Is Fraud Prevention Misguided?

2011's Attacks May Catch Banks By Surprise

By , January 27, 2011.
Is Fraud Prevention Misguided?

Dave Jevans says most U.S. banks are ill-equipped to fight 2011's newest security threats, such as automated malware attacks.ACH fraud is growing, but are financial institutions really attacking the heart of the problem? The quick answer to that question is "no," says IronKey founder and Chairman Jevans. What banks and credit unions should be focusing on is online fraud, especially on the commercial banking side of the business.

Attacking that so-called heart of the problem is going to require a new way of thinking about fraud, Jevans says. "This is really a new generation of how we think about security. We're coming back to the stage, with customized software, where we have to take a little more responsibility for our end-user's environment," he says. "Institutions need something that can provide authentication and protect against malware."

In essence, Jevans says, the institution needs to have the ability to decide whether it notifies the customer or restrict that customer's transactions, because that customer is in a "known" risky environment. Relying on standardized antivirus tools simply won't make the cut. "I think antivirus tools have their place, but cybercriminals have figured out how to defeat antivirus tools through polymorphic malware," he says. "Every piece of malicious software is different, therefore signature-based approaches won't work, and that's how most antivirus software works."

The truth is, a majority of banks and credit unions, according to results from Information Security Media Group's recent Faces of Fraud Survey, are not prepared to fight this new battle. Sixty-six percent say they have fewer than five staff members dedicated to fraud-prevention -- a sign, Jevans says, that banking institutions are going to be caught off-guard.

During this second part of a two-part interview with Jevans, Jevans discusses:

  • The evolving threats the financial industry will be unprepared to fight in 2011;
  • Why layered security approaches that include education are the only approaches that work; and
  • How the automation of malware attacks, such as Zeus attacks, will turn into the financial industry's worst nightmare.

Editor's Note: This is the second part of a two-part interview with Jevans, who follows up on his conversation about online security, adding insights about phishing and malware trends that stress the need for more channel integration and cross-channel fraud detection. Hear Part 1: Online Fraud: Heart of the Problem

Jevans is the founder of IronKey. His career in Internet security spans more than 10 years, having held senior management positions at Tumbleweed Communications, Valicert, Teros and Differential. Serving on the CEO's technology council at Apple Computer, Jevans helped to develop the company's Internet strategy. He also worked in the advanced technology group at Apple and ran an engineering project involving advanced operating systems. Currently, he serves as the chairman of the Anti-Phishing Working Group, a consortium of more than1,500 financial services companies, Internet service providers, law enforcement agencies and technology vendors dedicated to fighting e-mail fraud and identity theft online.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE RSA Conference: Rise of Cyberinsurance

There may be no single theme at RSA Conference 2015, but cyberinsurance is a recurring hot topic....

Latest Tweets and Mentions

ARTICLE RSA Conference: Rise of Cyberinsurance

There may be no single theme at RSA Conference 2015, but cyberinsurance is a recurring hot topic....

The ISMG Network