Avivah Litan, Vice President and Distinguished Analyst, Gartner Research
Tom Field, Vice President of Editorial Information Security Media Group
Two critical steps that banking institutions need to take in 2014 to help prevent fraud are implementing big data analytics and adopting far more sophisticated customer and employee authentication, says Gartner analyst Avivah Litan.
Big data analytics can help banking institutions more quickly detect early signs of fraud, says Litan, a financial fraud expert and distinguished analyst for consultancy Gartner Research. "We have so many more attack vectors than we used to have. But big data analytics allows companies to get their arms around their data much faster than ever before."
With better data analytics, institutions can get a broader view of what's going on across all their banking channels, which is important for identifying fraud patterns, Litan says in an interview with Information Security Media Group.
She describes an example of how one institution was able to stop a fraudulent wire transfer. "The guys who were watching the big data analytics systems saw the fraud about to take place," she says.
But applying analytics for enterprise-wide fraud mitigation is challenging because of banks' disparate systems that are based on legacy platforms, Litan acknowledges. "As organizations learn to get their arms around data in real time, the systems that they've put in place aren't going to be able to keep up that easily," she says.
Authentication Getting Stronger
Another important fraud-prevention measure for larger banking institutions this year, Litan says, is implementing advanced forms of authentication, such as continuous behavioral authentication, which involves monitoring customers or employees over time.
"It's not like you give someone an account and a credential and they're all set," Litan says. "You have to continuously watch their behavior; watch everything you can about how they navigate, how they use the endpoints and how they use your institutional accounts."
But smaller banking institutions need to enhance authentication is less costly ways, such as by using mobile devices to identify users, Litan says. "Your identity is bound to the phone through a credential, like a certificate or even a password, and preferably also a biometric," she explains.
In a pre-RSA 2014 interview, Litan also discusses:
The top three threats banks face for 2014, including insider risks, social engineering schemes and data breaches that are out of their control;
Regulatory guidance and legislation;
Security challenges banking institutions face because of open architecture.
Litan, a vice president at Gartner Research, is a recognized authority on financial fraud. She has more than 30 years of experience in the IT industry. Her areas of expertise include financial fraud; authentication; access management; identity proofing; identity theft; fraud detection and prevention applications; and other areas of information security and risk. She also covers security issues related to payment systems and PCI compliance.