Financial Fraud Information Sharing
The rate of fraudulent transactions in the financial services industry is increasing at an alarming rate. Fraudsters collaborate and share/sell information about successful incidents, providing a window of opportunity during which similar attempts may also succeed. The financial sector is attempting to combat fraud in a similar way, through the sharing of information about fraudulent incidents among themselves to help prevent or quickly close those windows of opportunity. To date, solutions have been based on proprietary tools and techniques, hampering the ability to share information quickly and effectively among organizations that may use disparate products and solutions. Standards work is now underway in the Internet Engineering Task Force (IETF) to standardize the information about fraudent financial transactions and standardize a format for the exchange of related information. Other industry initiatives have also been undertaken to try to move the sharing of information from its current state, with closed networks using proprietary solutions, to a more open standards, based environment. For example, the Open Fraud Intelligence Network (OFIN) is a recent initiative from Entrust that will provide a standards-based vendor-neutral network for the exchange of fraud data, tactics and behavior. Also the Financial Services Technology Consortium (FSTC) recently launched a fraud collaboration project focused on better collaboration tools for fighting fraud. That project also hopes to benefit from standards initiatives already underway. This paper focuses on the[THRAUD] standards activity underway in the IETF.
KeywordsInternet Engineer Task Force Fraudulent Activity Internet Draft Fraud Attack Fraudulent Transfer
Unable to display preview. Download preview PDF.
- [THRAUD]M’Raihi, David; Boeyen, Sharon; Grandcolas, Michael and Bajaj, Siddharth: How to Share Transaction Fraud (Thraud) Report Data, ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-mraihi-inch-thraud-03.txt.Google Scholar
- [IODEF]Danyliw, R; Meijer, J; and Demchenko, Y: The Incident Object Description Format, http://www.ietf org/internet-drafts/draft-ietf-inch-iodef-13.txt.Google Scholar
- [PHISHING]Cain, P. and Jevans, D.: Extensions to the IODEF-Document class for Phishing, Fraud, and other Crimeware: where applicable, http://www.ietf.org/intemet-drafts/draft-cain-post-inch-phishingextns-01.txt.Google Scholar