Enterprises failing to implement layered fraud prevention

Analyst firm Gartner argues that a single layer will not keep out determined attackers

Just 15 per cent of enterprises will adopt a layered fraud prevention strategy by 2014, according to analyst firm Gartner.

But a single layer of authentication or other fraud prevention techniques will not keep out a determined attacker, it says.

"Malware-based attacks against bank customers and company employees are levying severe reputational and financial damage on their victims. They are fast becoming a prevalent tool for attacking customer and corporate accounts, and stealing sensitive information or funds," said Avivah Litan, vice president and distinguished analyst at Gartner.

"Fighting these and future types of attack requires a layered fraud prevention approach."

Litan said the layered approach assumes that hackers will be able to break into a network, so additional security layers must be present to limit the damage once the initial wall has been breached.

Gartner describes five layers of fraud prevention:

Layer one: Secure browsers and hardware designed to protect the endpoint.

Layer two: Monitor navigation behaviour to identify suspicious patterns.

Layer three: Monitor users and accounts within a specific channel to identify suspicious activity.

Layer four: Monitor users and accounts across multiple channels.

Layer five: Analyse relationships among internal and external entities (eg. users, accounts, machines) to detect criminal activities.

While it can take years to fully implement a layered solution, Litan recommends that enterprises start with the simpler layers in order to have at least some protection in place.

"Unfortunately, organisations don't have years to wait to introduce fraud prevention while malware-based attacks proliferate. We recommend starting with the first layer of this fraud prevention framework, as well as the second layer, resources permitting, since these can be deployed relatively quickly."