While Bank of America was still waiting for a WikiLeaks dump as the new year dawned, WikiLeaks' shadow over the banking industry continues to grow. In late January the site allegedly received insider data provided by a former Julius Baer Bank employee claiming to expose cross- border accounts tied to tax evasion.
There's good reason for the entire industry to be alarmed: Prevailing AML protections designed to flag suspicious transactions won't sniff out "WikiLeaks-style" actions, which skirt most tech guards via hard-to-detect internal access (Aite says it can take 18 months to ID internal fraud); and financial activities that fund WikiLeak-style operations don't raise security eyebrows when viewed in isolation.
But banks do have emerging options on two fronts: new tech solutions that "fingerprint" smartphones and other personal devices like USB ports; and the lesser-known, but potentially very effective, melding of social network analysis, historical versioning and other Web-driven profiling of how users engage both a bank and the outside world.
"It's not only looking at [presence on] social networks, it's looking at relationships between entities, user accounts, links to external people, accessing news reports...bringing unstructured [generally PDF files, emails, blogs] and structured data [generally enterprise information] together to form a picture of what's going on in an environment," says Avivah Litan, a security specialist at Gartner. "It's extremely powerful and it's a promising technology."
Detica and SAS offer versions of social network analysis aimed specifically at banks, and IBM offers an enterprise identity insight product that can be used as part of fraud prevention. Actimize, Norcom and other firms also offer link and activity analysis technology which can be used to track a user's external activity and online relationships.
But the tech's still not ubiquitous among providers and banks. "Not a lot of other vendors have it," says Andras Cser, a senior analyst at Forrester Research. "But it's a low cost way of ID vetting and profiling."
SAS recently signed BB&T and an institution in Spain to use its Enterprise Case Management product; while Detica's client base includes HSBC and banks in the UK.
SAS' ECM includes historical versioning, which enables investigators to view updated changes in a case system, social networking analysis to view networks of people related to a case, and automated network visualizations to understand alerts involving crimes across multiple product lines or organized crime rings.
"We go on site at a bank and see how their operations work..If I were a fraudster trying to run money through a bank, what would I do to circumvent the bank's process?" says Cameron Jones, director of product management for SAS.
The social networking analysis piece works by analyzing records of wire transfers, structured and unstructured text, and regulatory and FinCEN reports to build out a network of a users' financial activity and contacts. The contacts often result in a red flag that a single- dimension search for "unusual" transactions would not spot.
While social network monitoring tracks the movement of money and other communications, the fingerprinting technology surveys the access and use of devices and access to a bank's network to prevent leaks of documents and data. "We try to enforce access to database servers at the application layer, which is more efficient that at the PC layer," says Henry Mayorga, manager of network technology at Baron Capital in New York, which uses technology from Avenda, whose eTIPS product enables IT groups to create policies to tie a user's identity and role to a device type and status, including device-based attributes. Avenda's competitors in network access technology include firms such as Forescout; while firms like CREDANT, Ipswitch and TriGeo guard against the unauthorized use of USB drives to access and copy sensitive corporate information, the main tech culprit in the Wikileaks model.
There are also cultural issues that enable systemic data leak and fraud threats. The siloed nature of financial institutions results in data being decentralized. "Until you have data stored in one secure place with access control mechanisms that registers anytime it's accessed by some one, you'll have 'Wikileaks' type confidential information [exposure]," says Aite senior analyst Julie Conroy McNelley.
