While the IT security teams are distracted and working to correct or react to DDoS attacks, fraudsters carry out attacks on other transactional activities. And, as noted in this week’s articles, the focus goes beyond taking over individual computers or accounts to target and raid, but taking control of a complete wire system. I’m not surprised at the ingenuity of the approach, but would like to better understand what measures were in place to protect the payment switch and subsequent wire fraud.
In her blog, Avivah Litan, VP, Distinguished Analyst, Gartner, states “One rule that banks should institute is to slow down the money transfer system while under a DDoS attack.” She continues with “more generally, a layered fraud prevention and security approach is warranted.”
When thinking about wire fraud management, the layered approach referenced by Litan, should include:
- inherent wire system security controls such as segregation of privileges, 4-eyes principle, risk limits, amount limits, and complex password control features, coupled with
- a transaction monitoring system capable of profiling and understanding standard behavior and alerting on anomalies in a real-time to mitigate and minimize loss. Only then will
- the combination of these facilitate monitoring holistic spectrum of activities before, during and after wire activities rather than using single line defenses which can be vulnerable
Banking systems will always be a target for fraud schemes as will software and IT infrastructures that move money. Security protocols, fraud and AML prevention and detection techniques must continue to keep pace with potential criminal activity in even the most presumed safe environment – easier said than done with often limited resources. With millions of dollars and reputational risk at stake, the imperative is there in order to achieve peace of mind.
For some additional perspective, check out ACI’s recently published White Paper on wire fraud which gives an overview of what wire fraud is about and the varying tools and tactics the criminals use to commit this type of financial crime. It also covers the legal landscape, case studies and includes recommended best practices to address and combat wire fraud.
Wire Fraud: New Threats & Old by Michael Grillo