Fraud Worries Spur New Security Efforts - investors.com - 01 July 2008

High-profile banking scandals, rising worries over fraud and a sluggish economy are spurring closer monitoring of financial transactions — and a flurry of new security products.

More than 80% of Americans in a recent Unisys poll are concerned about identity theft, more than a third extremely so.

In another survey commissioned by risk management software vendor Actimize — a unit of Nice Systems (NICE) — 85% of investment firms said they plan to change their internal risk-management controls in the wake of trading scandals at big banks.

Security firms aim to counter the threat with a slew products and services to fight fraud.

Economic pressures make fraud an especially timely worry, says Amir Orad, executive vice president at the New York company.

"People (including regulators) think that the issues in the marketplace right now are going to create opportunities for traders and other employees to do things they would not do otherwise," he said. "People are making much less money. They have a certain lifestyle they want to maintain. Sometimes they step outside their boundaries."

In a risk outlook for this year, the U.K.'s Financial Services Authority warned that increasing financial pressures on firms, employees and consumers could entice some to commit financial crime, including market abuse and fraud.

Citing greater regulatory pressure after the multibillion-dollar trading fraud uncovered at French bank Societe Generale, Actimize in May launched a system to watch for signs of employee misconduct .

The software resides on computers in a company's back office, monitoring various data sources in real time to look for unusual activity.

Orad says the product checks multiple systems, such as trading or reconciliation systems, in conjunction. So it has a better chance of detecting employees who try to cover their tracks by manipulating transactions across the different systems.

Orad says eight of the 10 largest U.S. investment banking firms use Actimize for trade surveillance, and dozens of institutions have expressed interest in the new product. Actimize's software usually costs institutions a sum in the high six figures to low seven figures.

Meanwhile, an anti-fraud program geared toward a wider corporate audience came out in May from security giant Symantec. (SYMC) Ten to 20 businesses are using Symantec Online Fraud Protection so far, with the strongest uptake among banks and other financial firms.

It's meant to guard against fraud at firms that perform large volumes of financial transactions. Symantec put together a suite of consulting and technical monitoring services for the program and can assign an expert-in-residence to help clients.

Financial firms' worries about phishing drove development of the plan, says Ted Donat, director of product management at Symantec's consulting unit.

Phishing involves tricking people into revealing their account info, often with an e-mail that directs them to log into a convincing-looking fake of their bank's Web site. A similar type of fraud, called pharming, exploits security weaknesses to redirect traffic from legitimate banking sites to fakes.

"When we come to a customer's site, we look at all the different elements of online fraud and come up with a business impact analysis — what is your dollar risk associated with phishing and pharming?" Donat said.

Symantec tailors a program to ensure customers' online authentication services are sufficient and call centers are ready to handle an influx of calls resulting from phishing attacks. The firm also may recommend 24-by-7 online monitoring.

The service includes checking for typo squatting — "setting up 'TedsBank.com' with a z instead of an s," he said — and looking out via hacker newsgroups online for early word of attacks. It blends in some other features too, including data-loss protections for missing laptops and the like, and "shutdown services" meant to speed the job of thwarting fraudulent sites.

"We have cease-and-desist letters in 15 different languages ready to go. We're able very quickly to get these things out to ISPs," Donat said, citing how Symantec's services helped a European bank cope with online fraud threats. "We were able to get these things (such as rogue sites) resolved 10 times faster."

In November, the Federal Trade Commission's "red flag" rules will kick in, requiring financial institutions to have an identity theft prevention program to mitigate identity theft for some kinds of accounts.

The business of data-loss protection specialist Verdasys, which counts more than 100 firms as customers, has been growing about 300% a year, according to Chief Executive Seth Birnbaum. He says clients are concentrated in insurance, finance, manufacturing and tech.

"Almost every company in the world has some demand for data-loss prevention," he said. "They have some information they want to protect better."

BY DONNA HOWELL