Insider Threat: How Being 'Noisy' Can Reduce FraudBank of the West's Pollino on Why Covert Monitoring Is the Wrong Approach
Bank of the West's new approach to insider fraud deterrence is focused less on detection, more on keeping employees from committing fraud in the first place. Deputy chief security officer David Pollino says a "noisy" insider fraud program is actually more effective at reducing risk than covertly monitoring employee activity.
"By people understanding that they're being watched, it sometimes changes their behavior - and it changes their behavior in a positive way," Pollino says. "And by changing the environment - creating an environment where there's more visible monitoring that's going on and employees know there's accountability for their actions - that can change behavior and can really help the good employees continue to be good employees, and not convert them into the accidental fraudster."
According to recent research about insider fraud trends conducted by Bank of the West, 6 percent of insider fraud incidents are caught by accident, while only 1 to 2 percent are caught by behavioral monitoring.
So rather than hiding surveillance cameras or the installation of software designed to track an employee's behavior and movement on the network, install cameras in plain view and tell employees that their activity is being tracked, Pollino says.
Being "noisy" about the fraud program that has been implemented could deter an otherwise good employee from being tempted by a chance to steal from the organization or its customers. And that's the overall goal of any well thought-out insider threat program, he adds.
In this interview at ISMG's recent Chicago Fraud and Breach Prevention Summit, Pollino also discusses:
- Why deterring employees from committing fraud is much more effective than catching them in the act;
- How Bank of the West is approaching insider-risk mitigation;
- Why proactive prevention of fraud committed by so-called accidental fraudsters makes such a difference.
Pollino has been with Bank of the West since 2011. Previously, he served as manager of online fraud prevention strategy and analytics for Wells Fargo and was the online risk officer for Washington Mutual. Pollino conducts ongoing research on cybercrime techniques.