InfoSecurity -- A comprehensive magazine on IT Security (a Security magazine)

InfoSecurity Sep 2009

Back to Contents

Interview

"We see India as the next natural growth engine for us in the region"

As digital network has dramatically changed the way banking is done, it has also introduced significant amount of risk like online commercial wired attacks, credit card fraud, employee fraud etc. simultaneously. To understand current risks associated with digital banking and solutions available from Actimize to prevent those, we recently spoke to Daniel Klein, Regional Manager, Asia Pacific, Actimize.

Daniel Klein, Regional Manager, Asia Pacific, Actimize

1. What is the current global statistics for money transactional risk and what solution do you provide to prevent this?

A Large financial institution recently estimated its annual retail banking fraud losses topped $350 million. AML fines are growing, from hundreds of thousands to many millions of dollars. On top of these tangible threats, managing reputational risk is a major priority for all types of financial institutions. Could you imagine wiring your money to a bank after reading they had a major employee fraud or identity theft incident? The challenge is large and complex and firms need technology solutions to help manage it.

Actimize provides financial crime prevention solutions for financial services firms, offering packaged software applications focusing on fraud prevention, anti-money laundering (AML) and trading compliance. We help monitor and detect suspicious transactions and automate investigative and oversight processes to reduce costs and improve compliance and the bottom line. This is achieved via a modern analytics workflow that allows real-time detection and prevention of suspicious activities.

2. What are the current 'Bank Attack Vectors' in banking industry? Which one among these is most threatful?

Bank attack vectors are numerous and continually changing. Some current and most threatening trends include:
Online Commercial Wire Attacks: The battle against fraudsters is moving to the corporate wire rooms. The increase in wire usage and the nature of the transaction type (i.e. large, fast moving wholesale payment streams) has made this a primary target for organized criminals. Large commercial and treasury wires can average tens of thousands of dollars per transaction and an attack may involve a dozen or more transactions. Because of the big bounty, we’ve seen a dramatic increase in calls from our clients to fight new Trojan and Phishing techniques targeting commercial wire rooms. We’ve even seen Trojans used to cleverly bypass layers of physical hardware security (tokens).

Growth in Card Fraud: Actimize executed a research project in May 2009 that clearly confirmed that ATM/debit fraud claims grew in 2008 and most expect further growth in 2009. Considerable evidence shows that the industry is sustaining damage from recent mass compromise incidents and a number of respondents believe information exposed in recent compromises is currently being leveraged to fuel attacks against financial institutions. Finally, the report also suggests that financial institutions with the latest generation of technology and real-time capabilities are in a much better position to manage emerging risks associated with fraud attacks.

Growth in Employee Fraud: According to an Actimize Employee Fraud survey, financial services institutions know that they have a significant and growing problem with employee fraud and are not fully prepared to handle the threat as attacks from organized crime, dissatisfied staff and financially distressed employees become more sophisticated.

Man in the Phone: MitP blends new and old fraud techniques to trick banking customers into authorizing transactions via the phone channel. MitP builds on the successes realized from Man-in-the-Browser (MitB) attacks in which criminals use Trojans to infect a users' Internet Browser to "modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application." MitP also leverages ‘social engineering', which in this case is the act of using trickery or deception during a phone conversation to convince an individual to divulge information.

3. How serious is the 'Man-in-the-Phone' attack and what do you advice banks to avoid this type attack?

Man-in-the-Phone (MitP) attacks are on the rise as a new variation on an old technique – social engineering. The bad guys just keep on finding new ways of committing the same crime. We first observed it in the UK and have witnessed it spread across multiple regions. We recommend that banks combine cross channel behavior profiling and anomaly detection technologies with better call center processes and training to better address MitP. Call center employees should be trained to listen more closely and ask who originated the call. Attacks may be thwarted or losses minimized if bank employees ask simple (but random instead of static) security questions at various points in the phone conversation when confirming personal credentials. Fraudsters are less likely to trick customers into sharing answers to several security questions.

Actimize is uniquely positioned to detect contact center fraud attacks. The company provides real-time cross-channel fraud prevention for many of the world's banks across phone, IVR, Web, mobile, ATM, Debit and other channels. Its parent company, NICE Systems is the industry-leading provider of recording, monitoring and analytics solutions for managing interactions, security and compliance at enterprises, contact centers, trading floors, branches and back offices. NICE and Actimize offer the industry's first integrated voice and transaction analytics cross-channel compliance solution that extracts insights from trading calls and transactions to boost trading surveillance and investigation, reduce risk and operational costs.

4. What is the rationale behind acquisition of Syfact Business?

Syfact has been used by many of the world's largest and most respected corporations, government agencies and financial institutions including, among others, ING and Rabobank. The company provides innovative investigative case management solutions, best practices and technologies that simplify and enrich the most complex fraud, money laundering, customer due diligence and corporate security investigations. In addition to robust and intuitive investigative tools, a key feature of Syfact’s solution is its ability to permanently store all types of investigative information in a single interlinked database that can be accessed, searched, linked and cross referenced during future investigations and cases. Actimize is working to assimilate these strong components of Syfact, which will improve current and future Actimize solutions.

5. How big is the Web fraud detection market and where does Actimize stand there?

As Gartner defines and estimates, the Web fraud detection market was slightly below $200 million in 2008. Gartner recognized Actimize as the “Leader” in its Magic Quadrant for Web Fraud Detection. Top-tier financial firms, including Bank of America, DBS and Lloyds TSB have selected Actimize’s anti-fraud solutions to protect this channel. Actimize is unique in that it offers solutions that can detect and block fraud in real time, thus stopping losses before they occur.

6. How big is the AML and anti-fraud market in India? Does Indian market behave as like as others markets globally?

An analyst firm recently projected that the global market for financial crime risk management technology, which includes AML and anti-fraud amongst others, will grow to $3.75bn by 2012. India is similar to many regions that have recently deployed new AML and compliance regulations. Because of this increased focus, we expect the Indian financial crimes technology demand to grow at a higher rate than legacy markets. We also see a global trend of AML and anti-fraud consolidation.

Both in India and outside, Companies are seeking to reduce compliance costs through the consolidation of legacy overlapping systems. To help financial institutions address this issue, Actimize’s Risk Case Manager provides a firm-wide approach to address risk and compliance, providing a central platform for holistic case management. More than 100 of the world's top global financial institutions, agencies and regulatory bodies rely on Actimize to increase their insight into real-time customer and employee behaviour, transactions, and activities. As a result, these organisations have reduced and prevented financial crime activities, minimised money laundering exposure, increased investigator efficiency and improved regulatory compliance and oversight.

7. How do you predict Indian market in near future?

India is a major focus for Actimize’s Asia Pacific operation. After successfully penetrating the Japanese, SEA, Australian, and Greater China markets, we see India as the next natural growth engine for us in the region. With the Indian market growing very aggressively both in the sophistication of the services offered, as well as the intensity of fraud and compliance events, we believe Actimize will add a tremendous value to the existing detection infrastructure.

Actimize has already been implemented at more than five sites in India by some of its global clients and has local sales, marketing and a large implementation team on the ground. Actimize also works with a network of system integrators, both local and global. We expect great success in the Indian banking, securities, and insurance sectors, focusing on financial crime prevention.

—By: Daniel Klein, Regional Manager, Asia Pacific, Actimize.