Insider fraud is an embarrassing and ugly subject for financial institutions. The crimes are perpetrated from within their own ranks, and the fraudsters are often trusted, long-tenured employees who perpetrate fraud by performing what are often seemingly routine and innocuous tasks. 

It’s a Catch-22 situation for banks and credit unions. They want to offer their customers quality service. And in doing so, they have to give employees more access to the critical applications and sensitive information that let them serve customers better. Inherent in that trust is the risk that somewhere along the line, an employee might take advantage of the situation.

And, of course, some people do. Insider fraud drains banks of millions of dollars each year. The typical US organization loses 5% of its annual revenue to internal fraud, and the banking industry is the hardest hit, according to the 2006 Report to the Nation on Occupational Fraud and Abuse by the Association of Certified Fraud Examiners.

To tackle the problem more aggressively, banks need to be proactive and catch fraud in its earliest stages—before the large-scale damage is done.

Three categories of internal fraud

Internal fraud can happen in any level of the business, from window tellers and call center representatives to branch managers and top-level executives. Fraud schemes are sophisticated and diverse, but they fall into three main categories.

Stealing money from the bank. In this first instance, fraudsters take money directly from the bank itself. For example, at a bank in the Midwest, an employee on the loan side of the business wrote bank checks every day to title companies and delivered them on her lunch hour. She was also writing checks to herself, her landlord, her credit card companies, and family members, but always in the same amounts of $100-150. Because the amounts matched the typical checks to the title companies, the activity never looked suspicious. But in reality, this employee was stealing tens of thousands of dollars every year.

Stealing money from the customer. In this scenario, the bank employee fraudulently debits the account of a high-net worth or an elderly customer. Often people with large accounts don’t keep track of their average balance. And elderly people are especially vulnerable to this type of abuse because they rely on the employees of a branch to do their banking.

Stealing proprietary data. Theft of personal data is the latest and most alarming trend today, and often involves large organized crime rings. Sometimes the employees are planted by the crime rings themselves. The fraudsters use the personal information of bank customers for a number of identity-related thefts—from draining customer accounts to setting up fake bank accounts in the customer’s name to launder checks.

Catching fraud early

Sizeable internal fraud losses don’t occur overnight. Generally, thefts start small and grow over time. An employee might find a loophole in the system and take only a few hundred dollars. When this person realizes it’s possible to get away with the theft, he or she might try taking gradually larger sums of money over a period of several years—ultimately stealing hundreds of thousands of dollars. For example, the recent Société Générale scandal started with a series of unauthorized actions that escalated into one of the largest employee fraud stories in banking history.

How do banks stop the bleeding? Wary that too many protective measures might inconvenience customers, in the past, banks simply viewed insider fraud as a cost of doing business. They tended to deal with the problem reactively, often catching incidents by accident. For example, a tip-off from a whistleblower or a random manual audit might turn up suspicious activity.

But by the time the bank catches on to what’s happening, it’s too late. The damage is done. The crooks have already drained the accounts or passed the customer’s personal data into the wrong hands. Money, once gone, is difficult to reclaim. Worse, the bank loses even more through investigations, prosecution, and in some cases, public relations efforts to rebuild its reputation.

The key to averting high-dollar losses and protecting one’s brand reputation is in catching fraud in its early stages. And the only way to do that is through implementation of next-generation technology.

Finding clues in the data

The telltale signs of fraud are hidden in the data. And the best solution is one that enables firms to monitor internal activity for signs of fraud—accurately and proactively. It must also enable fast and efficient forensic investigations when fraud is suspected.

Banks use a variety of applications and systems in order to handle millions of transactions a day. It’s an enormous challenge to gather data that exists in so many different formats and locations in order to sift through it for suspicious activities.

Traditional fraud detection systems require banks to build a data warehouse, a costly and rigid approach that only adds another layer of complexity. A better solution is one that is able to aggregate information directly from existing log files, to index the data (similar to how search engines index the internet), and to store it in an event cache. This more flexible, smarter approach enables firms to add new data sources quickly—without costly schema modification.

Once data is stored in a cache, it’s possible to run sophisticated fraud analytics to detect suspicious activities, including using a system of pattern matching—checking the data against a library of fraud schemes. Even better, with an indexing system, investigators who want to research leads can quickly search existing data without the involvement of IT, or having to write custom reports. 

An innovative, flexible solution like the one described enables financial institutions to build a robust strategy against internal fraud, saving millions of dollars each year and securing their reputations from the embarrassment of being deceived and defrauded from within.

Mike Williams is the vice president of business development at Memento Inc., creator of innovative internal fraud detection software for financial institutions. Prior to Memento, Williams worked in White Collar Crime at the FBI, served on The White House Presidential Advance staff, and was posted to the Economic Section of the US Embassy in Athens, Greece.

In order to increase the breadth of its financial offerings, Fair Isaac recently entered into partnership with Memento to deliver the company’s internal fraud detection solution through its global distribution channels.

At the 2008 InterACT Conference in San Francisco (April 27-30), hear how a leading bank benefited by managing proactively against insider fraud.