28 Jun 2011
Posted in response to Richard McCarthy's blog (posted 23 Jun 2011) "It is time for banks to up the ante against fraudsters" (link to original articles available at the bottom of the blog) by Simon Romp
I agree that customer profiling is a valid anti-fraud technique once data has been compromised, but the priority for banks should still be on preventing data loss in the first place. What recent high profile cyber attacks, such as the Citibank breach have highlighted, is the ever-increasing sophistication of security attacks and the volume of highly personal data that banks hold. With fraudulent techniques continually evolving, banks, just like any other organisation that needs to be trusted, must put themselves under constant scrutiny from both internally led teams and independent audit organisations.
In practice, this means ensuring any new or updated applications, whether internal or external facing, are subject to non-functional test cycles, such as penetration testing, before being trusted with any production data. If banks want to keep one step ahead of their cyber fraudster adversaries, the best thing they can do is adequately protect what is arguably their most value asset - their data.
____________________________________
This blog first appeared on Finextra. Click here to see the entry on the Finextra website
