BITS on Top Fraud Threats to Banks
New Fraud Prevention VP on Latest Trends, Strategies
One of the top, and often overlooked, threats facing financial institutions is tax fraud, says Nancy Guglielmo, who oversees the Fraud Reduction Program for BITS, the technology policy division of The Financial Services Roundtable.
"We're focusing heavily on income tax fraud," she says during an interview with Information Security Media Group [transcript below].
"It's been quite an issue for the financial institutions, [and] it's really amazing how much this type of fraud has grown in the last couple of years," Guglielmo says. "The IRS is struggling with this issue."
The increase in income tax fraud is driven by the increase in identity theft. For BITS, the primary objective is to facilitate conversations between its member fraud experts and representatives from the IRS.
"We have had several long discussions with them and it has been very fruitful," Guglielmo says. "This has allowed our [bank] members to share their best practices in the area of ID theft, prevention and detection, and for the IRS to provide information about their efforts and processes."
BITS also is focused on gathering information on the various red flags related to tax fraud. "This [then] allows the financial institutions to help the IRS, so when they see issues, they'll have better information about who to contact at the IRS and how to get that information to them quickly," Guglielmo says.
During this interview, Guglielmo discusses:
- How BITS' fraud prevention program fulfills BITS' mission to address emerging areas of banking risk;
- Why synthetic-identity detection is becoming increasingly critical; and
- Steps BITS takes to help institutions establish more direct lines of communication with federal authorities and investigators for information sharing about emerging fraud trends.
At BITS, Guglielmo defines, manages and implements projects and best practices of interest to BITS' member banks. She is focused on identifying trends and examining risks associated with fraud threats through information-sharing forums and collaboration with law enforcement agencies, federal regulators and technology service providers. Before joining BITS, Guglielmo served in a variety of roles at HSBC, an international financial services company, including management positions in fraud policy, fraud strategy as well as privacy and security. Before HSBC, she worked at Household Credit Services, the Department of the Navy and AT&T, focusing on information security, business analysis and network and system administration.
TRACY KITTEN: Before joining BITS, you held a number of fraud and security positions at HSBC North America. What can you tell us about your experience?
NANCY GUGLIELMO: A large part of my fraud experience at HSBC was related to credit card fraud. I did spend the last several years in the fraud policy group focusing on deposit-account, mortgage and commercial-account products - the whole gamut. I've developed strategies for fraud prevention and detection that leveraged my operational experience, and this tenure also provided me with insights into the compliance and risk management aspects of fraud risk.
Prior to my fraud experience, I held various IT positions, including global communications, systems operations and contracting in both public and private sectors. These experiences give me a unique perspective in supporting our members, since I can relate to their operational fraud issues as well as their IT limitations and how it all ties into cybersecurity. That's an area that BITS focuses on as well.
Role at BITS
KITTEN: You joined BITS in September. What can you tell us about your role and goals for 2013?
GUGLIELMO: BITS is part of The Financial Services Roundtable, which is a trade organization that supports hundreds of the largest financial institutions in the United States. BITS focuses on strategic issues, where industry cooperation serves the public good, such as critical infrastructure protection, fraud prevention and safety of financial services.
I, in particular, manage the fraud reduction program for BITS. This includes maintaining a trusted environment where the member financial specialists can collaborate, share information, develop best practices and partner with law enforcement. My goals for 2013 are to focus deeper on some of the key ongoing issues, as we talked about, such as income tax fraud and identity theft.
KITTEN: How would you define the work that you do with financial institutions?
GUGLIELMO: The overall mission is to assist members in reducing fraud losses, and we do this by identifying fraud trends and examining risks associated with the current and evolving areas, including payments, mortgages, the remote channel and other various financial products and technology. Our direction and focus are always generated from the discussions that we have with our members, and they provide the guidance. BITS is a very small organization, so we work together with our members and we develop advisories, best practices and white papers on topics and trends of interest for our members. We're currently working on an advisory for our members related to income tax fraud, as well as a training guide for third-party mortgage scams.
Top Fraud, Security Threats
KITTEN: Beyond those that you just mentioned, what would you say are the top fraud and security threats banking institutions face in 2013?
