10 Ways To Fight Digital Theft & Fraud

IBM touts holistic approach to cybersecurity, counter-fraud, and compliance efforts. Bankers, security experts, and a former White House CIO offer proactive advice.
Break out of departmental silos
Agree on shared measures, goals, and incentivesOnce cybersecurity, transaction-security, fraud, and risk-and-compliance teams
Identify the top assets you must protectFormer White House CIO Theresa Payton, above, advises corporations and agencies to id
Make use of the latest technologies
Make use of the data
Review processes and make "doomsday" plansIt's not enough to implement technologies. You have to walk through plausible secur
Train everyone on security policies and proceduresSecurity and fraud prevention aren't just for related departments. Companie
Work with law enforcement and security groupsDon't wait for an incident before you get acquainted with law enforcement and se
Collaborate across industries
Strike a balance between security and customer experience

The best way to thwart digital theft and fraud is to use a holistic, connected approach that takes advantage of the latest technologies and applies advanced analytics to vast data sets. It's an approach IBM touted at a mid-March event in New York where it brought together more than 100 security, compliance, and risk-management professionals.

IBM promoted new software and services designed to support this approach. Experts, including a former White House CIO and executives from banks, insurance companies, security firms, and government agencies, offered tips and best practices for moving beyond security, fraud, compliance, and risk silos. The stakes are higher than ever, with increasingly sophisticated and global digital criminals now responsible for some $3.5 trillion in losses each year, according the Association of Certified Fraud Examiners.

The most important advice is to break out of departmental silos. It's not that you should consolidate separate departments that address, for example, cybersecurity, fraud, and anti-money-laundering compliance efforts. But these separate groups should collaborate, with shared data, measures, goals, and coordinated incentives.

"If you start sharing information and thinking through processes across that data, it will help you to bust out of those silos," said Theresa Payton, who served as White House CIO from 2006 to 2008. Payton cited two organizations that created working teams across physical security, cybersecurity, anti-money-laundering, fraud, and risk departments. Collaboration helped one of these organizations, a defense contractor, spot a shell company posing as a supplier. As a result, the firm avoided a $500,000 wire transfer tied to a falsified purchase order, according to Payton.

Once you can span silos and share data, the next step is to apply advanced analytics to spot crime. Last year Atlanta-based SunTrust Bank was able to work across departments, pool information, and apply big data analyses to foil a sophisticated deposit-fraud scheme.

"These fraudsters knew more about our bank than some of our own people knew about how we post money to accounts," said speaker Aaron Glover, a senior analyst at SunTrust. "We discovered that we could work better together by establishing protocols for information sharing across anti-money-laundering, corporate security, and the fraud unit."

The upshot was that SunTrust was able to pool a variety of data sets, develop deep analyses to uncover the fraud patterns, and institute procedural changes to thwart the fraudulent deposits. "As a result we were able to save $5.8 million within one year," Glover said.

The New York State Department of Taxation and Finance uses advanced analytics and case-management capabilities -- core components of the Counter Fraud Management Software that IBM introduced -- to thwart $350 million in fraudulent tax refunds per year. Internal auditors who recovered an average of $500,000 per auditor per year a few years ago are now recovering $2.5 million per year due to case-management workflow automation and analytics that flag suspicious returns, said Nonie Manion, the department's executive deputy commissioner.

Other steps experts suggest include identifying and prioritizing the assets you must protect, holding "doomsday" drills to determine how departments will handle an incident, reviewing security policies and procedures with all employees, and working with law-enforcement and security groups to get ahead of cybercrime and fraud schemes. Read on for practical tips and technology advice that your teams can put into practice.

Next slide