Internal-led cyber frauds in Indian banks: an effective machine learning–based defense system to fraud detection, prioritization and prevention
| DOI | https://doi.org/10.1108/AJIM-11-2021-0339 |
| Published date | 12 August 2022 |
| Date | 12 August 2022 |
| Pages | 246-296 |
| Subject Matter | Library & information science,Information behaviour & retrieval,Information & knowledge management,Information management & governance,Information management |
| Author | Neha Chhabra Roy,Sreeleakha Prabhakaran |
Internal-led cyber frauds in Indian
banks: an effective machine
learning–based defense system to
fraud detection, prioritization
and prevention
Neha Chhabra Roy and Sreeleakha Prabhakaran
SVKM’s Narsee Monjee Institute of Managment Studies, Bangalore, India
Abstract
Purpose –The study aims to overview the different types of internal-led cyber fraud that have gained
mainstream attention in recent major-value fraud events involving prominent Indian banks. The authors
attemptedto identifyand classify cyber fraudsand its driversand correlate themfor optimal mitigationplanning.
Design/methodology/approach –The methodology opted for the identification and classification is
through a detailed literature review and focus group discussion with risk and vigilance officers and cyber cell
experts. The authors assessed the future of cyber fraud in the Indian banking business through the machine
learning–based k-nearest neighbor (K-NN) approach and prioritized and predicted the future of cyber fraud.
The predicted future revealing dominance of a few specific cyber frauds will help to get an appropriate fraud
prevention model, using an associated parties centric (victim and offender) root-cause approach. The study
uses correlation analysis and maps frauds with their respective drivers to determine the resource specific
effective mitigation plan.
Findings –Finally, the paper concludes with a conceptual framework for preventing internal-led cyber fraud
within the scope of the study. A cyber fraud mitigation ecosystem will be helpful for policymakers and fraud
investigation officers to create a more robust environment for banks through timely and quick detection of
cyber frauds and prevention of them.
Research limitations/implications –Additionally, the study supports the Reserve Bank of India and the
Government of India’s launched cyber security initiates and schemes which ensure protection for the banking
ecosystem i.e. RBI direct scheme, integrated ombudsman scheme, cyber swachhta kendra (botnet cleaning and
malware analysis centre), National Cyber Coordination Centre (NCCC) and Security Monitoring Centre (SMC).
Practical implications –Structured and effective internal-led plans for cyber fraud mitigation proposed in
this study will conserve banks, employees, regulatory authorities, customers and economic resources, save
bank authorities’and policymakers’time and money, and conserve resources. Additionally, this will enhance
the reputation of the Indian banking industry and extend its lifespan.
Originality/value –The innovative insider-led cyber fraud mitigation approach quickly identifies cyber
fraud, prioritizes it, identifies its prominent root causes, map frauds with respective root causes and then
suggests strategies to ensure a cost-effective and time-saving bank ecosystem.
Keywords Cyber frauds, Fraud drivers, K-Nearest Neighbour (K-NN), Fraudster-infrastructure-target model,
Fraud severity mapping, Prevention framework
Paper type Research paper
AJIM
75,2
246
The authors acknowledge the editor and anonymous reviewers for their timely and valuable inputs for
the refinement of the paper. The authors also acknowledge respondents of questionnaires and experts
from banks for their time and useful interaction and inputs.
Data Availability Statement: The datasets generated during and/or analyzed during the current study
are not publicly accessible due to their availability as fragmented reports. The authors have compiled it
for analysis, and it is also confidential. However, the dataset can be available from the corresponding
author upon reasonable request. Further, some data is collected through focused group discussions and
primary surveys.
