IBM's Anti-Fraud Push Strikes a Chord with Banks

IBM can identify with the integration pains its bank clients are feeling these days.

The tech vendor has acquired several security and analytics software companies in recent years — including Trusteer, i2, and SPSS — and it's trying to knit their products into a broad package that banks would want to buy to prevent data break-ins or minimize the damage from hackers.

Banks are said to need such products to sift through vast repositories of data and get the left hand of their large operations, say the anti-fraud group, to compare notes about suspicious activity with the right hand, perhaps the anti-money-laundering team, in order to catch the bad guys.

In the same way, IBM executives have to make sure their products do a good job of talking with each other to be effective.

If such anti-fraud technologies "aren't connected and in sync with each other, that creates gaps for the fraudsters to cut through," says Richard Hoehne, global counterfraud and financial crimes leader at IBM.

Fulfilling that goal would be a big deal in the tech world. The anti-fraud software market is crowded with software to stop malware and phishing and fraud analytics to detect foul play. Few companies have the ability to offer an enterprisewide answer to fraud. SAS and Oracle both offer business intelligence and analytics technology for detecting fraud, but they lack the nuts-and-bolts authentication and malware detection pieces IBM has brought together.

"I think IBM has assembled a strong collection of fraud prevention and cybersecurity products and are finally getting around to integrating them," Gartner analyst Avivah Litan says. "For the first time in years, they seem to be serious about this space, so let's see if they execute on their vision."

The project matters to banks because their need to detect and prevent fraud is urgent.

In 2013, 13.1 million consumers were victims of identity fraud and 43% more consumers experienced a bank account takeover than in the previous year, according to Javelin Strategy and Research.

Good data analysis is essential to fighting fraud, says Aaron Glover, a senior analyst at SunTrust Banks, who spoke at an IBM-sponsored event Thursday.

"We collect so much data and feed it into production tables," he said. That data needs to be transferred to databases that readily manipulated and analyzed, he said.

Banks have recently been trying to reduce the number of vendors with which they work, which makes IBM's quest timely, Litan says.

"From a business viewpoint, it's easier and generally more cost effective to work with one vendor than five or ten of them," she says.

Michael Versace, global research director of risk and IT infrastructure at IDC Financial Insights, says bank executives have started to take a "longer-tailed, up-field view of their requirements for many operational risk functions, including fraud. They're looking for a new degree of empowerment against fraud, as their boards and policymakers stay focused on financial crime and fraud."

Fields such as banking and health care generate a huge volume of fast-moving data, and that creates many vulnerabilities to scammers and hackers as well as lots of waste and abuse, he says.

"As these industries run more of their operations with real-time data of varying types, such as streaming video and social network feeds, and as fraud channels and scenarios evolve, there will be a greater need for fraud solutions to deliver more intelligence to end users."

IBM has been steadily acquiring security tech companies, some of them popular with banks. Last September, it bought Trusteer, which creates "clientless" malware detection — in other words, software that uses behavioral algorithms to detect malware and phishing attempts without requiring the end user to download anything. Bank of America, Société Générale, INGDirect, HSBC, NatWest, and Royal Bank of Scotland all use Trusteer Rapport software.

In November, IBM acquired Fiberlink, a mobile device management and secure file-sharing software company based in Blue Bell, Pa. 

In August 2011, IBM bought i2, a U.K. provider of fraud intelligence analysis software that finds patterns and relationships among disparate data. Its goal is to identity suspicious behavior.

That same year it bought Waltham, Mass.-based Q1 Labs, which makes analytics software that can detect actions that deviate from prescribed policies and typical behavior, such as an employee accessing unauthorized information.

IBM also plans to incorporate the generic predictive analytics software company SPSS, which it bought in 2009, into this program. First Tennessee, Rabobank Nederland and S&T Bank are among the users of SPSS software.

Hoehne discussed the kind of customer IBM is aiming at.

One bank client told Hoehne that his bank had grown through acquisition and therefore had a very fragmented approach to security, with stand-alone anti-fraud capabilities in each business unit that were ineffective, Hoehne says.

The bank wanted to make sure that if a cybercriminal was found in one database, that person would also be caught in another. The bank also was generating a high degree of false-positive fraud alerts across the business and needed to reduce that to focus on things that matter.

Trying to get different pieces to jibe ... it's a familiar challenge for IBM.

For reprint and licensing requests for this article, click here.
Bank technology M&A
MORE FROM AMERICAN BANKER