IT security experts commented below on the new “2017 Faces of Fraud Survey” of US banks and financial institutions issued today by ISMG Research & VASCO Data Security. Among the study’s findings: a majority of respondents believe today’s fraud schemes are too sophisticated and evolve too quickly to keep pace; just 38 percent of those responding have high confidence in their institution’s ability to detect and prevent fraud; and only 13 percent of respondents believe their organization is identifying fraud in real time.
Avivah Litan, VP and Distinguished Analyst at Gartner Research:
.
Lisa Baergen, APR, MCC, Marketing Director at NuData Security Inc.:
“Banks, financial institutions, and merchants all struggle with ways to preserve customer confidence and loyalty, without hurting their customer’s experience. The five scariest words in the sector are: ‘My bank account’s been hacked.’
“Detecting potentially fraudulent transactions, money movements or new account fraud before they can result in fraud demands a new approach to authentication methods. Solutions based on consumer behavior and interactional signals are leading the way to provide new levels of security at every step in the transaction chain – including financial institutions, consumers, and merchants. As security threats increase, it gives rise to the requirement of an advanced security solution to identify malicious activities and vulnerabilities. The Faces of Fraud Survey confirms that it’s time to adopt machine learning and verification methods that immediately recognize trusted users and optimize their experience, that can’t be impersonated by would-be thieves, and that can invoke stepped up authentication when high risk, highly questionable circumstances call for it.”
Atiq Raza, CEO at Virsec Systems:
“Sophisticated attacks are increasingly flying under the radar of conventional security, which depends on perimeter defense, looking for known patterns of behavior, and patching vulnerabilities if they are discovered. All of these are always playing catchup with fast moving, and innovative hackers. In order to get to the root of modern attacks we need to worry less about incoming threats, and more about detecting and blocking rogue application behavior in real-time.
“The fact that only 35% of banks have deployed multifactor authentication is disturbing. This technology is readily available, easy to deploy, and very effective. While it requires a little more effort for consumers, it also makes them more aware and conscious of security best practices. Banks can insure themselves against financial losses from fraud, but consumer can never recoup the damage of having their identity stolen.”
Christian Lees, Chief Information Security Officer at InfoArmor:
“However, we are also seeing a rise in fraudulent account creation (whether bank accounts, credit cards or loan applications) using PII that has been exposed in large data disclosures. This criminal activity can be difficult to detect, as all of the data matches and appears valid. However, by offering financial institutions the ability to track and monitor third party compromised data disclosures, they can pre-empt this activity with rigorous application.
“As long as threat actors can monetize their nefarious activities, they will persistently seek to profit at the expense of the innocent victims of breach. Thus, enterprises of all size should be increasingly vigilante and seek to continually improve their security posture with products and services designed to alert, notify, pre-empt and defend against such activity. There is not a one size fits all solution. A comprehensive approach leveraging a variety to tools and applications, assessing internal and external risks/exposure should always be deployed.”
John Gunn, CMO at VASCO Data Security:
“Regulations couldn’t possibly keep pace with the sophistication and the evolution of new attacks. So it’s that economic argument we talked about, and it’s about the new tools, the next generation and what’s coming. And that is: unified tools, tools that work with each other that are easier to implement. And fraudsters have a real advantage. If you look at game theory, there’s always an advantage to being the attacker because you can pick that one point of vulnerability when you find it. Whereas financial institutions or their vendor partners, such as VASCO, have to cover a thousand potential points of vulnerability. So it’s a monumental task, and it requires coordination, collaboration and staying on the front end of new technologies.”
Julie Conroy, Research Director at Aite Group:
.
.
Scott Clements, CEO at VASCO Data Security: