Sustainable response system building against insider-led cyber frauds in banking sector: a machine learning approach

Published date08 February 2022
Date08 February 2022
Subject MatterAccounting & finance,Financial risk/company failure,Financial crime
AuthorNeha Chhabra Roy,Sreeleakha Prabhakaran
Sustainable response system
building against insider-led cyber
frauds in banking sector: a
machine learning approach
Neha Chhabra Roy
Department of Finance and Accounting, Narsee Monjee Institute of Management
Studies, Bangalore, India, and
Sreeleakha Prabhakaran
Department of Human Resource, Narsee Monjee Institute of Management Studies,
Bangalore, India
Purpose This paper aims to focus on the different types of insider-led cyber frauds that gained
mainstream attention in recent large-scale fraud events involving prominent Indianbanking institutions. In
addition to identifying and classifying cyber fraud, the study maps them on a severity scale for optimal
Design/methodology/approach The methodology used for identication and classication is an
analysis ofa detailed literaturereview, a focus group discussion with risk andvigilance ofcers and cyber cell
experts, as well as secondarydata of cyber fraud losses. Through machine learning-basedrandom forest, the
authors predicted the future of insider-led cyber frauds in the Indian banking business and prioritized and
predicted the same. The projected future reveals the dominance of a few specic cyber frauds, which will
make it easierto develop a fraud mitigation model basedon a victim-centric approach.
Findings The paper concludes with a conceptual framework that can be used to ensure a sustainable
cyber fraud mitigation ecosystem within the scope of the study. By using the ndings of this research,
policymakers and fraud investigators will be able to create a more robust environment for banks through
timely detectionof cyber fraud and prevent it appropriately beforeit happens.
Research limitations/implications The study focuses on fraud, risk and mitigation from a victim-
centric perspectiveand does not address it from the fraudstersperspective. Data availability was a challenge.
Banks are recommended to compile data that can be used for analysis both by themselves and other
Practical implications The structured, sustainablecyber fraud mitigation suggested in the studywill
provide an agile, quick, proactive, stakeholder-specic plan that helps to safeguard banks, employees,
regulatory authorities,customers and the economy. It saves resources,cost and time for bank authorities and
policymakers. The mitigationmeasures will also help improve the reputational status of the Indian banking
businessand prolong the bankssustenance.
Originality/value The innovative cyberfraud mitigation approach contributes to the sustainabilityof a
banks ecosystemquickly, proactively and effectively.
Keywords Machine learning, Effective mitigation, Fraud root causes, Insider-led cyber frauds,
Sustainable fraud management, Prioritization and prediction
Paper type Research paper
The authors wish to thank the Indian banks' cyber security experts, and vigilance ocers for their
time and input during focused group discussions, which set the context for the discussion.
Journalof Financial Crime
Vol.30 No. 1, 2023
pp. 48-85
© Emerald Publishing Limited
DOI 10.1108/JFC-12-2021-0274
The current issue and full text archive of this journal is available on Emerald Insight at:
1. Introduction
Sustainable Banking and Finance Network aims to advance banking and nance in line
with international best practices, i.e. effective risk management [1] and green loan
origination [2], to meet the needs of all stakeholders (International Finance Corporate,
2021). Recent changes are not addressing bank stability, reputation and risk
management issues (Ketterer, 2017;Roy and Basu, 2021). Moreover, the digitization of
the banking sector has created huge impacts, affecting stability and risks have further
increased due to technology disruption and cyber-attacks (International Finance
Corporate, 2021;Roy and Vishwanathan, 2018;Siraj and Pillai, 2013). Cyber fraudsters
are taking advantage of the anonymity, secrecy and interconnectedness of the internet
and cyber systems. Evidence of the relationship between sustainability and stability
under looming cyber frauds has not gotten enough attention and remains open to
debate even today (Thompson et al., 2017).
Research on cyber-attacks and crimes is becoming increasingly crucial for banking
industries, mainly perpetrated by insiders of banks (Reid and Van Niekerk, 2014). In
the banking sector, insider-led destructive cyberattacks are 160% higher in 2020 than
in 2019 (Okello Candiya Bongomin and Ntayi, 2020). From 20102011 to 20202021,
Indias fraud rate increased from 5.6% to 73.6% (McKinsey & CompanysReporton
India, 2005; India Brand Equity Foundation, 2019). Financial institutions suffered
huge losses from cyber-attacks, uncertainty and funding restrictions (Alfonso et al.,
2021). A single cybercrime conceived and executed by insiders can drastically impact
society, causing substantial nancial losses, intellectual property theft and customer
trust (Vakhitova et al., 2019). Financial institutions are not the only ones affected by
insider fraud. It affects the entire nancial ecosystem and other stakeholders,
including banks, customers, regulatory authorities and employees (Ferracane, 2019).
It cannot be overstated how important it is to prevent and mitigate insider fraud
(Beasley et al.,2000;Biegelman and Bartow, 2012).
If banks consider the cyber threat extremelydangerous and harmful, they need to invest
in robust and effective cybersecurity systems (Gilmour et al.,2011;Martens et al.,2019;
Sommestad et al., 2015;Thompson et al.,2017). In the ght against cybercrimes, solutions
such as autonomous cyber defense systems (Kshetri, 2005), intelligent cyber security
assistant platforms (KPMG, 2019), National Cyber Security Strategy 2021 (Ferracane, 2019)
(NCSS2021) and intrusion detection systems (Ben-Asher and Gonzalez, 2015) are already in
place. Although cyber incidents are increasing, new and sustainable solutions should be
sought and innovative ways shouldbe used to combat insider-led frauds. Thus, the various
mitigation efforts that a bank can implement must be sustainable and provide a long-term
solution. Cybercriminalsnd more innovative ways to commit fraud and ensureit affects all
stakeholders. So there is a need for a solution that is agile, proactive, quick, relevant,
practical and catering to all stakeholders (Alfonso et al.,2021). Cyberspace is one place
where banks strive to ensure utmost security with considerable efforts like fraud
identication, detecting root cause, assessing the severity of cyber frauds on banks
business, prioritizing cyber fraud and suggesting effective mitigations to affected parties
(Nautiyal and Goel, 2020).
Against this backdrop, the study aims to build an innovative, sustainable cyber fraud
mitigation ecosystem that bankscan use. Prevalent cyber frauds are initially explored, and
the root cause of the fraud is later identied. Since effectivemitigation can be linked to root
cause forces as well, analysis of root causes becomes essential. It is also necessary to note
that the severity and impact of all frauds are not the same and will vary with time, mode of
perpetration, etc. Hence, it is crucial to detect each frauds severity and prioritize them to
stop further intensication. Cyber frauds are more dynamic and real-time, and their
intensity changes over time, so it makes sense to analyze the level of fraud using machine
learning. A machine learning-based assessment of frauds will enable banks to detect the
severity of frauds and suggest mitigationmeasures for the most sensitive frauds on priority
(Protiviti- Face the future with condence, 2017). As frauds are prioritized, mitigations can
be implemented more effectively and appropriately use their efforts and resources. The
authors also observed that mitigation would be effective only if they were suggested to
several stakeholders. Therefore, the moment any fraud severity is realized, all affected
stakeholders will immediately pull the relevant and mitigation measure to stop the fraud
from happening.
In addition to reducing cyber risk, sustainable mitigation can improve brand image
and attract customers, which lowers reputational risk for banks (Behr et al., 2010;Park
and Kim, 2020). Instead of the traditional reactive policing model, banks should adopt a
victim-centric approach to crime reporting. Through a victim-centric process, banks
can focus primarily on the causes of fraud and their impact on associated parties
(regulatory authorities, employees and banks) and suggest prevention policies and
strategies that may help prevent banks from becoming victims of cybercrime (Drew
and Farrell, 2018). Therefore, a complete and sustainable framework is recommended
for fraud assessment and mitigation.
This paper aims to answer the following question: How can we develop a sustainable
cyber fraud assessment and prevention ecosystem? The authors propose the following
develop a sustainable responses systems against insider-led cyber frauds;
determine the severity level of insider-led cyber frauds and predict the future
occurrence of cyber fraud; and
develop an insider-led cyber fraud mitigation framework based on effective
mitigation strategies and address all stakeholders.
The following sections elaborate on the literature covering theoretical background for
sustainable fraud prevention models, cyber fraud identication, assessment methods
and prevention techniques. Section 3 discusses the methodology and Section 4
discusses the data analysis. The effective mitigation model is presented in Section 5.
We discuss a sustainable cyber fraud mitigation framework in Section 6 and conclude
in Section 7.
2. Literature review
2.1 Theoretical framework for sustainable cyber fraud ecosystem developed through
appropriate attributes
Despite having a robust and secure institutional infrastructure, cyber fraud incidents are
always on the rise. A 2020McAfee report titled The hidden costs of cybercrimestates that
the growing cybercrime incidentscost the global economy more than US$1tn, an increase of
more than 50% from 2018. Cybersecurity Ventures says cybercrime costswill rise by 15%
over the next ve years, reaching US$10.5tn by 2025. In the banking industry,
cybercriminals cause damage that may collapse the countrysnancial health. With the
increase in fraudulent practices,banks also cite various social and technological disruptions
like data loss and destruction, intellectual property theft, damage to brand reputation,
increased downtime, lost work hours and reduced efciency. These non-nancial damages

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT