Monitoring user behavior and understanding that behavior in the context of typical network traffic are keys to building a solid security strategy that protects your organization from employee fraud collusion. It’s important to take that a step further however and also correlate activities in various channels and systems across the organization.

While it’s typical for a business to segregate functions between roles to lessen the opportunities for collusion (e.g. only allowing back office clerks to reactivate dormant accounts but not transfer funds), these restrictions are easy enough to overcome when there’s a team effort to defraud. The back office clerk would only have to work with a teller who does have the authority to transfer funds (but cannot change account status) in order to liquidate dormant accounts. That connection would never be made unless there was an anti-fraud system in place that monitored and correlated all activities across back office, transactional systems, branch offices, e-channels and all other systems.

So to recap: Monitor. Analyze. Correlate. Now to step 4: detecting commonalities in employee actions.

Posted by Boaz Krelbaum