Amid the rising incidence of cyber fraud in the financial services sector, an organization must bring its data, intelligence and other capabilities together to avoid becoming a victim and fend off attacks from bad actors.

Such capabilities may be siloed in cybersecurity, fraud, financial crimes/anti-money laundering, and other teams.

The Financial Services – Information Sharing and Analysis Center ( FS-ISAC ), a not-for-profit organization that seeks to advance cybersecurity and resilience in the global financial system, has developed a method to de-silo information to help teams pool information regarding cyber fraud, i.e., frauds conducted on cyber channels.

The Cyber Fraud Prevention Framework provides an actionable model to strengthen collaboration between cybersecurity, fraud, financial crime, and anti-money laundering ( AML ) teams.

Organizations can leverage the framework’s fraud response protocol to identify vulnerabilities earlier in the attack lifecycle, enhancing threat visibility and strengthening fraud controls, according to FS-ISAC. 

“The interconnectedness of fraud and cyber threats is intensifying, and financial firms cannot afford for their internal teams to operate in silos,” says Linda Betz, executive vice president of global community engagement at FS-ISAC.

“This structured approach to information sharing and collaboration empowers teams to identify and disrupt cyber fraud schemes. This helps financial firms strengthen their collective defences as well as safeguard the reputation and financial assets of the sector.”

Phases of a cyber attack

The framework breaks the lifecycle of a cyber-fraud attack into five phases:

1. Reconnaissance: Threat actors gather intelligence, set up infrastructure, and plan for attempted fraud.
2. Initial access: Attackers gain a foothold for fraud against a consumer, financial services institution, or other entity, such as a third-party vendor.
3. Positioning: Threat actors manipulate account information, credentials, or payment details to prepare for fraud execution.
4. Execution: Stolen data is monetized through unauthorized transactions or fraudulent fund transfers.
5. Monetization: The stolen funds are transferred to the threat actor.

These phases give teams a common language to share fraud information, enabling them to coordinate their activities, FS-ISAC says.

The framework suggests firms analyze fraud from multiple angles to pinpoint vulnerabilities and deploy controls earlier in the fraud lifecycle.

"The Cyber Fraud Prevention Framework is crucial for enhancing our team's ability to prevent, detect, and respond to fraud, marking significant progress in the cyber fraud domain," says Dave Daniel, vice president of cybersecurity operations at Nationwide Mutual Insurance Company.

By unifying teams, leveraging intelligence at every attack stage, and implementing targeted fraud controls, organizations can uncover the origins of an attack and anticipate future fraudulent activity before schemes are fully executed.

The framework also provides recommendations on how to effectively share fraud intel with peer firms to strengthen the defences of the entire financial sector.