Just how big a problem wire fraud has become is a matter of some debate - confusion fueled in part by banks' and businesses' reluctance to speak openly about it. But an alert sent in August by the Financial Services Information Sharing and Analysis Center (FS/ISAC) to its members indicates the problem might be significantly worse than generally thought. According to The Washington Post's Security Fix blog, the confidential alert warns that Eastern European cyber gangs are stealing millions of dollars from small to mid-sized businesses through online banking fraud by planting malicious software on Microsoft Windows PCs and then wiring money to fraudsters.
Wire fraud differs from other sorts of payment fraud because payment happens so much faster, giving an institution little time to catch a suspicious transaction. Most wire payments aren't technically real time, there's usually a 20-60 minute delay, but that's still much faster than overnight ACH or the several days it takes to clear a check. According to a 2009 survey by the Association of Financial Professionals, six percent of companies experienced wire fraud, less than other payment types though still double the rate from two years ago.
Yet banks are giving customers even more power to initiate these wire transfers, including Citibank, ING Direct, and Bank of America. "Wire fraud has always been around, but the problem is manifesting itself differently," says Jacob Jegher, a senior analyst at Celent, "Unfortunately, there is no perfect authentication. If it can be developed by humans it can be broken by humans.
However, that has not stopped banks from seeking out next generation tools to monitor real-time wire payments more closely. Avivah Litan, an analyst at Gartner, says presently there are only a handful of vendors capable of this kind of real-time monitoring, including Actimize, Norkom Technologies and ACI Worldwide.
Actimize recently announced that a top five U.S. bank implemented its fraud prevention solution, which worked so well the bank recouped its seven-digit investment in a mere six weeks. Paul Henninger, director of product management, financial crimes solutions at Actimize, says that banks typically see a four-to-fivefold improvement in lowering false positives - a key metric for increasing ROI - after implementing Actimize. In the top five U.S. bank's case, Actimize detected 73 percent of wire fraud while reducing the false positive ratio to 1:15 compared to the industry average of one out of 50.
Actimize offers a payments risk management framework that combines real-time wire and ACH fraud prevention and message filtering with compliance monitoring capabilities for anti-money laundering, sanctions and watch list filtering. Prior to implementing Actimize, the bank used a rule-based review of wire transactions as part of its core system. The legacy system did not provide the bank with an easy way to identify or investigate suspicious transactions and had very limited ability to stop transactions in real time.
At the big five U.S. bank Actimize found that multiple attacks were tied to Trojan and man-in-the-middle attacks. Perhaps most worrisome, some attacks bypassed physical hardware security layers such as tokens. Given this, Litan suggests using a three-pronged layered approach: strong user authentication, fraud detections and out-of-band transaction verification. She also says banks should consider offering customers tools that safeguard a user's session by creating virtual locked environments that won't allow malware or viruses to touch that session even if the PC is infected.
As for the vendors that provide real-time verification, Litan offers an assessment as part of a recently released report, "MarketScope for Enterprise Fraud Management." In the case of Actimize she writes in part that the optimal use is for "large financial services companies (i.e., large global banks that want one vendor to supply a critical mass of their fraud detection technology) - both for point transaction systems (such as online banking, remote payments and deposit fraud), and for EFM that enables cross-channel/account/product views."
As for ACI Worldwide, she writes "that it has a strong global presence and market share in electronic funds transfer and debit card payments. It is best suited for banks that already use ACI for debit card payment." Meanwhile, Norkom Technologies "provides a full and comprehensive range of EFM capabilities ranging from fraud detection on payment cards, to deposit accounts, account takeover, internal and application fraud, alerts, and case management. It is best suited for large to midsize financial institutions that want an EFM system with broad analytical and fraud detection capabilities that require batch and near real-time fraud detection and transaction blocking capabilities."