How can you be sure that your credentials are not used while you are on holiday?
Usage of several user ID's from the same computer.
Multiple operations with many different channels (e-banking, mobile banking, etc.) in a short time frame.
E-Banking Remote control
Multiple small heterogenous transactions from e-banking.
Celebrities do not like paparazzi, especially those have access to their bank account information. How can you ensure that your employees do not access critical data?
Customer Call Back
How would you react if you discover a fraud would have been avoided with a single call?
How can you prevent a malicious employee from accessing customer information to be used for fraudulent reasons?
Despite the use of generic accounts, how can you still detect the fraudsters?
How can you ensure that technical accounts are not used by dishonest employees?
Modifying temporary SWIFT exchange files to change account IDs before files get loaded.
Multiple operations with the same bank card from different geographical locations.
Hidden IT Change for an accomplice
"Under the radar" unauthorized activity performed by privileged user.
Transaction occurring after strange database inquiries from an IT employee.
Four Eyes Bypass
Segregation of duty failure enables one user to both input and authorize transactions.
A customer is always served by the same teller, even when other employees are available.
Control Violation Heatmap
Policies violation overview organized by bank's users, branches, locations, etc.
Flag suspicious transactions for investigation and compliance documentation.
Implement controls to comply with FINMA 2008/21 Appendix 3, and demonstrate no violations are present.
IT Change for Accomplice
How can you detect collusion between business employees and IT?
How to detect if seemingly unrelated people, running seemingly unrelated activities, are teaming up to spot potential targets?