Data Breaches, Insiders and Fraud

0 comment(s)

When most people think of data breaches, they think of the big headline grabbers like Hannaford, Heartland, and TJ Maxx (now disappearing into the distant past, but dredged up every time a big one like Heartland occurs). There are many more, but you get the point. The naïve view of breaches is that they are accidental most of the time, but that notion should have been dispelled by the overwhelming evidence that breaches are often times the result of a premeditated attack. We have seen that these data breaches do result in fraud, sometimes quickly and sometimes as much as two or more years later.

Why can the fraudsters wait so long? Because there is a ready supply of personal data to be had in the fraud underground, a veritable secondary economy with producers, brokers, and buyers.

This ready supply is fueled not just by the “biggies”, but also by a host of largely unreported breaches of various sizes. More often than we care to imagine, these breaches are facilitated by an insider. The kind of thing that makes you cringe. The Hannaford breach was thought to be aided by insiders, because when the incursion was uncovered it was so broad that investigators felt it was unlikely it was an outsider acting alone. (We never heard a resolution on that.) There are hundreds of small breaches that occur for every large headline type breach, and the vast majority is perpetrated with specific intent and purposeful execution.

Recent high-profile news is evidence of that. An employee at a large national bank colluded with 95 (or more) fraudsters to supply them with PCI information such as names, addresses, Social Security numbers, phone numbers, bank account numbers, driver's license numbers, birth dates, e-mail addresses, family names, PINs and account balances. This kind of information can be acted upon quickly ─ and is worth a lot in the underground ─ but may also be stored away for future use. To date, some 300 accounts have been involved with losses amounting to $10 million. I anticipate the number of accounts impacted and dollar loss will rise as more details are uncovered.

This example demonstrates a very real connection between breaches and fraud. It goes to intent, who is perpetrating them, and who is helping. For financial institutions and companies alike, the way forward lies in recognizing this connection and avoiding separating these events in the way we react to them, and more importantly, in the way we monitor activity.

In the online world, the monitoring that is done on the front end needs to be connected to the monitoring done on the back end. By “front end” I mean access attempts and on-line activity as well as non-dollar transactions (such as changes of address or telephone numbers) performed in advance of the financial fraud. This kind of data (and alert) sharing can provide the financial transaction monitoring context and a “heads up” as it evaluates transactions for risk. The industry calls this layered security, and the concept makes sense. It’s us against them. We all have a part to play, and playing as a team we will be so much more effective than as individuals trying to do our solitary best.

Posted in: Account Takeover Identity Theft New Account Fraud Deposit Account Fraud Internal Fraud Credit Card Fraud Debit Card Fraud Collusive Networks ACH and Wire Fraud