Though phishing syndicates in Eastern Europe are getting a lot of attention as a threat to banks, some technology vendors are focusing on a danger much closer to home: employees and job applicants.
Employees are involved in most bank theft, according to some analysts.
To help banks identify criminal employees and applicants, International Business Machines Corp. has started offering software originally developed to bar cheats from casinos.
The software was developed by Systems Research and Development, a Las Vegas company that IBM bought in January and renamed IBM Entity Analytics.
Jeff Jonas, who founded Systems Research, said it had several banking customers. As an IBM unit it recently tested the software for a prospective financial services customer, he said.
IBM is concentrating on the bank potential and plans to double the unit's staff to 120 by yearend, said Mr. Jonas, now the unit's "chief scientist."
Casinos have used the software, called Entity Resolution, for more than a decade to spot known cheaters and their associates. But Mr. Jonas said his company realized that it had other capabilities.
For example, he said, the software can spot a phone number or address shared by a thief and an employee or job applicant.
"While we were originally intending to keep the bad guys out, we started finding the bad guys within," Mr. Jonas said.
For banking, the software has been adapted to avoid breaking privacy rules, he said.
This version, called Anonymous Resolution, compares data against several bank lists without disclosing the contents of any list.
The software can also identify customers whose accounts at other banks have been closed because of fraudulent activity. Some later try to open new accounts with a modified name or other identifying data, but the software can establish links to the blacklisted accounts, Mr. Jonas said.
IBM's system can be more effective than relying on public databases - such as the one maintained by the Office of Foreign Assets Control - because much of their information "is so sparse," Mr. Jonas said. Some entries in such databases contain little more than a name, he said.
According to Jacob Jegher, a senior analyst with the Boston market research firm Celent Communications LCC, employees are responsible for at least half of the money banks lose to theft, and at some banks the figure is as high as 70%.
Guillermo Kopp, the director of the cross-industry practice at TowerGroup, a Needham, Mass., unit of MasterCard International, said employees are involved in at least 60% of bank thefts. The percentage has risen in recent years because technology makes information easier to sneak out of banks, he said.
Some employees have figured out how to sidestep data protections as easily as many consumers have figured out how to circumvent the copy protection on music and movies, Mr. Kopp said.
"If somebody wants to commit some kind of internal fraud, it will take no time to realize that there is some way to disguise that information" and steal it, he said. "Attacks are on the rise. It's high time that the financial services institutions invested widely in protecting themselves and detecting these attacks."
Though the IBM software is designed to screen out applicants who have ulterior motives, other companies have developed products to keep tabs on existing workers.
Insurors Bank of Tennessee in Nashville is using a service from Gladiator Technology Services Inc. of Alpharetta, Ga., to watch employee access of computer files and the data they contain, said Anne Cheatham, Insurors' chief operating officer.
The bank uses Gladiator's service "for 24-hour, 7-day-a-week monitoring" of network devices and general security, Ms. Cheatham said.
The service checks for changes in network settings and unusual activity, such as an employee's being given more access to customer data than is appropriate, she said. It also tracks employees' computer use to spot those abusing their data access rights.
Corillian Corp. has said that its Fraud Detection System, which was designed to detect phishers and other scam artists trying to set up impostor bank sites, has also kept out a crook who was planning to apply for a job at a bank and then steal from it.
The man was "electronically casing the joint," said Alex Hart, Corillian's president and chief executive, in a February interview. The man was seeking floor plans and downloading a job application, Mr. Hart said.
