In 2007, fraud remains top of mind in the financial services industry. While compliance has created more attention and spending to prevent fraud, sound management is essential to prevent erosion of marketplace trust in financial services institutions (FSI) and the industry in general. A Security Information and Event Management (SIEM) solution can play an essential role in a comprehensive fraud management strategy.

SIEMs offer many benefits as part of a holistic fraud management strategy

In the United States, the Federal Trade Commission identified a 34% increase in total fraud between 2003 and 2005, when the fraud bill reached $648 million. The Association for Payment Clearing Services (APACS) revealed that online fraud losses in Great Britain increased 55% in 2006 over 2005.

To ensure global trust in FSIs, many organizations are taking a more comprehensive approach that goes beyond technology point solutions and requires a holistic, layered integration of technology with enterprise people, policy, and process. No one technology can outsmart 'fraudsters.' In fact, isolated point products may introduce additional problems for an enterprise to solve. Products vary in their scalability; some products focus on only web-based applications, and differences in reporting capability vary significantly. Conversely, an effective SIEM can serve the enterprise in its entirety - from security operations to business users to senior managers.

A new TowerGroup report¹ discusses the management and technological capabilities needed to support a holistic, enterprise-wide approach to fraud management for financial services.

Based on this guidance, FSIs should consider a security information and event management solution as an essential component of an enterprise fraud management strategy. The selection of a SIEM should be based on the following criteria:

• Scalable architecture for real-time monitoring and analysis of high volumes of disparate data (network, applications, OS, and database)
• Ability to adapt to the ever-changing shape of fraudsters and related threats
• Automated escalation of alerts to incidents with the ability to provide case management of incidents, resulting in accelerated response and closure to reduce fraud related loss
• Automated risk analysis and prioritization of alerts based on risk rating
• Robust reporting that verifies control effectiveness in enforcing security risk policies
• Automated response to common threats to reduce loss

Besides fraud mitigation to comply with regulatory standards and restore customer trust in FSIs, companies enjoy other benefits from implementing a SIEM: improved operational efficiency, reduced cost of compliance, ability to centralize security intelligence in order to adapt quickly to changes in global regulations, customer privacy, protection, and reporting.

¹ "Fraud Management: Covering the Basics, Extending the Value," November 2006 was written by Rodney Nelsestuen of the TowerGroup, Inc., a leading research and consulting firm focusing on the global financial services industry. For a copy of this report, visit www.intellitactics.com/value.

Pamela Casale is Chief Marketing Officer at Intellitactics, Inc. She may be reached via email at pcasale@intellitactics.com or you may visit www.intellitactics.com for more information.