Organised crime infiltrates financial IT

IT staff and executives of financial firms are acting as moles for organised criminals and stealing sensitive information, says a new report published by antifraud software maker Actimize.


IT staff and executives of financial firms are acting as moles for organised criminals and stealing sensitive information, says a new report published by antifraud software maker Actimize.

Based on the company's research, drawn from interviews with 40 large financial services companies in the United States and the United Kingdom, about 50% of those surveyed indicated they believe they have employed workers who have either been trained or recruited by outsiders to carry out fraud.

Respondents believe that certain employees and IT workers, whose responsibility is handling and protecting sensitive information, are being trained and recruited by organised criminals to steal it.

Eighty-five percent of the respondents have been affected by employee fraud in general, and 65% see the threat becoming even more serious in the future, the survey found.

More than 50% of participating companies admitted their belief believe that only half, or less, of all employee fraud occurring within their organisations is currently being caught.

And while the test group represents a relatively small cross-section of business, it's worth noting that half of the financial services companies interviewed by Actimize claim assets of over $30bn (£14.54bn).

Actimize executives said that there was little doubt among those surveyed that organized criminals are increasingly working inside firms with large volumes of sensitive information to get first-person access to valuable data that can be used by others to carry out fraud.

"People are getting caught and it's clear that they are representatives of organised crime in some way, we had a lot of people telling us unsolicited that they feel that this is actively happening," said Amir Orad, executive vice president of marketing and business development of Actimize. "It's not a fairytale; it's an established method being used by these groups to carry out significant fraud."

Among the factors contributing to the criminal trend are increased access to technology by rank-and-file employees, as well as poor hiring and screening processes within end user firms, according to the report. Data availability and a lack of dedicated resources for fraud detection technologies were other issues identified by respondents as fuelling internal attacks.

More than 75% of those companies surveyed said that they expect insider fraud schemes to grow even more sophisticated, with 73% charting the financial services industry's preparation for such attacks as only "poor" or "somewhat acceptable."

About half of the companies involved in the research said that they have experienced a data theft within the last 12 months, with the cost of the largest such incident within each firm coming in at an average of roughly $875,000 (£424,281) per incident. The largest such incident cited in the Actimize research totalled $6m (£2.9m) in losses.

An overwhelming 70% of respondents said that government regulation or standards regarding employee access to customer accounts and data would actually "hinder" their company's ability to detect or prevent employee fraud.

As with many other types of IT projects, the shortfall in more comprehensive insider fraud protection can be tied largely to a lack of sufficient budgeting for tools such as those his company markets, Orad said.

"We see some visionaries who are making the commitment to buy technology that will help automate the process, and it's a growing group, but it is still a comparatively small minority of all businesses," Orad said.

"All of these companies know that they want to keep their names out of the headlines related to fraud, and most recognise that it is a problem they aren't adequately prepared to deal with, but as with a lot of IT issues, the biggest obstacle appears to be a lack of budget."

"Recommended For You"

Counting the cost of insider crime Just 4% of UK businesses fully confident in their IT security functions