After planting its roots firmly in data encryption and enterprise content management for Payment Card Industry security compliance, Hyland has turned its attention toward fraud detection.
The Westlake, Ohio-based developer of OnBase, an enterprise information platform that protects customer payment and personal data, has responded to financial institution client requests the past six months to streamline the fraud detection and management process.
A bank's fraud department can sometimes have up to a dozen different spreadsheets to identify and monitor fraud reports.
"It didn't matter what kind of fraud it was, it was all going into the same bucket of spreadsheets," said Steve Comer, financial services sales manager for Hyland.
Bank security employees couldn't work on the fraud reports simultaneously, so updates and resolutions were slow, Comer said. "There was a whole world of problems with the spreadsheet format, and there was no specific application to address this."
Hyland used its case management capabilities to build an application within OnBase that took the structure and data of the spreadsheets and funneled them into a single source.
"It was a much better user interaction, but with the benefit of all of the tools that OnBase has available," Comer said. "Multiple people could work on it and it features a workflow engine to route data."
The application also allows the bank or credit union to identify where fraud is coming from, whether it is card payment data, check kiting, or a criminal stealing funds from a merchant or business account.
"You can run reports against data fields to determine if the fraud is coming from a common Internet Protocol address, a specific state, or a certain location," Comer added. "The bank can determine more quickly if a particular segment or group of its customer base is being targeted."
Hack attempts of bank networks and documents are a massive problem, representing the single biggest threat in financial services, said industry analyst Russ Schoper of Atlanta, Ga.-based Business Development International Inc.
"It is very scary what these criminals are doing, so the banks know they are on the target list and have to be very aware," Schoper said. "Smaller banks are scared to death and they hold tons of sensitive customer and shareholder data in documents."
Hyland is focusing on solving a significant problem for banks if it can make documents more secure as well as making fraud detection a faster process, Schoper said. "I've been around banking all of my life, and if these guys can encrypt data so no one can make use of it and also educate employees on security and fraud detection, it is a much-needed service."
OnBase software typically operates within a bank or credit union's core storage and security systems. The banks have security measures in place to protect data at rest, and OnBase comes into play when banks start archiving documents that need certain elements encrypted for extra security, or encryption for keywords to apply to appropriate metadata values to keep sensitive data hidden.
OnBase also has redaction and annotation capabilities for documents, allowing banks to pinpoint certain aspects of a document, possibly areas in need of attention for PCI compliance. Typically, payment card data in text-based reports or new payment card applications may need redaction, Comer said.
The software also helps financial institutions establish password policies, providing the rules for password strength or requiring password changes every 30 days. Security industry research indicates attacks targeting corporate and internal financial networks are on the rise, but the number of institutions detecting fraud early is also growing.
Hyland cites Chicago-based Alliant Credit Union as a client it helped increase electronic documentation to 95% of documents, and trimmed its fraud investigations from a lengthy four- to five-hour spreadsheet process to less than 10 minutes.
"These are premise solutions within the financial institution's firewall," Comer said. "They don't ask Hyland for anything and we are not accessing or keeping data, and not even tech support unless they allow us in."