GUGLIELMO: We're starting out 2013 focusing heavily on income tax fraud. It's been quite an issue for financial institutions. It's really amazing how much this type of fraud has grown in the last couple of years, and the IRS is struggling with this issue. This is driven by the increase in identity theft. I really think the No. 1 issue for fraud, at this point in time, is identity theft. We also need to be vigilant in the mobile space, both from fraud and security focuses. Although fraud in this area is not a significant factor, yet, with the increased use of mobile, it's just a matter of time before this becomes a primary channel for criminal actors. This is why, for my program and overall for BITS, the mobile channel has really been a strong focus.
KITTEN: Can you talk a little bit about how the BITS program addresses DDoS attacks and concerns about subsequent account takeover fraud?
GUGLIELMO: There's considerable concern about the DDoS attacks. This has always been a primary focus for our BITS security program. From a fraud perspective, there's always a continued concern that these attacks, including the hacktivist attacks, are being used as a cover for fraudulent activities. You never can let your guard down, and I think that all financial institutions know that.
Besides dealing with the impact to service channels, you have to stay vigilant as far as the fraud aspect is concerned. Basically, how we're helping out is through allowing members to share information among themselves. It allows those that have been impacted to provide information to other institutions that may not have been impacted, yet, and that's really all that we can do at this point in time.
KITTEN: What can you tell us about the efforts that you've spearheaded to encourage more and better communication between the IRS and banking institutions about tax fraud and synthetic identities?
GUGLIELMO: Our work into income tax fraud has been primarily to facilitate those conversations between our member fraud experts and representatives from the IRS. We have had several long discussions with them and it has been very fruitful; this has allowed our members to share their best practices in the area of ID theft, prevention and detection, and for the IRS to provide information about their efforts and processes.
BITS has also been gathering information about the various red flags and, more importantly, the escalation procedures for the financial institutions. This allows the financial institutions to help the IRS in this fight, so when they see issues, they'll have better information about who to contact at the IRS and how to get that information to them quickly.
Our work in synthetic IDs is very much in its infancy at this point in time. The expectation is that we'll be gathering information to help design different aspects of this issue. We'll continue discussions with our member banks and then really come up with some determination about how we can collaborate and have some impact in this area.
KITTEN: Can you give us a definition of synthetic IDs?
GUGLIELMO: Synthetic IDs are those IDs that are made up of various bits of information that do not necessarily all belong to the same individual. A bad actor might pick up a valid Social Security number and use it with a different name, date of birth and address. That information doesn't match up to anything that already exists in the credit world, and through finagling and coordination, they can create that ID in the credit world and move forward with getting credit, getting loans and opening new accounts using that stolen information. It's very different from identity theft, in that there isn't a single person whose information is being used; so it's more of a crime against the bank, as opposed to a crime against a particular individual.
KITTEN: How worrisome are synthetic identities, where links to all types of fraud, even beyond tax fraud, are concerned?
GUGLIELMO: In reality, synthetics don't really play a part in the income tax fraud world. The IRS is matching up the name and the Social Security number with the Social Security Administration information, so it's not possible to submit an income tax refund or return with a synthetic ID. The name and Social Security number have to match up there. It's really not in that area. It's more for the financial institutions themselves, and we're just starting to get a handle on how big of an issue it is. Very often, it looks more like a credit-abuse issue than a fraud issue. That definition is something that we have to work on.
Fraud Reduction Program
KITTEN: How long has the fraud program been around, and how can banking institutions learn more about it if they're not already aware or involved?
GUGLIELMO: The BITS fraud reduction program has actually been in existence since the late '90s. The basic goal is to bring together the member fraud representatives to share information and gain insight from each other. That has remained consistent. We're generally pretty open about sharing our work with the broader financial-services community. The greatest level of participation in the program, of course, comes with the membership, in either The Financial Services Roundtable or in BITS directly. But there's considerable information out there that's available to non-members on both The Financial Services Roundtable's and BITS' websites.
KITTEN: What about promotion of the program?
GUGLIELMO: We continually reach out to the representatives in our member organizations. We also participate frequently in many of the different industry-related conferences. ... We increase our knowledge on what the issues are and then we can make connections with the industry experts. Since we're constantly arranging speakers on hot topics for our membership, we make a lot of those contacts at those types of events.
In This Together
GUGLIELMO: One of the guiding principles that has always been my thought with fraud is that it's not a competitive issue. This is one of the areas, along with security, that banks can and do work together on through the sharing of information. It's that cooperation, not just in the financial institutions, but in other critical industries as well, that can really help fight cybersecurity and resulting fraud issues. That's kind of the mantra. We're all in this together.