Thirty years ago, our losses occurred at the teller line, with bad checks, or occasionally we'd take losses from shortchange scam artists or an account holder experiencing financial difficulties. Today, however, checks are a major source of losses: con artists, gangs, and organized crime have learned to use computers to produce some of the best counterfeit checks we've ever seen. Using schemes such as social engineering, they've turned our account holders against us. We're now taking losses from lottery scams and work-from-home scams, and soon all financial institutions will be familiar with the new "rebate scam."
If that's not bad enough, telephone, cell phone, and Internet attacks have now become coordinated in a method known as "vishing." In a coordinated vishing attack, our account holders receive e-mails, text messages, and telephone calls informing them that their accounts have been frozen, suspended, or closed for a variety of reasons. After contacting the criminals, the account holder is talked into divulging social security numbers, account numbers, PINs, and passwords that are later used by criminals to compromise the financial institution. Who's behind these sophisticated methods that weren't even considered possible thirty years ago? Organized crime from Asia, Eastern European countries, Russia, and even youth gangs are developing the techniques used to defraud our financial institutions, and a recent report in Canada for the Royal Canadian Mounted Police exposed the fact that criminals are actually retaining experts in our field to assist them in designing attacks against financial institutions!
It seems logical to assume that as financial attacks against institutions change, so should the methods we use to prevent or combat them, but if financial institutions continue to fight fraud with the "silo approach," losses will be astronomical. Traditionally, financial institutions have fought fraud only in the departments where it occurred, a silo mentality in combating crime. Often, the security officer is viewed simply as the "cops and robbers person" or the "bad check collection department," and it's in these sorts of financial institutions that we find people who protect their turf and refuse to discuss the losses that they're taking with staff from other departments. This results in the financial institution having no one person in the best position to oversee fraud losses, coordinate defenses, and communicate with account holders. These walls and barriers will have to be torn down if we're going to defend institutions from coordinated attacks like vishing.
The first step for financial institutions is to create a risk management committee with representation from all departments, including marketing. The goal here is to decide how the institution will respond to an attack via several different channels at the same time. The institution will have to know how to respond to account holders immediately, explaining what is happening, in order to avoid taking losses, losing accounts, or receiving bad press coverage.
The second step is to use marketing and security to educate account holders and the public at large, about the various threats we're facing. In conducting evening programs for the public, I've been amazed at the naïveté of the attendees. The public has little or no understanding of the type of attacks being used to take their money, partly because schools have reduced or eliminated "Introduction to Business" classes that once taught awareness of scams and schemes.
In the future, community programs need to become a major source of education for financial institutions. This, combined with aggressive marketing campaigns stressing security and safety for your financial institution, will help you avoid-or at least reduce-future fraud losses.
Copyright, 2009, Barry Thompson and the Thompson Consulting Group, LLC All rights reserved.
Barry Thompson, CRCM, of Thompson Consulting Group, LLC a firm specializing in Physical Risk Assessments, Security Management and Financial Institution Training Programs, wrote this article. Barry can be contacted at Tgroup@twcny.rr.com or www.tgrouponline.com/.
Copyright, Bankers Online. First published on BankersOnline.com 6/15/09
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
