The COVID-19 pandemic has impacted businesses and financial organizations in many ways. One result is the increase in financial crime from within and outside of your organization. The rise of remote employee access, combined with layoffs or disgruntled employees, creates much higher risks for organizations worldwide. From the outside organizations face a rise in Account Takeover (ATO) attacks, fueled by more customers receiving services and making payments online. As some of these new online users are novices they become easy prey to fraudsters and hackers.

This helps form a perfect storm that can’t be held at bay by traditional security measures such as malware detection and unauthorized access controls. To stay one step ahead of criminals, organizations need to evaluate the prevention measures currently in place. And if those measures lack the ability to ‘record and replay’ user behavior, it’s probably time for a fraud prevention intervention.

Traditional fraud monitoring solutions often give organizations a false sense of security, while falling short of providing the protection needed to defend against today’s sophisticated fraudsters.

Many of these solutions rely on information collected from application log files or receive data from the monitored applications through APIs (Application Programming Interfaces). But audit logs don’t always capture the level of detail necessary to stop fraud before it happens, nor does the data provided by applications through APIs. Insight into every action of a potential fraudster whether internal or external is critical for detecting suspicious activity. This includes, for example, inquiries on customer accounts performed by an employee, as this may be used for looking for victim accounts to divert money from.  Such information on employee inquiries is not included in many application audit logs.

It’s also difficult to get a consolidated view into activity across multiple platforms, not to mention clunky and inefficient if it must be pulled and collated manually from disparate sources. Plus, this approach doesn’t offer a holistic view of end-to-end activity. That can get in the way of identifying exact points of entry and/or what data was compromised.

What is ‘Record and Replay’?

When it comes to outfitting your arsenal for fighting financial crime, one of the most critical weapons at your disposal is the ability to record and replay user behavior – for both internal and external users.

Fraud prevention solutions that include the functionality to ‘record’ internal and external user application sessions and allow investigators to visually ‘replay’ sessions screen-by-screen provide a tremendous value when investigating suspicious activity incidents.

Not all offerings are alike, so it’s important to know what to look for when choosing the right solution. Most importantly, it must be able to monitor for threats from any angle – be it an anonymous tip from an employee, a customer’s concern about activity, or an alert generated from a third-party system. And once deployed, a solid prevention platform should include the following in its feature set:

  • The ability to monitor across a wide variety of applications, including those housed in the public cloud (e.g. banking cores, payment portals, CRMs, human resource ERPs)
  • Full visibility into all user activity within the monitored applications, beyond what you’d find in a typical audit log
  • Encrypted recordings that are secured and maintained for future use, including as evidence in court proceedings
  • The ability to receive activity data from monitored systems, with insights generated from an advanced analytics engine using sophisticated AI technology
  • Tailored analytics to identify unauthorized changes to client data, employee policy violations (e.g. snooping), and other suspicious activity

Together, record and replay features provide a compelling and accurate story of all employee, customer, and third-party activity across your systems. Your fraud investigators, security officers and internal auditors get full visibility access to recorded user sessions and the ability to replay them in real time, without – and this is critical – interrupting business operations. The advanced technology inherent to record and replay functionality also speeds up investigation time, freeing up resources and resolving incidents in a timelier manner.

Multi-layered fraud protection that includes a record and replay component can also support regulatory privacy and data compliance efforts by going beyond the audit trail.

At a time when financial criminals are emboldened by ‘crime as a service’ – banding together, syndicating to deploy a slew of attacks on multiple fronts, hammering employees with misleading business email compromise tactics, authorized fraud and account take over efforts – you need a battalion of defenses at your disposal. Record and replay should be a mainstay in your toolkit to stop more fraud when and where it starts.

Subscribe

For further insight into the payments and banking industries, subscribe now and stay up-to-date on the latest tips, trends, and topics. You can also check out The Payments Podcast, where experts engage each other on the real world factors impacting the payments and banking industries.

Posted by Hagai Schaffer

Hagai Schaffer is the Senior VP, Innovation & Technology of Cyber Fraud and Risk Management at Bottomline. With over 15 years of experience in the financial crime market, Hagai drives the creation of innovative products that help organizations reduce risk, prevent fraud and meet regulatory compliance requirements.