https://orcid.org/0000-0003-2473-7413
![Sample our Behavioral Sciences journals, sign in here to start your access, latest two full volumes FREE to you for 14 days]({"type":"image" , "src" : "/sda/110801/TOC-Subject-Sample-2021-Behavioral-Sciences.jpg"})
ABSTRACT
This paper explores the different insider employee-led cyber frauds (IECF) based on the recent large-scale fraud events of prominent Indian banking institutions. Examining the different types of fraud and appropriate control measures will protect the banking industry from fraudsters. In this study, we identify and classify Cyber Fraud (CF), map the severity of the fraud on a scale of priority, test the mitigation effectiveness, and propose optimal mitigation measures. The identification and classification of CF losses were based on a literature review and focus group discussions with risk and vigilance officers and cyber cell experts. The CF was analyzed using secondary data. We predicted and prioritized CF based on machine learning-derived Random Forest (RF). An efficient fraud mitigation model was developed based on an offender-victim-centric approach. Mitigation is advised both before and after fraud occurs. Through the findings of this research, banks and fraud investigators can prevent CF by detecting it quickly and controlling it on time. This study proposes a structured, sustainable CF mitigation plan that protects banks, employees, regulators, customers, and the economy, thus saving time, resources, and money. Further, these mitigation measures will improve the reputation of the Indian banking industry and ensure its survival.
Acknowledgements
We would like to express our sincere gratitude to all bank, cyber cell individuals and organizations who have contributed to the successful completion of this research and the preparation of this manuscript. We would like to thank Journal Editor and Anonymous reviewers for their constructive comments for refining the paper. We confirm that this manuscript has not been previously published and is not under consideration for publication elsewhere.
Disclosure statement
The authors have no conflicts of interest to declare.
Notes
1 Periodic Security Audits; Vulnerability assessment; Fraud Awareness Training; Whistleblowing; Ethical phishing attacks; Financial Support to employees; Timely appreciation and recognition of employees; Non-disclosure agreements; Conducive work environment-; Behavioural analytics; Advanced cybersecurity control; Implementation of Blockchain ; psychometric inventories; Cybersecurity drills; Skill Inventory; Restriction on external devise; Multifactor Authentication; firewalls, packet filtering; Fraud detection skills; Talent Management; Digital forensic investigations; Abuse reporting infrastructure; Identity and Permission management; Educate Customers.
2 Legal prosecution against criminals; Monetary penalisation; Sentence or imprisonment; Cyber Crisis Management Plan; Immediately flag unusual activities; Report to CERT-IN.
3 The predator fraudster is one who commits fraud on a predetermined and planned basis and who is not motivated by pressures or needs for money, but by greed.
4 Categorical responses are required for machine learning methods – whether it is a major or minor loss.
5 State Bank of India (SBI), Bank of Baroda (BOB), Bank of India (BOI), Bank of Maharashtra (BOM), Canara bank (CAN), Central (CEN), UCO, Union (Uni), Punjab National Bank (PNB) and private sector banks such as HDFC Bank (HDFC), ICICI Bank (ICICI), Kotak Mahindra Bank (KOT), Axis Bank (Axis), South Indian Bank (SB), DCB Bank (DCB), Dhan Laxmi Bank (DB), Karnataka Bank, Lakshmi Vilas Bank (LB).
6 While Vanilla Neural Networks can handle structured data, Recurrent Neural Networks and Convolutional Neural Networks can handle unstructured data.
7 How precisely the measured value or findings reflect the real or the original values.
8 True Positive Rate refers to the proportion of those with the condition who received a positive result.
9 TNR ratio of true negative and total negative is an effective measure to assess the rate at which non-fraud events are detected through the model – it should be high.
10 FPR is an effective measure to assess the rate at which the non-fraud events are detected as fraud through the model; the ratio of the false-positive and total negative should be low since non-frauds are identified as frauds which affect the efficiency of the bank.
11 FNR is an effective measure to assess the rate at which fraud events are not detected through the model – riskier for the banks if ignored, since the ratio of false-negative and totally positive should be low for an effective model.
12 The proportion of affected individuals with a positive test result.
13 The Specificity is the True Negative Rate and refers to the percentage of people without the condition who received a negative result on this test.
14 The mean decrease in accuracy – is a method of computing the feature importance on permuted out-of-bag (OOB) samples.
15 Gini importance (or mean decrease impurity), is a set of Decision Trees, with a set of internal nodes and leaves in each. An internal node is used to divide the data into two separate sets with similar responses.
16 Average weight estimated using (1*no of 1 response+2* no of 2’s responded+3* no of 3’s responded)/total number of responses.
17 By tracking and analysing user behaviour, behavioural analytics can help you better understand what your customers want. With behavioural analytics, you can improve your product, satisfy customers, and boost key performance indicators.
18 Examines the issues of national cyberspace security.
19 Detects malicious programmes.
20 Ensures awareness of existing and potential cyber security threats.
21 Detects and responds to network and data center security incidents.