Banks won't help us; we need a security superhero!

Opinion

Banks won't help us; we need a security superhero!

The fast rising screen has blocked physical bank robberies - now we need one to deter cybercrime.

Old fashioned bank robbery, according to a recent study by the Royal Statistical Society and the American Statistical Association, brings very little return on investment.

Despite the Hollywood treatment given to the subject, this branch of the crime industry isn't well paid or glamourous at all.

Using data from the British Bankers' Association, they've discovered that the value of bank heists is plummeting with the average blag netting £20,331.

One third of robberies yield nothing at all. The average takings per person per successful raid are £12,706.60 in the UK. In the US, where screens are more commonly installed, the average yield is $4,330.

The authors, economists from the Universities of Sussex and Surrey, quantified the elements of a heist, looking at labour costs (research on the bank layout and bribes to insiders) and capital input (guns, jemmies etc) then itemised and analysed the data.

They found that firearms are a good investment (they increase the average yield) as does the number of people in the gang, although the haul per hood ration does decrease.

"Our evidence suggests that the takings that heists generate appear to be consistent with economic theory," said Professor Rickman of the University of Surrey. "This is useful information if we are thinking about how such activity may be tackled in the future."

The best deterrent factor, they found, is a fast-rising security screen. Though these have been around for years, they haven't been widely adopted.

For obvious reasons, banks are under much greater threat from online raiders these days.

Let's hope that some canny solution provider is busy working on the cyber equivalent of a fast rising security screen. This is a chance to show the world, using an example everyone will understand, how efficiently the cloud can deliver benefits.

Developers will create an app in a fraction of the time it took for a physical product to be invented and, thanks to the versatility of the cloud, it can be delivered in the time it takes to close down a window.

Peter Park, general manager of UK-based fraud buster Alaric International, is the first on the crime scene.

Alaric offers Fractals to catch today's cyber blaggers. Fractals is like an intelligent bank clerk who notices stuff about their customers and spots irregularities (today banks use resentful minimum wage clerks in third world countries who don't give a toss whether the rude customers in the UK lose their money).

Stealing card details is only worthwhile if you can do something useful with them, explains Parke. A card with a PIN can be used to get cash from an ATM. A card with security information can be used to gamble on the internet anonymously or to buy high value merchandise that can be exchanged for cash.

There is a relatively limited range of things you can do with stolen card details. Most normal cardholders do not do these things, or at least not repeatedly in a short space of time. For example, multiple cash withdrawals on a credit card by a UK cardholder would be suspicious because there are much cheaper ways of obtaining cash, which typically involve use of a debit card. Similarly, high value spending at an internet gambling site on a card that has never been used in that way before is suspicious.

Fractals builds a profile of cardholder use. In other words it knows what type of goods or services each of us normally buys with our card. It also knows what type of goods or services a fraudster will typically buy with stolen card details. Fractals reviews each transaction, usually before a transaction is completed, and decides the extent to which that transaction is either new or unusual for the cardholder or typical of fraudster behaviour. If Fractals is certain that a transaction is not being performed by the genuine cardholder it can decline the transaction. We have all experienced this at some time.

"Fractals can typically identify 8 of every 10 fraudulent attempts to use a card," says Parke. 70% of fraudulent transactions are identified the first time a card is used fraudulently. This makes it inefficient for the fraudster to attack cards issued by a bank using the Fractals system."

Happily, Alaric uses the channel, so if there are any resellers out there interested, I can personally recommend one bank that needs this service (Clue: Its advertising campaign was fronted by Alan Davies).

Card fraud is organized crime on an international scale, and often perpetrated by gangs dealing in drugs, prostitution and money-laundering. The activities of such people can be severely disrupted by systems that can detect and block one source of their income. A bank that issues cards knows that it cannot stop all fraud, admits Parke, but it's a start.

"By using a system like Fractals it hopes that the fraudster will attack cards from other banks with less effective protection, in the same way that bank robbers will focus their attention on banks without fast-rising screens," he says.

Meanwhile security vendor Vasco has worked with 1,700 banks to pre-empt the threat of cyber crimes. It's not just about protecting the banks, it's about the customers too, says Vasco.

Yeah yeah, tell that to Abbey National. They once accused me of nicking my own money!

Vasco's 'fast rising security screen' is called Vacman. Sounds like a superhero. Is it a bird? Is it a plane? No, it's Vacman!

Vacman's super powers turn out to the in core authentication platform. The Vacman Controller supports a range of authentication modes, including One Time Passwords, to protect customers.

Not as exciting as watching a criminal pinned to the ceiling by a security barrier, but it's a start. Come on security experts, get working on some new stuff.

This was first published in June 2012

Join the conversation Comment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.