Commercial Banking

Preventing insider threats: Actions to help protect your business

Fraud Prevention

It’s widely known that internal staff can be one of the biggest threats to a company’s information and security. I’ve recently published a detailed article on this topic in CIO Banking Outlook, and this blog post summarizes several highlights.

Sixtysomething man on the phone while peering through blinds out the window, observing something suspicious outside the window.Two types of “insider threats” have been identified by many security experts: the Accidental Fraudster (good employee, breaking bad) and the Career Criminal. These two problems need to be addressed differently.

Accidental fraudsters

The leading theory of occupational fraud asserts that three factors must be present for fraud to occur: pressure, rationalization, and opportunity. Removing just one of these factors makes it less likely the fraud will occur. An approach we’ve implemented here at Bank of the West is “Be Noisy” to help reduce the perceived opportunity.

Make noise

Banks have multiple controls, but they are not always evident to insiders; therefore they may perceive an opportunity to get away with fraud. Call out unusual behavior with your controls by sending email alerts to employees and managers. Here are some examples of using existing controls in a “noisy” way:

  • Odd-hours access: Nefarious activity commonly takes place after business hours. Create an odd-hours access alert and send an email to the team member, copying the appropriate level of management to ask for an explanation about why access is necessary at that time of day.
  • Excessive fee reversals: Research indicates that negative activity tends to start small and escalate. Finding potential policy violations, like excessive fee reversals, can catch and stop negative behavior before it escalates.
  • Exfiltration of data: Data can be stolen in many ways (e.g., email, web or cloud uploads, and through removable storage). When you see attempts to send large amounts of data in these channels, send an alert to the team member so that the activity is logged and reviewed.
  • Accounts payable: Analysis of accounts payable data cross-referencing employee information may turn up potential conflicts of interests or misappropriation of funds. Investigating phone, address, and other personal information may turn up interesting connections.

These processes only take a few minutes for all parties involved, but they promote the best outcome: Keeping the honest employee honest.

Career criminals

Career criminals will steal from you quickly. Try not to hire them. This is best addressed through good interview methods and background screening. Noisy monitoring can help catch negative behavior early and thus mitigate the damage of a career criminal. These will normally be the true positives in your noisy monitoring system.

I would encourage you to be innovative. The technology investment for these approaches is minimal; in most cases you may be able to leverage existing controls and data.

Read More ›

Masquerading fraud losses top $3 billion

Fraud Prevention

Masquerading fraud (also known as “business email compromise” or BEC fraud, for short) is a type of payment fraud that involves the compromise of legitimate business email accounts.

Read More ›

What mid-market businesses should consider as they expand internationally

Posted by Lisa Roach
Mid-size Business Banking

With your financial partner, start by asking the tough questions up front: Why are you considering an overseas expansion?

Read More ›

Make data a priority in your emergency planning

Fraud Prevention

While you may not be able to prevent a flood, earthquake, or wildfire from damaging your business’s facilities, you can take steps to keep your data safe.

Read More ›

An American wine banker in Europe

Posted by Adam Beak
Agribusiness Banking

Most of the European wine clients I spoke with are looking for greater access to the U.S. market.

Read More ›