Tuesday, April 15, 2008

It's Not Just IT Security -- It's Also Fraud

Here's two interesting reports about fraud from the recent RSA 2008 conference that ended last week in San Francisco. Unfortunately, I couldn't make it this year, but maybe next year.

Fraudsters are exploiting multiple channels to attack online banking, according to SearchFinancialSecurity.com and SC Magazine.

What makes this interesting is that these types of attacks aren't necessarily blocked by traditional authentication and access management. They blocked by reviewing transactions themselves behind the scenes, watching for suspicious patterns. Of course, out-of-band and two-factor authentication might slow down these types of crimes.

But essentially they can't be caught by traditional risk assessments because they're not really breaches of IT security controls.

My point? IT security and fraud have to work hand-in-hand. It's not just about IT security anymore. It's also about fraud.


Post a Comment

<< Home