Corporate level backing required for successful fraud prevention

Ensuring fraud prevention strategies are implemented across banks operations requires buy-in from corporate management, according to Rob Rendell, global client success leader for financial fraud prevention and toolset development at IBM.

“Within the large banks there are so many initiatives going on, and in order to get the fraud agenda through and the product agenda through we had to get consensus at the leadership level to drive a common agenda to get the technology, to get the product there at the time of launch, and ensure customer experience,” said Rendell on a panel at the Money 2020 US conference in Las Vegas this week.

A survey published by KPMG earlier this year found 51 percent of 43 retail banks globally had reported a “significant number of false positives resulting from their technology solutions, hampering efficiencies in fraud detection.”

For Jay Kaplan, founder and chief executive officer of Synack, ethical hacking and security assessments within firms must be updated.

“I think one of the big challenges is how disjointed the operational side is from the business. The right hand is not talking to the left hand in a lot of cases. We try to work with customers and help them identify these vulnerabilities in their environment, but a lot of times the business units are not onboard.”

Banks must be clear with customers about their fraud testing, according to David Cass, vice president of cyber and IT risk at the Federal Reserve Bank of New York.

“As you look at how to prevent fraud with security becoming more and more integrated with these new technologies that are moving closer to the customer, you need better transparency in what you are measuring,” he said.

Firms are moving to embed business security officers into their operations with the aim of joining the cyber security teams and business leadership together. But finding technical security skilled workers is a struggle, according to Kaplan.

“In theory while it sounds great, with an estimated 3.5m open cyber security jobs by the year 2021, we can’t hire these people fast enough and until that problem gets fixed the whole notion of having a Biso embedded in your product teams is almost irrelevant,” he said. “I think that attracting technical security talent is so challenging that we need to be focused more on the people that have the business mentality, are focused on organisational management, compliance, and leave the more technical capabilities to external parties.

“Honestly, I think the future of cyber security talent will be in a freelance capacity. These are not people who want to work nine to five in an office cubicle in the same place every single day.”

Related reading