Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Fraud & Identity Theft

Data Analytics Rarely Leveraged to Detect Fraud

Proactive Data Analytics Accounts for Just 3 Percent of Fraud Detected

Proactive Data Analytics Accounts for Just 3 Percent of Fraud Detected

A new report released by KPMG this week on fraud shows little major change when compared to previous reports – except perhaps that there are more female fraudsters today than there were previously. Statistically, fraudsters tend to be male, management, working in groups colluding with outsiders, and aged between 35 and 55. But there is one particularly worrying statistic: technology-assisted fraud is increasing while technology-assisted detection is falling.

Cyber fraud is an emerging threat, and technology already plays a part in 53 percent of frauds. In North America, technology played a ‘significant’ part in enabling fraud, compared to 24 percent worldwide. But technology is not being used to detect and prevent fraud. “Proactive data analytics, searching for fraud amid anomalies and suspicious business activity, accounts for only 3 percent of frauds detected,” says the report.

“We find that executives know that hackers and criminal organizations can wreak havoc on companies; they read about such cases almost every day in the media. But they often don’t believe it can happen to them, whether or not they have built defenses against the threat,” suggests Ron Plesco, Cyber Investigations Lead in the US.

A major recommendation of the report (PDF) is the increased use of technological defenses. “Many companies lack the skills to defend against cyber fraud, so strong internal controls and data analytics are needed. And companies need to share insights with other companies to stay on top of a fast-changing threat landscape,” says Kevvie Fowler, Partner, National Cyber Response Leader in Canada.

This, incidentally, is precisely the approach announced by SWIFT yesterday to harden the SWIFT banking community following the theft of $81 million from a Bangladesh bank: threat information sharing combined with support for “banks’ increased use of payment pattern controls to identify suspicious behavior.”

Data analytics is seen as the primary remedy against fraud. “Companies can use advanced data analytics technology to search for suspicious and unusual business activity amid millions of daily transactions,” said Phillip Ostwalt, partner and Global Investigations Network Leader at KPMG LLP. “However, many are not capitalizing on such technology while fraudsters find new ways to gain access to confidential information, manipulate accounting records and camouflage misappropriations.”

Advertisement. Scroll to continue reading.

There are two primary approaches to analytics. The first is manual, making use of the technologies companies already have. Searching logs can help visually recognize anomalies – but logs are so massive that this is only really feasible when the analyst already knows what he or she is looking for.

The second approach is to use one of the many new threat detection tools that can employ some form of behavioral analytics, such as those offered by RSA, ThreatMetrixGuardian Analytics, or even Splunk. The difficulty here is setting the detection rules to a level that is manageable; that is, likely to detect genuine issues without overwhelming the security team with inconsequential warnings.

The branch of analytics recommended by KPMG is ‘transactional analytics’, which is, suggested Ostwalt, “more commonly deployed, and accepted.” To be effective the routines and data sets need to be frequently reevaluated based upon changing risks, and an understanding of where the high value anomalies might exist. 

“A few companies’ organizations are deploying behavioral analytics, and there is certainly more discussion about how to do so, and what data to utilize,” he added. “Some data is within the company environment and some is outside.”

But one problem with many forms of analytics is that it involves monitoring users behavior at a time when privacy issues are heightened. “It certainly could create a distrustful climate among staff if an organization is not careful in how it establishes and communicates the program to its staff,” said Ostwalt. “It is an emerging area, and the debate will become more active in the months to come.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.


Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam.


Spanish and US authorities have dismantled a cybercrime ring that defrauded victims of more than $5.3 million.

Application Security

After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple...

Application Security

Software maker Adobe has rolled out its first batch of security patches for 2023 with fixes for at least 29 security vulnerabilities in a...