In order to better understand the means and methods of fraudsters in the digital age, SS&C turned to a panel of industry practitioners representing law enforcement, one of America’s largest banks, a large asset manager, and SS&C’s own experts.
The panel discussed the current state of fraud and the general observation that a more connected world makes it easier to exploit personal information. Once armed, fraud actors have shown incredible creativity in their exploitation of data—all for profit.
The session covered an array of issues with our panelists sharing experiences, concerns, and awareness on ways to break the fraud cycle. The panelists were unanimous that business email compromise, or BEC, continues to be one of the biggest threats to the financial industry - a lucrative target for fraudsters. BEC occurs in many forms, such as government impersonation, false tech support, fake mass marketing, lottery enticement, exploitation of charitable feelings, and many more.
The panelists agreed the biggest strategy is awareness. Our FBI guest panelist stated, “The people who use good procedures to be aware are less likely to be a victim than people who think it won’t happen because it hasn’t happened before.” Roland Chan, Client Cyber Engagement Executive with Bank of America, echoed that sentiment by discussing how fraud is no longer just a technical issue—it’s a people issue. And that the more dialogue we have surrounding people getting in the habit of asking what an email or call is about, the more we can be proactive.
A newer and very effective fraud tactic is “smishing,” or using text messages to obtain sensitive information through mobile devices. Chan discussed how more attackers are going after mobile devices and mobile banking, which is effective because it’s less obvious who the sender is or where the link leads.
Attacks against the elderly and cognitively challenged, in which the fraudsters are family members or other people close to the account holder, represent another growing area of fraud. Martin Orbach, Vice President, Compliance & Analytics Solutions at SS&C, said, “Authentication steps are all great, but…it all goes out the window when a family member compromises the account.” Phil Cantu, CISO for Dodge & Cox, added that we need to change the way we validate individuals and be careful not to ask account holders to verify their identity using public knowledge. For instance, if someone’s mother has a Facebook account that includes her maiden name, asking for an account holder’s mother’s maiden name is not an effective security question.
Dan Thomas, VP of Information Security at SS&C, noted, “Technology has to move forward.” There are generational differences in user experience preferences. Millennials tend to appreciate transparent authentication. Companies need to find a balance between effective security and user experience.
This Deliver 2019 session provided attendees plenty to think about with concentration on understanding central factors to avoid being scammed by anticipating circumstances that could allow for disclosure of personal information. The most important thing to remember when creating a plan to break the fraud cycle is to remove the opportunity!
Thanks to all our clients and panelists who attended our fraud panel. We are looking forward to seeing you in Orlando 2020!
Written by Lisa McLaughlin
VP, Risk Product Development