Fighting Fraud: The Bank's Perspective

'Technology Has to Evolve as the Threats Evolve'

By , April 23, 2012.
Fighting Fraud: The Bank's Perspective
Read Transcript

Banking institutions expect significant increases in fraud-fighting resources in 2012. But in which solutions should they invest? Banking CTO Michael Wyffels has some prioritized suggestions.

BankInfoSecurity's Faces of Fraud Survey shows that 58 percent of financial institutions expect to see increases in their fraud resources in 2012. But Wyffels, CTO of Illinois-based QCR Holdings, a $1.7 billion bank holding company, says institutions must guard against overemphasizing technology while ignoring training staff in using manual fraud-detection processes.

"Manual processes can still be effective," Wyffels says. "Sometimes, you can't just use a system to get things done."

As banking institutions review their strategies to fight fraud and conform to the FFIEC's updated Authentication Guidance, an updated risk assessment will prove essential, he says.

"The banks I talk to, they realize that new threats mean additional adjustments at some point," Wyffels says. "It means that we complete risk assessments and we evaluate threats alongside a (security technology) solution's strengths and a solution's weaknesses, hopefully minimizing risk through layers of security."

Banks need to guard against relying on outdated security technology, Wyffels says. "Technology has to evolve as the threats evolve, and technology will always have to follow the evolution of those risks, because we don't know what to expect next."

But to prevent fraud, financial institutions need to go beyond adopting the latest technologies and ensure they have trained staff to identify fraud, such as by reviewing reports or spotting unusual activity, Wyffels says.

During the interview, Wyffels discusses:

  • The critical and increasing role customer and employee education will play in the fight against online fraud;
  • Why financial institutions should implement special social-engineering training and social-engineering vulnerability testing;
  • How core banking systems provided by third-party processors could play stronger roles in helping banks and credit unions mitigate risks and detect cross-channel fraud.

As the CTO of QCR Holdings, Wyffels helps to drive technology investments for three banks in Illinois and Wisconsin. Each of QCR's banks provides full-service commercial and consumer banking, trust, investment services and asset management services.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Banking Malware Taps Macros

Security firms report a sharp rise in the quantity of attacks that use macro code - designed to...

Latest Tweets and Mentions

ARTICLE Banking Malware Taps Macros

Security firms report a sharp rise in the quantity of attacks that use macro code - designed to...

The ISMG Network