Organized crime infiltrates financial IT

In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them.

A new report published by anti-fraud software maker Actimize on July 23 says a similar ruse is being carried out inside the walls of enterprise financial businesses, with the same employees and IT workers whose responsibility is handling and protecting sensitive information being trained and recruited by organized criminals to steal it.

Based on the New York-based company's research, drawn from interviews with 40 large financial services companies in the United States and the United Kingdom, about 50 percent of those surveyed indicated they believe they have employed workers who have either been trained or recruited by outsiders to carry out fraud.

Eighty-five percent of the respondents have been affected by employee fraud in general, and 65 percent see the threat becoming even more serious in the future, the survey found.

More than 50 percent of participating companies admitted their belief believe that only half, or less, of all employee fraud occurring within their organizations is currently being caught.

And while the test group represents a relatively small cross-section of business, it's worth noting that half of the financial services companies interviewed by Actimize claim assets of over $30 billion.

Actimize executives said that there was little doubt among those surveyed that organized criminals are increasingly working inside firms with large volumes of sensitive information to get first-person access to valuable data that can be used by others to carry out fraud.

"People are getting caught and it's clear that they are representatives of organized crime in some way, we had a lot of people telling us unsolicited that they feel that this is actively happening," said Amir Orad, executive vice president of marketing and business development of Actimize. "It's not a fairytale; it's an established method being used by these groups to carry out significant fraud."

Among the factors contributing to the criminal trend are increased access to technology by rank-and-file employees, as well as poor hiring and screening processes within end user firms, according to the report. Data availability and a lack of dedicated resources for fraud detection technologies were other issues identified by respondents as fueling internal attacks.

More than 75 percent of those companies surveyed said that they expect insider fraud schemes to grow even more sophisticated, with 73 percent charting the financial services industry's preparation for such attacks as only "poor" or "somewhat acceptable."

About half of the companies involved in the research said that they have experienced a data theft within the last 12 months, with the cost of the largest such incident within each firm coming in at an average of roughly $875,000 per incident. The largest such incident cited in the Actimize research totaled $6 million in losses.

A lack of automation among the anti-fraud technologies being utilized by the companies is a hallmark of their defeat, Orad said.