By Larry Zelvin
Executive vice-president and head of Financial Crimes Unit, BMO Financial Group
The U.S. $20-dollar bill was once the most counterfeited currency in the world. Countries such as North Korea and Iran – as well as terrorist groups – have all been accused by the United States of printing the $20-dollar bill to fund illicit activities. In 2003, the United States began to print new $20-dollar bills that embedded several security measures such as threads, watermarks, and color-shifting ink to make it much harder to replicate. These changes led to a sharp decrease in the counterfeiting of the bill. It also forced groups that were printing the $20-dollar bill to look for new ways to make money.
Fortunately for them, around the same time, banks were moving away from paper bills to digital currency. The e-banking transformation that revolutionized finance would now also provide criminals the means to multiply their profits at a time when they needed it most.
Across the world’s industrial nations, over 90 per cent of the population is online. This has allowed businesses to move from their dependency on local customer bases to a truly worldwide market to sell their goods and services. Prior to the digital age, criminals needed to be physically present to commit their crimes. Now, using many of the same digital tools that provide convenience to business and their customers, criminals can commit their frauds and launder their money globally and potentially never even leave their homes. In many cases, they don’t even need to do the work themselves – robots can do most of the work for them.
Over the past few years, we’ve seen a series of extraordinary cybercrimes around the world such as the attempted $1 billion heist from the Bank of Bangladesh in February 2016, an $11.5 million dollar ATM cash outs from Bank of India ATMs located in 28 countries during a two day period in 2018, and tens of millions of dollars of losses as a result of Business Email Compromises over the past decade or more.
But that’s just the tip of the iceberg; there are millions of other frauds committed via the internet. They don’t get the publicity or attention of these big events but have a huge impact on businesses and their customers. The broad implications are staggering; the World Economic Forum estimates that the cost of cybercrime to businesses over the next five years will reach $8 trillion – a profit unimaginable during the days of counterfeiting $20-dollar bills!
Any organization with a significant digital component to its operations needs to ensure that they have the security capabilities in place to detect and stymie these criminals. This has typically been done through what can be characterized as a “20th Century” approach to modern day fraud. By and large, when frauds are detected, most organizations today have their information security teams address any technical issues – such as understanding how the attacker was able to obtain information electronically and why security controls didn’t prevent the intrusion or theft.
Meanwhile, separately, their fraud teams deal with the losses for customers’ accounts and what can be done to retrieve the funds.
While most organizations are comfortable with these traditional methods, we need to recognize that there can be a better way. The modern digital era requires partnership – in this case, with cyber and fraud teams working together in an integrated unit.
This fused approach provides a series of advantages:
- An improved understanding of the attackers tradecraft – also referred to as Tactics, Techniques, and Procedures – that enable the creation of enhanced cyber and fraud defenses
- An opportunity to combine what is normally siloed cyber and fraud data into one integrated data lake, which can then provide a more holistic “big data” anomalous detection modeling capability
- A more rapid cyber and fraud response to financial motivated attacks that are part of a campaign (like ATM cash outs) or have a higher cash loss potential (such as the SWIFT attacks), through the utilization of joint cyber/fraud response plans
- Greater organizational efficiencies, as two teams become one
- Fewer attacks and fraud losses, as the attackers return on investment drives them away from organizations which are using this new approach to cyber fraud
Once this capability has matured, there are opportunities to expand this integrated security model by including physical security teams, AML groups, and external partners in both the public and private sector.
As an example that firms may choose to follow, BMO has implemented this fused approach with the establishment of its Financial Crimes Unit (FCU) and Fusion Centre, which integrates leading global security practices to protect the company, its customers, and its partners. It’s designed to ensure BMO is well-protected from current and emerging cyber, fraud and physical security threats, enable the company to predict and prevent those threats, assess and deploy emerging security capabilities across business and technology strategies, and demonstrate leadership to enhance confidence in the company’s security competency. Meanwhile, the Fusion Centre uses a central location with advanced capabilities for predicting and managing threats/events, while also embedding expertise from all banking groups and security-related functions. It also maintains strong linkages to the external environment.
Just as the widespread counterfeiting of the U.S. $20-dollar bill needed a robust new approach to currency security, so too do the growing threats we that we face in the expanding digital age. By developing a closer cyber-fraud partnership initially and then growing it more broadly later, we can better keep organizations, and their customers, safe from those who would steal from them.
About Larry Zelvin
