Fraud Departments - Strong Implementation Authority Is What They Need

By Author: eccuni
Total Articles: 211
Comment this article

The functions of fraud departments are to mitigate fraud by identifying fraudulent transactions and identify the compromised individuals. Those who work on fraud departments are known to be intelligent and passionate when it comes to their industry – combating fraud. But not all fraud departments are exactly the same; some departments are indeed effective in halting fraud dead on its tracks, but there are some who struggle. We cannot blame it to their different solutions against fraud; the main differences rely on the authority and power these departments have, which were given by their company. Without the strong fangs of authority and power, they cannot combat fraud more effectively.

Identifying fraudulent transactions and identify the compromised individuals are not the usual tasks of fraud departments in any financial institutions or other companies. They also work to identify the weakest link in the company's processes and make changes to strengthen those links, thus fraudsters had no rooms to exploit the company. Because fraudsters are looking to exploit the vulnerabilities of every financial institution in order ...
... to get funds from the compromised accounts without blocking the transfer of those said accounts to their own ones.

Unlike the vulnerabilities in the network where one could exploit the codes of the system to gain access to the company's system and exploit them, the vulnerabilities mentioned before are way different. These vulnerabilities are gaps in the process of the company, which fraudsters always seek to exploit. A great example would be opening accounts online. For fraudsters, opening accounts online is an opportunity for them because the information asked can easily be faked, thus enabling fraudsters to have multiple accounts they can control. Exploitation of CVV code is another example; it is the embedded security feature inside the magnetic stripe of the credit card. Fraudsters can exploit this code because some banks do not inspect the said CVV code of fraudsters. Because of this, many banks as well as bank investors were able to lose significant amount of investments.

But all is not lost because these vulnerabilities can be remedied easily; for example problems with CVV codes can be fixed if the bank changes their rules and the system would be drastically improve if a pen test was involved. Financial institutions will then check the validity of the CVV code before conducting any transactions with their client. These way fraudulent transactions can be prevented from ever happening. Some gaps that can be exploited by fraudsters should be changed on how these processes works to prevent any loopholes where fraudsters can easily exploit.

However, there are times when other departments, the one responsible for setting up the process, like opening accounts in the internet easily and granting opportunities to have multiple accounts, provide resistance to the ideas of fraud departments. Resistance can be a problem and if there are no resistances, sometimes financial institutions would only accept very minimal change in their processes.

Furthermore, if the company accepts the change, it would take a long time for it to take effect. The idea would have to go through lengthy amounts of deliberation, research and such before it could be implemented. Then before the necessary changes could happen, the fraudsters would have then milked dry the funds of the bank's clients. However, this can be avoided if there were measure of penetration testing done by a professional who has undergone penetration testing training.

Financial institutions who fail to give power and authority to fraud departments to make important and necessary changes to the processes of banking transactions would end up in a precarious situation. A situation where more fraudsters would know how to steal money from the bank and there is no way the bank can stop them from doing it. Then slowly, bank investors and the bank's clients would slowly withdraw all their investments because they know that their accounts have been compromised. Then the bank has to pay for the lost investments, which would cost them dearly. In the end, the bank or financial institution would lose their credibility, slowly die and had to file bankruptcy because of their huge loss. Everything would not happen if their fraud departments have more power or authority.

Therefore, fraud mitigation and the departments who handle them have to be taken seriously by the financial institutions. They should have the power and authority to influence the processes of the industry. A fraud department in an institution with a better position would be able to protect the organization more from the threats of fraudsters.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications and penetration testing training are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in penetration testing.

More information about EC-Council is available at www.eccouncil.org.