The current issue and full text archive of this journal is available on Emerald Insight at:
https://www.emerald.com/insight/2050-3806.htm
Received 19 November 2021
Revised 26 March 2022
20 June 2022
Accepted 3 July 2022
Aslib Journal of Information
Management
Vol. 75 No. 2, 2023
pp. 246-296
© Emerald Publishing Limited
2050-3806
DOI 10.1108/AJIM-11-2021-0339
1. Introduction
The bankingindustry is undergoinga dynamic digital transformation,forcingaligned, planned
and secure bankingand finance networks to meet international best practices. Banks manage
the dynamicallyrising digitaldisruptions that preventemerging nation banks fromadhering to
standard best practices (International Finance Corporate, 2021). Some of the challenges are
stability (Battenet al., 2017), reputation and risk management (Ketterer, 2017;Roy and Basu,
2021a). Cyber-attacks are the most significant challenge among all technological disruptions
that affect the banking business (Chhabra and Viswanathan, 2020;Roy and Vishwanathan,
2018;Touri, 2009) around its reputation, sustainability and stability (Thompson et al., 2017).
Cyber security has become a prominent concern for banks over the past few years. Cyber
fraudsters are attracted to this because of their anonymity, secrecy and interconnectedness.
Since online transactions have exploded, external cybercriminals have developed more
advancedways to penetrate the system (Roy andPrabhakaran, 2022;Lindsay,2017). However,
the interesting fact from cybercrime studies is that cyber frauds are perpetrated by internal
stakeholders–employees and otherdirectly associatedparties (Reid and Van Niekerk, 2014).In
the banking sector, insider-led destructive cyber-attacks are 89% higher in 2021 than in 2020
(Okello CandiyaBongomin and Ntayi, 2020). From 2010–2011to 2020–2021, India’s fraud rate
increased from 5.6% to 73.6% (India Brand Equity Foundation, 2019;McKinsey Global
Institute; Washington, DC, 2001). Financial institutions suffered huge losses from cyber-
attacks, adding to the uncertainty and funding restrictions (Alfonso et al.,2021). A single
cybercrimeconceived and executed by internalparties can drastically impactsociety, causing
substantialfinancial losses, intellectualproperty theft and customermistrust (Vakhitova et al.,
2019). Financialinstitutions are not the only onesaffected by insider fraud. It affectsthe entire
financialecosystem and other stakeholders, includingbanks, customers, regulatoryauthorities
and employees (Ferracane, 2019). It cannot be overstated how important it is to prevent and
mitigate internal-led cyber fraud (Beasleyet al., 2000;Biegelman and Bartow, 2012).
There are already a few existing cyber fraud prevention response systems that are in
place, including autonomous cyber defense systems (Kshetri, 2016), intelligent cyber
security assistant platforms (KPMG, 2019) and the National Cyber Security Strategy 2021
(Ranjitha, 2021). Despite these systems in place, banks have difficulty tracking down fraud
rings, especially if it is led by internal associates raising questions about the effectiveness
of the existing fraud system. Thus, banks must upgrade their cyber defense system to
effectively cater to cyber fraud (Garcia, 2018;Roy and Prabhakaran, 2022). Authors found
that the current cyber security systems are less effective due to their non-suitability for all
frauds. Cyber security systems must cater to internal/external frauds (Kshetri, 2016), their
response mechanism (Behr et al., 2010;Park and Kim, 2020), high costs, time and resources
allocatedinsuchsystems(Shaw, 2006;Zelenakova et al., 2013).
Banks should act swiftly and logically to prevent fraud when they become aware of cyber-
attacks. Since fraud increases and generates large amounts of data, it shows the fraud
behavior with multiple dimensions (Baesens et al., 2021), like nonuniform timing between
fraud events (Maybury et al., 2005). While fraud is assessed, a visual representation will help
combat it. In the past, fraud assessments were expert opinion driven, ignoring dynamicity in
data (Gilmour et al., 2011;Martens et al., 2019;Sommestad et al., 2015;Thompson et al., 2017).
Banks should not rely solely on expert opinion but consider using actual data. Banks are not
well suited to conduct a hybrid assessment (experiment and data) and derive optimal
conclusions. It fails to respond timely and effectively to such fraud events (Li et al., 2020;
Tamrin et al., 2017).
