SAS: Protecting the Enterprise: Enterprise Fraud Strategy – Vision and Reality
Posted: 12 July 2010 | Source: SAS
Financial institutions of all sizes are discovering that they need to rethink their approach to managing fraud. The rapid expansion of new products and new channels for customer access has opened up new opportunities to satisfy customer needs. However, this expansion has also opened up the opportunity for fraud that cuts across an institution’s product lines, channels and even geographic regions, as fraud rings attempt to exploit any vulnerabilities they can find.
One key vulnerability that fraud rings always try to exploit is the difficulty of trying to match and correlate data from separate product or geographic silos within an organization. The sophistication and size of fraud rings is rapidly increasing, and so is their ability to “hide” elements of a coordinated attack in diverse products or channels.
Domestic gangs and organized crime rings have become big players, able to mount attacks whose scale and sophistication dwarfs those of just a few years ago. Crime rings in foreign countries pose an even more serious threat, as they launch widespread coordinated attacks, often with the tacit approval or even the active cooperation of a sovereign state.
Different countermeasures are required to meet these challenges. It is often possible to neutralize a small- to medium-scale attack by blocking certain transactions or closing compromised accounts. Large-scale attacks require a more aggressive response. From both an offensive and defensive standpoint, it is important to identify those attacks as early as possible, focus the efforts of the whole organization on countering the threat, and contact the appropriate government agencies as quickly as possible.
Spotting fraud early and moving aggressively to deal with it requires a solid organizational infrastructure that can support these efforts. For many institutions, this means an “enterprise fraud strategy” that coordinates fraud detection and interdiction efforts across the entire enterprise.
All institutions, regardless of size or budget, face conceptual challenges in moving to an enterprise fraud strategy. One conceptual challenge relates to justifying an enterprise fraud strategy in the first place. It is important to identify all the sources of value that a strategy can provide to the organization, including tomorrow’s threats as well as today’s. These justifications must take into account not only the classical ROI-type criteria, but also the “life insurance” value of being prepared to meet future threats that could seriously compromise an organization’s reputation, capital and regulatory status.
Planning the steps to realizing an enterprise fraud strategy poses a second conceptual challenge. No institution has the resources to implement this strategy in one fell swoop. It must be phased in, with appropriate selection of organizational units and implementation of organizational controls at each step of the way, so as to maximize the benefits from this strategy as early as possible.