Fraud Management

Fraud Management vs. Security? Risk, Fraud, and Security!

As of now, Fraud Management and Security, including Real Time Security Intelligence (RTSI) and advanced security and threat analytics are commonly segregated from each other. While this at first glance makes sense, given the different corporate buyers, there are three good reasons for a more integrated perspective. On is that the underlying analytical technologies are vastly the same. It is about machine-learning and pattern-based analytics, helping better protecting organizations against fraudulent behavior and attacks (notably, banking fraud is tightly related to threat analytics anyway). It is about Adaptive Authentication, taking the context risk into account when e.g. granting customers access to their bank accounts or employees access from their mobile devices to sensitive business applications.

Moreover, the reason for doing all this is risk migration. Both Fraud Management and RTSI are elements of risk mitigation strategies. Both should integrate with GRC (Governance, Risk Management, Compliance) tools for providing an up-to-date risk view.

In this session, we will look at the similarities and differences, but also the emerging need for better integrating both Fraud Management and Security Management with the overarching GRC view.

Presentation deck

Fraud Management vs. Security? Risk, Fraud, and Security!

Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.

The Organizational Perspective: Should Fraud Management and Security Intelligence Converge?

There are two facets of fraud – the business fraud and the IT fraud. The first is about people e.g. transferring money to accounts they have created for a fake supplier. The latter involves all fraudulent behavior in IT systems, particularly when it leads to financial losses. However, IT fraud includes attackers hijacking accounts of business users, ending up in business fraud. And most business fraud scenarios are related to excessive entitlements and SoD violations. So business fraud and IT fraud are tightly aligned. On the other hand, both business risk management and IT risk management and business fraud management and IT security intelligence (including fraud management) are kept separate in most organizations. The panel will discuss whether this must be the case due to the fact that business organization and IT organization are kept separate or whether and how it should change. And if there should be one approach on fraud management: How must organizations look like, both from the line, the security, and the government organization? Is it realistic to integrate these areas or not?