Fighting Fraud in the Re-Set Economy
Such a pleasure to discuss these issues with folks who have a vested interest in banking and security, and I was most pleased to see representation from some of the nation's largest banking institutions, including Bank of America and JPMorgan Chase.
Probably most rewarding for me is ... well, two things: 1) Meeting so many people who are registered on our sites and enjoy our content, and 2) Having folks approach me after the presentation to compare notes and ask "Have you heard about ...?"
If recent incidents have taught us anything, it's that we need to re-set our approach to fraud.
And I've got to say: For as much as I have heard about fraud trends impacting banking institutions and their customers, I definitely heard some new wrinkles from banking/security leaders who are on the frontlines tracking the emerging threats. Suffice to say (for now) that, beyond ACH fraud and ATM crimes, fraudsters are developing some new flavors that we'll be writing about in the weeks ahead.
No surprise, the topic on everyone's tongues is the pending court case between PlainsCapital Bank and its business customer Hillary Machinery over ACH fraud losses and the question of 'What is reasonable security?' It's an emotional question, and people can - and do - argue both sides of the case: It's the business' responsibility to protect itself from malware and fraudsters, but that it's also the bank's duty to educate its customers to these threats. And to notice when $800,000 is being siphoned overseas.
And while no one particularly wants attorneys and judges answering the open question, I get the sense from banking/security leaders that they wouldn't mind some clarifying regulatory guidance about 'reasonable security.'
Had the opportunity to meet some thought-leaders at the event:
Michael Urban, Senior Director of Global Fraud Solutions at FICO, attended my session, and it was a pleasure to finally meet him. Mike has his finger on the pulse of financial crime trends, and I enjoyed comparing notes with him.
Avivah Litan, a Gartner VP who hands down is one of the leading analysts on fraud trends. I've long admired Avivah not just for her insight, but for her willingness to take a controversial stand on issues such as PCI compliance. Great to finally meet her and to sit down over coffee to swap stories.
The over-riding theme of the FICO World event was the "re-set economy." The subtext is that the crash of 2008 has given us all pause to re-think, and in some cases re-start, our businesses, and now we're in the realm of what our kids would call "do-overs." Or as they used to say in the life insurance commercials, "I got a second chance ..."
Harvard professor Michael Porter touched upon the "re-set economy" theme in his keynote address at FICO World, giving examples of businesses that have learned not just how to engage their competition, but to find their competitive edge through being different. Good isn't good enough, Porter contends. "The essence of strategy is to find a position in your marketplace that's unique."
The re-set mindset applies neatly to information security, too. There isn't any one fraud vector today - the threats come from all sides and simultaneously. And there isn't any one solution. If recent incidents have taught us anything, it's that we need to re-set our approach to fraud. It's a shared responsibility, the institution's and the customer's, to protect financial and informational assets. To be truly secure, one must accept that what was "reasonable security" yesterday just doesn't cut it today. And no one should require a court decision to realize it's time to try harder in terms of both security measures and awareness.
The fraudsters are all about re-set. They constantly refine and evolve their approach. In the re-set economy, it's time for us to take back our competitive advantage over them.