By George Smyth, Director R&D, Rocket Software
We all know someone who has received a call from their bank, checking to confirm whether recent credit card purchases are legitimate and not fraudulent transactions by a criminal who has their hands on the card details. Many banks even use the promise of robust security processes to sell their services to customers. But as the value of a credit card number continues to represent a lucrative temptation for hackers – just one set of card details can fetch £17 on the dark web – banks need to recognise that relying on security solutions to keep criminals at bay is not enough. This first wall of defence needs to be backed up by the capacity to quickly and accurately detect when data security measures have failed, and customers’ credit card numbers have been compromised.
The data conundrum
The biggest challenge to picking up instances of credit card fraud is the difficulty of managing and accessing data. IBM recently stated that 90% of all customer and business data has been created in the last two years alone. And a lot of this data involves card payments, which in 2015 surpassed 426 billion transactions globally. This means that banking databases are having to store more information than ever before, much of which is unstructured and stored across disparate systems. With data being collected at an astounding rate, it’s not surprising that many organisations are struggling to identify where they are holding customer data, and how exactly this information is being used.
In fact, Blancco Technology Group recently released a report that showed that 12% of corporate UK IT professionals admitted that they don’t know where data is stored. In France and Germany the situation is even more dire; 20% and 15%, respectively, said they had little confidence in their process of being able to find data within their systems.
Getting access to data needs to change
Adding to the complexity, too many companies are using solutions that require the frequent extraction of data. Used on their own, these solutions fail to provide the speed and accuracy needed by banks to effectively detect when data is being used fraudulently or accessed illegally by cyber-criminals.
For example, extract, transform, load (ETL) software, if implemented in isolation to other solutions, cannot satisfy the rigorous data security needs of banking. This is because the technology simply copies entire data sets from the storage platform to the machine that is doing the analysis. This process often means that unnecessary information is being copied, which not only wastes time, but also presents its own data security challenge. By making multiple copies of sensitive data across a company’s IT estate, you are essentially creating multiple points where it could be hacked and stolen. And then there’s the fact that ETL produces a static copy at the exact moment that its copied. This creates another vulnerability, as any unauthorised access or changes made after this time cannot be detected by the infosecurity team.
View data virtually
The solution to this headache comes in the form of data virtualisation. From the outset, this software eliminates the need to move data, which essentially avoids risk. It provides security teams with secure, high-performance data access for rapid examination of potential data anomalies, all of which are integral to tackling banking fraud. By adding data virtualisation alongside traditional ETL processes, banks can view information in real-time, and compare the validity of data across various storage systems to determine if fraudulent activity has taken place. What’s more, the software provides an accurate picture of who has accessed a set of data and when, so banks can identify unauthorised, potentially malicious, activity.
Data virtualisation is also key in supporting faster analytics, which is a crucial tool in the fight against fraud. The technology extracts only the most relevant information applicable to the task at hand, leaving behind the unnecessary data that simply slows down the analysis. This means that banks have more capacity to scrutinise the data that will help them detect potential credit card fraud.
For banks, which typically operate using a mainframe, another big benefit of data virtualisation is that it can be combined with solution’s like IBM’s Apache Spark. This technology can process and analyse information 100 times faster than the next best solution, meaning the bank has live access to accurate data. As soon as a transaction is processed by Visa, Mastercard, Amex (or whichever payment processer it may be), this information can be viewed instantly using data virtualisation, and analysed for fraudulent activity.
Don’t let bad access to data be your downfall
As hackers only continue to become more aggressive in their attempts to steal data, the task of keeping an IT system out of reach of an attack is a greater challenge than ever before. It’s tempting to respond to this threat by building data security walls thicker. But banks need to go one step further and ensure that they are also able to quickly detect when they’ve been breached or customer information has been compromised. As the reality of a data breach is no longer a case of ‘if’ but ‘when’, better visibility of and access to data will be the key differentiator in the fight against banking fraud.