US Bancorp - Fighting Off Malicious Attacks and Ensuring Business Continuity
| Case Code: ITSY110
Case Length: 18 Pages
Pub Date: 2020
Teaching Note: Available
| Price: Rs.500
Organization: U.S Bancorp
Countries: United States
Themes: Management of Information Systems, Enterprise Risk, Banks and Banking,Digital Strategy
Abstract Case Intro 1 Case Intro 2 Excerpts
The Rising Need for Fraud Detection Systems
In 2012, US Bank along with five other leading US-based banks became a victim to a series of distributed denial-of-service (DDoS) attacks waged by hundreds of compromised servers that flooded the bank’s servers with above-average amounts of Internet traffic exceeding 60 gigabits per second (Gbps) (See Exhibit IV to understand the Nuances of a DDoS Attack). Speaking about the administrators of the compromised web servers that failed to adequately lock down their machines, thereby enabling the attack to happen, Dan Holden (Holden)..
US Bank Using AI and ML to Beat Fraud
Banks were increasingly being forced to ensure customer protection against new account fraud and identity theft, without hampering legitimate customers’ mobile and online banking experiences. According to Dominic Venturo (Venturo), Executive Vice President and Chief Innovation Officer for US Bank, it was in such a scenario that AI and ML played a significant role. In the US banking industry, it was widely acknowledged that US Bank was an early adopter of AI and ML models to prevent fraud..
Mobile Geolocation to Prevent Card Fraud
In October 2016, US Bank enabled its ‘Geolocation Service’, developed by Visa, Inc., to ensure fraud protection (See Exhibit IX for Information on Visa’s Geolocation Service). This service helped match the location of a customer’s credit card to that of the customer’s phone, thereby ensuring that the particular customer was at the location where the card was being used..
Other Fraud Detection Systems Used by US Bank
US Bank had several dedicated security teams comprising 700 people to anticipate, address, and help prevent security threats. It also encrypted the customer’s confidential banking data to protect it en route to and from its servers. Besides, the bank took various measures to educate its customers about different types of frauds they might experience and the ways to counteract them, apart from the action they needed to take if they became a victim of fraud. In addition, it had a ‘Fraud Liaison Center’ that was available 24x7, which victims of fraud could contact..
US Bank took several measures to educate its employees about information security, with it being one of the mandatory training requirements. Speaking about training for employees, Jason Witty (Witty), EVP and CISO (Chief Information Security Officer) for Bancorp, said, “We do a lot of webinars and that sort of thing as well. We have poster campaigns we do every quarter. For us, risk is really at the core of our DNA. Just being able to manage risk is core to what we do. So then fitting information security into that overall risk message is a lot easier.”..
Exhibit I: Biggest Banks in the US, as of 2019
Exhibit II: Revenue Mix by Business Line of US Bank
Exhibit III: Employees by Business Line or Corporate Support Function of US Bank
Exhibit IV: Nuances of a DDoS Attack
Exhibit V: Information about Protocols
Exhibit VI: Top Banking Trojan Families, per 2019 Activity
Exhibit VII: Uses of AI in Banking
Exhibit VIII: Fraud Detection Process Using ML
Exhibit IX: How Visa’s Mobile Location Confirmation APP Works
Exhibit X: Information on Financial Industry Stakeholders
Buy this case study (Please select any one of the payment options)
|PayPal (11 USD)