Top 10 op risks: fraud and customer data abuse

Fraud and customer data abuse: top 10 operational risks for 2013

carousel-template-card-fraud

target-iconInternal fraud remains, as ever, a high priority for risk managers across the financial sector. Economic downturns are known to generate fraud: as employees come under real or anticipated financial pressure, they face the temptation to steal, or to concoct favourable-looking sales and profits in order to reap higher bonuses or simply to ensure they remain employed.

While national economies remain sluggish, margins tight and unemployment levels high, fraud will continue to be a significant problem. It’s also worth remembering that the average fraud at a financial institution takes between two and three years from inception to discovery – the frauds which began at the nadir of the crisis in 2009 will only now be coming to light – and the lag means that discoveries of losses to fraud will continue to be high for some time, even after (or if) economic growth picks up again.

The long-anticipated rise of Big Data, however, makes fraud an especially dangerous threat in 2013. Financial institutions have welcomed advances in customer data capture and processing – the depth of data available to payment service providers in particular, which have visibility from both the merchant and the customer side, is a godsend for marketing, merchant financing and customer loyalty programmes. But it also represents a tempting target for criminals.

Cifas, the UK fraud prevention service, has tracked a steady and rapid rise in insider fraud over the last five years: it was up 52% in the first half of 2012 compared with the same period in 2011, with theft of customer data up 53% over the same time. This is particularly worrying, Cifas noted, as it reversed the trend seen in late 2011: rings of employees were starting to circumvent anti-data-theft precautions by acting together, preventing the system from noticing a single large data transfer by carrying out several smaller transfers.

Criminal software aimed at data theft such as Flame has also become far more common, now available in kit form, effectively reducing the expertise barrier to entry for this type of crime. And personal data storage devices – MP3 players, smartphones, USB sticks and so on – are now ubiquitous, and represent a dangerous new vector for infection as well as a risk for data loss.

Cifas has also detected a rise in the next step in the chain: identity theft or account takeover, both made far more straightforward by the use of stolen customer data. Identity fraud was up 17% and account takeover up 73% in the first nine months of 2012, the latest period for which figures are available.

Greater mandated information exchange, under legislation such as Fatca and the intergovernmental agreements supporting it, opens the door still further to data theft or misuse. It may also leave banks and other financial institutions vulnerable to penalties under national data protection laws, if their information exchanges are not conducted carefully. Increased reliance on outsourcing involves the same danger, with customer data being sent outside the company’s control to a service provider located in a different country, with less intrinsic assurance of data security, and subject to different laws on privacy – and government oversight.

Top 10 operational risks 2013: Back to introduction

IT sabotage
 

Reputational damage

Incentives and compensation

Fraud and customer data abuse

NEXT: Epidemic disease

Political intervention

Sanctions and AML compliance

Emerging market operating risks

Business continuity and disaster recovery

Failure to enforce internal controls

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Financial crime and compliance50 2024

The detailed analysis for the Financial crime and compliance50 considers firms’ technological advances and strategic direction to provide a complete view of how market leaders are driving transformation in this sector

Investment banks: the future of risk control

This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control

Op risk outlook 2022: the legal perspective

Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from Risk.net’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…

Emerging trends in op risk

Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…

Moving targets: the new rules of conduct risk

How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a Risk.net webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…

Most read articles loading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here