Cybersecurity and Fraud Prevention for Financial Services
March 24, 2021
With the onset of digitalization and the proliferation of cyber financial services tools, fraud prevention has become an entirely new discipline. Real-time banking and a plethora of new digital payment channels have been accompanied with an exponential growth in fraud attempts and cyber crimes. However, the growth in cyber crimes has been met with innovations in fraud detection and prevention and advancements in data security.
This virtual roundtable convened thought leaders and leading-edge practitioners from across the financial services industry to share how they are applying innovative technologies to prevent fraud and protect customer data.
Megan D. Crespi, Executive Vice President, Chief Enterprise Technology & Operations Services Officer, Comerica
Johan Gerber, Executive Vice President, Security & Cyber Innovation, Mastercard
Maria-Kristina Hayden, Vice President, Lead for Cyber Wargames, Awareness and Global Engagement, Information Security Division, BNY Mellon
Brian Heemsoth, SVP, Cyber Security Defense and Monitoring, Wells Fargo
Nick Perkins, Director of Fraud Prevention, NatWest
Kate Platonova, Chief Data and Architecture Officer, HSBC
Michael Ruttledge, Chief Information Officer, Citizens Financial Group
Jude Schramm, Executive Vice President and Chief Information Officer, Fifth Third Bancorp
Constantin Von Altrock, Director, CTO Safer Payments, Financial Crimes Insights, Data and AI, IBM
Kartikay Mehrotra, Cybersecurity Reporter, Bloomberg
Click here to view the video of the full discussion.
Here’s what they had to say:
Participants observed that cybersecurity and fraud prevention are interconnected and should be viewed as one system. As Constantin Von Altrock, Director, CTO Safer Payments, Financial Crimes Insights, Data and AI, IBM noted, “when cybersecurity fails to protect our data, and that data is used in criminal activity, our fraud prevention systems are the only remaining security layer that protect us pretty much.”
Maria-Kristina Hayden, Vice President, Lead for Cyber Wargames, Awareness and Global Engagement, Information Security Division, BNY Mellon noted that security has to be multi-layered. As she explained, “Our defenses are what we call defense in depth, we have many, many layers that work together to build a cohesive defense picture.” Hayden further explained,“it’s not all about technology either, there is a huge component of defense that rests in the hands of our staff, and our, in some cases, customers..because unfortunately technology can’t solve everything.”
Continuing the conversation Michael Ruttledge, Chief Information Officer, Citizens Financial Group described his company’s enterprise-wide, end-to-end security approach “We’ve embarked on a very large education program. So, and not just beyond cybersecurity teams themselves, but across the whole company, because, we have to recognize that, security is everybody’s challenge, right? So we’ve made all our engineers go through a security certification training. So they think about how they’re developing the code, we’re deploying multiple levels of automation as we, in DevSecOps, as we move code into production, and we’re scanning it, and we’re making sure there’s no vulnerabilities.”
Johan Gerber, Executive Vice President, Security & Cyber Innovation, Mastercard, agreed with the need to have an enterprise-wide approach and added, “ But I think we have to make a real big effort to demystify the whole topic that we call cyber and move it away from this topic that only elite few people have knowledge to talk about or understand, to really make it something that everybody takes to heart every single day. So I think, every organization needs to have an internal program to really take the thing and push it through into all the different parts of the organization.”
Megan D. Crespi, Executive Vice President, Chief Enterprise Technology & Operations Services Officer, Comerica also noted the importance of not relying solely on technology products, “any software products, any system you put in place, the people, the processes and the products need to continually evolve”. Crespi emphasized that “ it’s that customer, it’s our employees, whether they’re part of cybersecurity, or more broadly the culture across the enterprise, and it’s also our supplier base, making sure that we understand, and that everyone has a shared understanding, concern and focus, on the ways in which they need to protect and defend against the myriad ways that the new kind of threat vectors that emerge on a frequent basis.”
Brian Heemsoth, SVP, Cyber Security Defense and Monitoring, Wells Fargo, discussed how AI and new data science competencies can help find anomalous behavior faster, “being able to tune your data analytics capabilities, adopt AI and machine learning and data science competencies to help your SOC analysts and your engineers really zero in on those anomalous activities and investigate them, is critical to our success from here.”
In addition to what financial service institutions are doing on their own, there was discussion about the importance of working with the financial security community more broadly. Kate Platonova, Chief Data and Architecture Officer, HSBC shared that “Here in HSBC, for example, we’re a quite active participant in the Financial Services Information Sharing and Analysis Center. So it’s the only global cyber intelligence sharing community that is quite focused on our industry. And I think that’s the kind of initiative that helps us all recognize these threats quite early and nip them in the bud collectively. “
An observation shared by participants is that the financial criminals are changing their methods constantly and becoming more sophisticated. Financial institutions must be as creative and vigilant as the criminals. Jude Schramm, Executive Vice President and Chief Information Officer, Fifth Third Bancorp shared an initiative that his company has found helpful, “ We found the thing that has helped us to evolve quickly as well is to develop our own threat intelligence teams that can do our own engineering of solutions that can backstop the commercial product, so that if the bad guys can get behind something, we have another layer that we engage our own engineering teams to build and deploy and catch. And we’ve used that multiple times to take down false websites that are meant to get customers, then provide their credentials. We’ve used that to stop different attacks in ransomware that have made it through the commercial products and prevent them from getting through in our organization.”
Nick Perkins, Director of Fraud Prevention, NatWest, emphasized the role of data in fraud prevention, “The trick, one of the key things here is data, right? As we glue together all the different elements of data across these transactions, across our customers’ activity behavior, across the different sectors that these scams get played over, what we can do is actually get in so that the anomaly starts to stand out. And that really is one of the keys to fraud prevention.”
This Bloomberg Roundtable was Proudly Sponsored By
LinkedIn: Bloomberg Live
Interested in more Bloomberg Live virtual events? Sign up here to get alerts.