A recent blogpost by OneSpan has underlined what it sees as four key pillars for financial institutions that are looking to build successful defences against cybercrime.
According to the company, the four key pillars of this strategy are technology, people, process, technology and governance. As the first key pillar, the company noted that technology is commonly discussed when it comes to the matter of defence.
OneSpan highlighted that when it comes to what financial institutions should be looking for in terms of tools and technology, their most important tool with be their fraud monitoring system.
The company said, “In contrast to the more traditional form of fraud monitoring where you are monitoring only financial transactions, today you should monitor all activity on your different digital channels. That means your fraud prevention tools should be capable of complete digital session monitoring, which includes authentication data that often comes from a different device.”
The blogpost went on to detail that from a data perspective, both technical data and business data elements should be used, as it is key for financial institutions to bring together business and technical data to build complete digital profiles on their users and their interactions with the institution’s channels.
Financial institutions may also want to add supporting tools such as case management, data visualisation and analytics software, OneSpan remarked, to help them understand their digital ecosystem better.
The second key pillar – people – may be seen as a clearly invaluable pillar regardless by many. However, the reason OneSpan highlighted them as a key pillar was more linked to choosing the right people, stating that ‘one of the most common mistakes organisations make when investing in fraud prevention tools and technology is to then hand off the operations to the wrong teams’.
OneSpan remarked, “Not all financial institutions have the mandate, focus, necessary skills or even budget for their anti-fraud operations. In many cases, we see the operations handed over to anti money laundering (AML) or transaction monitoring departments that don’t have the right skills and focus to deal with digital banking session information or that don’t have a deep understanding of how a financial cybercrime attack works and propagates.”
This leads to the improper configuration of tools, incorrect investigations and subsequently an overall ineffective fraud prevention and protection of users.
OneSpan continued by saying it has found it is ‘very effective’ when a dedicated team is created in an organisation to focus on financial cybercrime, stating that it is key the team has an appropriate budget, focus and mandate to be successful.
For the third key pillar, OneSpan underlined that while dedicated financial cybercrime defence teams are often new within financial institutions, it is still important to have clear processes and guidelines that can be followed. The company recommends financial institutions to run an attack simulation exercise to test their processes and overall approach to handling an incident.
The last – but definitely not least – important key pillar highlighted in the blogpost is governance.
OneSpan detailed, “When establishing your defence department and approach, we recommend you set up a governance forum around it. The governance forum should have stakeholders from different parts of the organisation, such as business, risk and IT/development. It’s important to have those areas of the business represented when defining your approach, processes and risk appetite. The forum should also monitor the performance of the defence department against its success criteria once operational.”
The full blogpost can be found here.
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst