Detect Fraudulent Activities Perpetrated by Employees, Partners and Contractors
An organization’s employees, contractors and partners, especially those with access to sensitive systems and data, pose a serious risk of fraud. Insider Fraud includes not just financial theft, but also the theft of intellectual property (IP), including customer data.
Insider Fraud can be more difficult to detect than other types of fraud because the individuals perpetrating the crime usually have authorized access. These tend to be low-tech incidents that don’t require technical knowledge of systems.
An analysis by the American Bankers Association concluded that 65% to 70% of fraud dollar losses in banks are associated with insider fraud.
Instead insider fraud is generally committed using systems and processes that employees have authorized access to as part of their day-to-day jobs. They can also involve employees working together to defraud the company, like an accounts payable clerk issuing a bogus expense reimbursement to a friend in another department. Given this, it is extremely challenging to identify insider fraud behavior.
Gurucul Fraud Analytics prevents insider fraud by establishing baselines of user behaviors on various data elements such as identity profile data, system entitlements and activities performed by users. It looks at all aspects of a specific user identity, such as his network and application permissions, when and where he normally performs his work activities, which devices he commonly uses, and so on.
To detect insider fraud, Gurucul Fraud Analytics looks at activities from disparate data sources including:
- HR events
- Physical badge access
- Security alerts from EPP/DLP solutions
- Document repositories
- Sensitive data access
- Internet activities
- Core banking systems transactions
Once the baselines of normal activities are established, Gurucul Fraud Analytics compares new activities to the “normal” ones to identify anomalies indicative of fraudulent behavior. High-risk activities that deviate from the baseline such as suspicious loan application submissions or approvals, transaction overwrites, emails to competitor domains or self-personal emails, or unusual physical access to sensitive areas trigger an alert that can drive an automated response workflow to mitigate the threat in real time. For example, it could involve putting a hold on a funds transfer until the alert can be properly investigated.