Fighting Fraud is a Team Effort

July 19, 2012 by Mike Byrnes     No Comments

team21While it’s quite typical for my blogs to take shots at the banks for failing to implement effective security controls, and at the financial regulators for being too slow at releasing guidelines, I think it’s time to emphasize that fighting fraud is a team effort.

By coincidence, my last blog entry, in early July, ended with this exact recommendation. Within a week, news came out that a bank, BankcorpSouth, is suing their customer for failing to adopt security controls, which made it easy for criminals to steal about $400,000.

Interesting. I’ve read several articles about banks counter-suing their customers after a fraud loss. Typically, the bank’s claim is pretty lame. One example is found in a blog on the OceanBank/Patco construction case last year. Well, in the BankcorpSouth versus Choice Escrow and Land Title, the situation is quite different.

As reported by Tracey Kitten at bank Information Security, BankcorpSouth attempted, on several occasions, to get their customer to adopt available security controls to help protect against fraudulent wire transfers:

“In April 2009, when Choice Escrow signed up for the bank’s InView Automated Information Reporting Services, which include account access and management and provide businesses with the ability to schedule wire transfers, it opted out of the dual-control option, the counterclaim says. Later in 2009, Choice Escrow again declined to sign for the dual-control feature after BankcorpSouth asked the business to acknowledge in writing that it had voluntary chosen not to use the feature, according to the counterclaim.”

Dual controls are actually a very old and proven technique used in both the physical world and in online banking. A simple example of dual controls is when two individuals have separate keys and both are required to access a lock (e.g., a security deposit box).

Dual controls are also used online to prevent against unauthorized transactions where, typically, a supervisor will approve a transaction initiated by someone within their department. While dual-control mechanisms are not “bulletproof” protection against advanced fraud attacks, there is a very good chance that the fraud would have never occurred in this particular situation had they been used.

So, let me say it again: fighting fraud is a team effort. As consumers, small-business owners, or CFOs in large corporations, we all need to educate ourselves about the risks of conducting business online. AND, we need to take advantage of the security controls our banks offer to us. Without everyone doing their part, the criminals will quickly exploit the weak link.

Mike Byrnes

About

Entrust product manager Mike Byrnes has more than 20 years’ experience in product management and technology marketing with a focus on internet security and business communication systems. Mike drives product marketing for the Entrust IdentityGuard authentication platform with a significant focus on mobile solutions. In addition to mobile, his background covers identity and access management, fraud detection, malware protection, and email encryption solutions. Mike serves as vertical market prime for Entrust financial services segment, working with large banks across the globe to roll out solutions to their consumer- and corporate-banking client base.

Add to the Conversation