There are also few fraud assessment studies using data-driven and machine-learning
algorithms (Farrugia et al., 2021;Li et al., 2020). Still, the disadvantage was that sometimes
real-time information was not captured sufficiently to understand and react, resulting in
delays and substantial financial and reputation losses (Bach et al., 2020;Balakrishnan et al.,
Effective
response system
for internal-led
cyber frauds
247
2020). A hybrid approach can remove the challenges associated with expert-driven and data-
driven approaches. In this approach, frauds are assessed and prioritized. Fraud response
systems should detect cyber frauds at the earliest (Dimitrijevic et al., 2017) and dynamically
manage large amounts of data (Udeh and Ugwu, 2018). It should prioritize (Roy and
Prabhakaran, 2022) and prevent fraud at its earliest stage (Braithwaite, 2010;Tamrin et al.,
2017). Prioritizing frauds will enable timely and cost-efficient fraud mitigation measures for
high-priority frauds.
Before presenting mitigation measures, the authors analyzed existing mitigation methods.
According to (Roy and Prabhakaran, 2022), existing plans are either generic (Rohit et al.,
2018), prevention-centric (Khanna and Arora, 2009) or limited to victim-affected stakeholders
(employees, customers, regulators and banks). Authors recommend that the plan be proposed
so that it not only prioritizes the frauds but also identifies the root cause of the problem as
long-term mitigation. In this regard, authors have not just prioritized fraud but also explored
its root cause which was not practiced so far.
Following fraud prioritization, the authors explored the root causes and examined
previously held similar fraud events. They identified that fraud could happen because of
either party involved –the victim or the criminal. The authors of recent studies (Blass and
Grossman, 1996;Eaton and Korach, 2016;Najafabadi et al., 2015;Resnik and Finn, 2018;Roy
and Basu, 2021a) believe that investigations should focus on involved parties since both are
internal to the fraud and can be easily monitored and controlled (Swaby, 2012). As part of the
root-cause analysis, both the victim (bank) and the fraudster (an insider employee in this case)
provide reasons for the fraud. Examining both involved parties is important. The bank can
accentuate fraud due to poor internal control systems/infrastructure (Jang-Jaccard and Nepal,
2014;Vasan et al., 2020). Outdated software and hardware is making the bank more
vulnerable to cyber-attacks or providing easy access to criminals so they can penetrate
quickly (Chen et al., 2021;Reid and Van Niekerk, 2014). Cyber fraud is not caused by all root
causes equally. Therefore, the authors first identified the prominent drivers across involved
parties (Fraudster and Victim) and then mapped selected cyber frauds with their respective
drivers. The authors formed clusters of fraud severity categories and their drivers. However,
few of these drivers will be the same across all fraud severity categories. The authors follow a
futuristic approach in which frauds that appear to be of low severity may become more severe
over time, and high-intensity frauds may disappear; thus, mitigation measures must be
iterative. Because of such a scenario, mitigation measures can only be effective and
sustainable if they focus on a specific root cause (Roy and Prabhakaran, 2022). Specifically,
the present study covers both involved parties where root causes linked to victim split into
two mainstreams (deficiency in infrastructure and the ease of providing access to fraudster
cause) and criminal root causes considered as (fraudsterpersonal cause) mitigation measures.
The mitigation measures will not only provide a solution for the present scenario but have the
potential to be effective in the long term since the mitigation measures repository is already in
place. In this context, a timely, effective, agile and long-term sustainable fraud response
system can be built.
In addition to reducing cyber risk, effective mitigation can improve brand image, attract
customers and lower reputational risk for banks. In terrestrial crime, the criminal is mostly an
unknown, so investigators adopt a reactive policing model (Drew and Farrell, 2018). In the
case of an internal-led cyber-attack, all the parties are under the banking ecosystem’s
observation and control. Therefore, banks should take a victim-fraudster-centric approach to
fraud prevention and mitigation. Alfonso et al. (2021) suggest a rational approach rather than
a reactive one to mitigate fraud in the workplace. A comprehensive and practical fraud
assessment and mitigation framework is recommended. This paper aims to answer the
question: How should an internal-led cyber fraud response system is developed? The
following objectives are proposed:
AJIM
75,2
248
To continue reading
Request your trial