and data
  • Careless Worker – an employee who unintentionally breaks policies, mishandles data or installs unauthorized applications
  • Third-Party – a trusted vendor or an associated application that compromises data security, whether intentional or not

To protect itself and its customers against insider attacks, organisations must put fraud prevention measures in place and regularly evaluate performance. Education and training can go a long way to combat accidental data compromise but it’s harder to identify intentional insider fraud by employees.

85% 

of institutions reported that they lacked insider fraud tools to detect internal fraud or have outdated systems and controls that are not effective enough.

5% 

of an organisation's revenue is lost to internal fraud each year. 

14 months

the average amount of time before an internal fraud case is detected

Case Study: How one bank stopped insider threats


The bank discovered that the process in place, although effective, was highly customised which made it difficult to scale and modify the technology as the bank’s needs evolved. It determined that a cloud-based solution with robust, built-in features would provide more flexibility and give the bank more in-house control.

It turned to Bottomline Technologies to explore upgrade options to its existing fraud solution. Bottomline has been a trusted partner to the bank for more than a decade and worked with it to scope out the fraud prevention requirements, including internal behaviour monitoring needs.

Ultimately the bank chose Bottomline’s Insider and Employee Fraud solution to provide the expanded insider fraud monitoring the bank needed to build a more effective defence against internal threats.

As part of Bottomline’s Fraud and Financial Crime Management solution set, the cloud-based Insider and Employee Fraud platform employs user behaviour analytics to quickly identify unusual user activity and stop harmful actions before the damage is done. The bank was particularly interested in the solution’s unique ability to track all user and account activity in a non-invasive manner, which allowed business to be conducted without interruption.

Other appealing features included seamless connectivity across multiple platform types (i.e. mainframe, internet, mobile) as well as screen-by-screen replay functionality and cross-channel behavioural profiling. With changing work environments and a shift to increased remote employees, the bank realized it required a more aggressive approach to stay vigilant and fight internal fraud.

The upgrade, which the bank implemented directly out-of-the-box (no customization needed) and chose to host on Amazon’s cloud, included a library of more than 100 pre-set fraud detection rules. The fact that the solution was ready to go as is, made it a streamlined implementation process and allowed the bank to quickly strengthen its defences against internal attacks and human error.

The bank chose to activate 70 pre-set rules and Bottomline’s Insider and Employee Fraud now seamlessly monitors the activity of numerous employees, accessing more than 5M accounts, across multiple applications and platforms. This activity equates to 400K internal transactions daily, all monitored in real-time and all tracked with screen-by screen, auditable trails.

Results

With the new solution in place, employee behaviour is now automatically tracked and profiled through the analytics engine, powered by rules-based detection.

The solution allows the banks’ investigation team to efficiently manage and document the process when investigating internal fraud alerts. The Investigation Center feature provides a consolidated view of all relevant activity including alerts, cases and user profiles.

With the new platform in place, the bank was able to enhance its protection against insider fraud and prevent future off-limit access. It plans to expand the monitoring of additional systems with a highly-scalable solution to ensure even greater protection.

Simple User Experience

Why it matters

Although 82% of organisations reported having defences in place to thwart external fraud attempts, only half of those also have systems in place to combat threats that originate within their organisation.

The bank discovered that the process in place, although effective, was highlycustomized which made it difficult to scale and modify the technology as the bank’s needs evolved. It determined that a cloud-based solution with robust, built-in features would provide more flexibility and give the bank more in-house control.

It turned to Bottomline Technologies to explore upgrade options to its existing fraud solution. Bottomline has been a trusted partner to the bank for more than a decade and worked with it to scope out the fraud prevention requirements, including internal behavior monitoring needs.

Ultimately the bank chose Bottomline’s Insider and Employee Fraud solution to provide the expanded insider fraud monitoring the bank needed to build a more effective defense against internal threats.

As part of Bottomline’s Fraud and Financial Crime Management solution set, the cloud-based Insider and Employee Fraud platform employs user behavior analytics to quickly identify unusual user activity and stop harmful actions before the damage is done. The bank was particularly interested in the solution’s unique ability to track all user and account activity in a non-invasive manner, which allowed business to be conducted without interruption.

Other appealing features included seamless connectivity across multiple platform types (i.e. mainframe, internet, mobile) as well as screen-by-screen replay functionality and cross-channel behavioral profiling. With changing work environments and a shift to increased remote employees, the bank realized it required a more aggressive approach to stay vigilant and fight internal fraud.

The upgrade, which the bank implemented directly out-of-the-box (no customization needed) and chose to host on Amazon’s cloud, included a library of more than 100 pre-set fraud detection rules. The fact that the solution was ready to go as is, made it a streamlined implementation process and allowed the bank to quickly strengthen its defenses against internal attacks and human error.

The bank chose to activate 70 pre-set rules and Bottomline’s Insider and Employee Fraud now seamlessly monitors the activity of numerous employees, accessing more than 5M accounts, across multiple applications and platforms. This activity equates to 400K internal transactions daily, all monitored in real-time and all tracked with screen-byscreen, auditable trails.

GET IN TOUCH

Want to learn more about Bottomline's fraud and financial crime management solutions?

Give us a call.

Our solution experts are here to help.

+44 118 925 8250

Chat with us.

Chat with one of our solution experts. We'll recommend the right product to fit your needs.

See how we can protect your business.

Tell us a bit about you and your business and we’ll get back to you with all the information you need.

footer curve