As SAS took the wraps off of its new Security Intelligence infrastructure last week, it ushered in a relatively new tech category: software that provides fraud prevention and security protection in a single platform operating across all delivery channels and an entire bank's business.
SAS Security Intelligence uses a services-oriented architecture (SOA) — a method of leveraging code and data tools to enable software to be reused in different programs and workflows — to build a broad portfolio of fraud and security tools. The software provides data integration across departments, business intelligence for analysis of transactions and systems access, compliance reporting, activity monitoring, and search queries. There are also tools such as case management, workflows and governance that can be used to provide actual security. All of these tools work together to locate, analyze and attempt to prevent threats in areas such as web crime and payments fraud and respond to an incident.
Along with competitors such as NICE Actimize (NICE) and BAE Systems Detica (BA), SAS is attempting to sell financial institutions on the idea of centralizing different parts of fraud and security prevention. Such software is intended to make security risk management more agile and manageable as firms attempt to combat broader threats in a multi-channel environment while containing expense.
"The goal was to bring these commonalities together into a single platform," says Stu Bradley, senior business director for security intelligence solutions for SAS. "There's been a drive in insurance, banking and government to build an enterprise approach to combating security threats and risk." Many of these activities — such as locating suspicious behavior by consumers or unauthorized access by internal staff, have often been handled by different point solutions in the past.
"Fraud and security are typically handled separately," says Avivah Litan, a vice president at Gartner, adding that the growth of more sophisticated fraud and security threats that work across different parts of a business is attracting new tech solutions that attempt to address a mix of internal fraud, physical security and digital channel threats.
"A lot of the attention over the [recent] years has been on online banking, but now crooks are stepping up focus in other areas such as call center fraud, and are coming up with different ways of committing card fraud, as well as the coming of mobile fraud …[in this environment] you need a holistic approach," Litan says.
SAS, the Cary, N.C. firm, is also attempting to reduce time to market and response time via a hosted program called SAS on Demand that allows some assets to be shared across different clients, avoiding some procurement and IT deployment processes. "With new payments cards and mobile technology such as NFC, it can be tough for institutions to keep up with that. In order to do so, it requires the ability to address threats vary rapidly," Bradley says.
Not surprisingly, other tech firms say they are also on the case when it comes to combining fraud detection and security.
"In the past, at a bank one group handled anti-money laundering and another group handled fraud, for example," says Amir Orad, president and CEO, NICE Actimize. "Today, we have a product that looks at malware or determines if a computer has been infected, or also if a suspicious transaction has been committed. We can combine the two data points to realize there's more of a likelihood of suspicion of a crime."
NICE Actimize sells a platform that manages fraud, insider abuse and money laundering by tying together information across disparate systems and identifying high risk activities through analytics. The firm has recently extended these capabilities to include physical security and cyber security systems in an attempt to provide a complete view of the threats facing an organization. The firm argues an integration of fraud detection and physical security is necessary to prevent crooks from exploiting gaps where disparate systems at a bank are disconnected.
Orad says one of the firm's clients, Portuguese bank Millennium BCP, has deployed a system that monitors all activities at branches. The security system views cameras at branches to locate odd or off-hours access, then matches that to analysis of ATM or web use to detect unusual activity. "We can combine the two security methods to get a better view of what's going on at terminals," Orad says.
BAE Systems Detica in April launched NetReveal On Demand, a SOA offering that includes hosting and cross-channel integration to combine fraud detection and prevention. In a statement to BTN, Vishal Marria, director of financial services for Detica NetReveal, said the hosting option is designed to attract smaller firms that have IT budget restrictions by spreading the cost of fraud and security over several years.