Content provided in partnership with

Financial Services Industry

Community Banks Battle Fraud

RMA Journal, The, March, 2001 by Kathleen M. Beans

Fraud attempts on banks are as common as colds in winter. From old-fashioned check fraud to electronic schemes and identity theft, banks wage a never-ending battle against fraud. Technology, of course, breeds its own types of schemes, but also provides more ways to detect criminal activity.

As the Internet proliferates as a way to do business, even the smallest community banks are feeling the need to offer online services and products. community banks' security systems are evolving with the times as banks set up sophisticated systems to detect fraud attempts on their new Web-based businesses.

Most Popular Articles in Business: Research and Markets : Tesco Plc - SWOT Framework Analysis; Do Us a Flavor - Ben & Jerry's Issues a Call for Euphoric New Flavors; eBay made easy: ready to start an eBay business? These 5 simple steps will ...; Katrina's lawsuit surge: a legal battle to force insurers to pay for flood ...; Wal-Mart's newest distribution center opened last month near the southwest ...; More »

It's an expensive proposition that often involves hiring additional staff, buying security software, and procuring independent certifications and audits of the bank's Web security.

In an interview with The RMA Journal, senior officers from three different types of small banks expressed common concerns about fraud and online security. Each bank handles these issues in a slightly different manner, depending on its size and customer base.

Handling Security with Internal Staff

Tri counties Bank in chico, california, began its Internet presence about seven years ago with the posting of a Web page. Instead of choosing an outside vendor to perform security and maintenance on the site, the bank appointed its own vice president for information systems, Ray Rios, to do the job. "The cost of an outside vendor was more than we felt we needed at that time," explains Rios, noting that the bank's Web presence started out small.

But there was another reason. "The bank wanted to get somebody trained internally to know and understand what it put in place," says Rios. "We didn't want a generic package from a vendor. We wanted one that was custom-designed to our needs."

Today Tri counties Bank, with a $1 billion in assets and 43 branches, has a $250,000 annual budget for its sophisticated in-house security system. The bank brings in outside vendors to audit its security, which is certified by VeriSign, a highly respected company whose seal of approval appears on Tri counties Bank's Web site.

The firewalls at Tri Counties contain many layers of security. The firewall logs, as well as the access logs to file servers and logs for the Internet and intranet, are scanned daily. "A staff member visually inspects the tracks and alerts that pop up when something is suspect," explains Rios. "Also, a pager goes off and alerts its three-member incidence response team when unusual activity appears. One of them responds and finds out what the problem is and we go from there." He notes that the FDIC advocates this type of monitoring, and he expects that the regulator will seek to make it mandatory.

To other small banks who are beginning to offer Internet-based services, Rios advises spending all the necessary dollars to make their systems secure whether they handle it internally or through a vendor. "A bank can't cheap out on security," he warns. "A bank can't open itself to the reputation risk that would result from compromised security."

Because some software cannot be certified, Rios also suggests that community banks use an outside source such as TruSecure, KPMG, or Anderson Consulting to validate security software before it is purchased.

Rios also cautions banks to remember they need security from within as well as outside the bank. "Most managers focus on fraud outside the bank, but the majority of fraud actually occurs from the inside. Be careful of short-term employees who may have excellent computer skills."

Securing the Site of an Internet-Only Bank

Web security is even more important for an Internet bank because all of its customers use online technology to access products and services. At Birmingham, Alabama-based Nexity Bank, receiving the AICPA WebTrust seal of approval is crucial. The AICPA WebTrust seal, attained through Ernst & Young LLP and a seal of approval from VeriSign appear prominently on the bank's home page. Ernst & Young looks at processes and procedures for security, explains Nexity Bank President David Long. "It's very important to have those seals of approval," says Long. "They provide a level of comfort to consumers who have doubts about doing business online. They are absolutely necessary for an Internet bank." The cost of acquiring the seals can be measured in both time and budget dollars, he adds.

A substantial number of fraud cases involve identity theft. "The anonymity of the Internet contains the challenges," says Long. "Because we don't see customers across the desk, we can't ask for a driver's license and ID. We have to spend a tremendous amount of time verifying information. We obtain credit reports on potential customers and we decline loans if they don't have a good credit history. In other ways, we're not much different from a bricks-and-mortar bank. We use a variety of fraud detection techniques to make sure the customer is who they say they are."

Financial Services Industry

Community Banks Battle Fraud

RMA Journal, The, March, 2001 by Kathleen M. Beans

Find Research Guides for:

Find Featured Titles for: Health

Most Popular Articles in Business

Most Popular Publications in Business