Criminals today move seamlessly across digital channels. Banks, for the most part, still have gaps. That’s due in large part to fragmented technology.
As fraud and cyber threats increasingly overlap, many financial institutions are discovering that their biggest vulnerability is not detection, but internal coordination. Fraud teams, cybersecurity teams, and frontline staff often investigate the same incident separately, using different systems, timelines, and definitions of success. This disconnect can frustrate customers, obscure patterns, and slow response. Plus, the disparate effort can add to operational costs.
That challenge was a recurring theme during a panel discussion at ProSight’s recent Annual Risk, Compliance, and Fraud Virtual Conference. Industry leaders emphasized at the event that banks and credit unions are incentivized to rethink how fraud and cyber teams can share intelligence and manage incidents in parallel with one another.
Bad actors “don’t look at themselves as cyber or fraud or physical security,” said Lawrence Zelvin, executive vice president and head of the financial crimes unit at BMO Financial Group. “They look at themselves as opportunists. They look at, here’s what I want to do, and here’s what it’s going to take to get there.”
Siloed responses can mean multiple teams unknowingly working the same event. Zelvin described a common scenario: a cyber team resets credentials after a takeover attempt, a fraud team investigates suspicious transactions and a branch handles a customer complaint—all without a shared view of the case. “We could have three different cases all working on the same event with the same customer, and it never comes together,” Zelvin said.
IBM’s 2025 Cost of a Data Breach report put the global average cost of a breach at $4.4 million across industries. In the United States, costs have soared past $10 million, driven by steeper regulatory penalties and rising detection and escalation costs—underscoring why banks are focused on faster detection and containment.
The consequences extend beyond inefficiency. Without a unified view, banks may miss broader signals, such as repeated account compromises tied to malware on a customer’s device or geographic clusters of elder abuse fraud that only become visible when incidents are aggregated.
“We only look at the dots,” Zelvin said. “We never look and say, ‘wow, there’s a lot more elder abuse fraud than normal’ so we can be predictive and get ahead of it and work with law enforcement” and ultimately arrest the culprits.
Breaking down silos does not necessarily require rewriting the org chart. What matters more is how information flows during day-to-day operations.
A lot of organizations are still structured traditionally, with separate cyber, fraud, and physical security teams, each in its own silo, said Larry Trittschuh, a risk and cybersecurity practitioner who is managing partner at ILORU Technology. What has helped during events is “a joint operations group or center, or some process that brings those different silos together so that we can operate jointly.”
The more difficult challenge, both speakers said, is case management. Large institutions often maintain a patchwork of systems—sometimes more than a dozen—to track cyber incidents, fraud investigations, and physical security events.
Zelvin said banks often struggle to unify the basic mechanics of incident tracking across teams. “You have no idea how hard it is to get that one case management system for cyber fraud and physical,” he said. Many institutions still juggle 10 to 12 separate case systems for the same event, he added, and even a shared case report that spans all three areas could reduce duplicate work and keep teams from bouncing between systems.
The Financial Services Information Sharing and Analysis Center has also pushed banks to break down internal barriers between fraud, cybersecurity, and financial crimes teams. In its April 2025 Cyber Fraud Prevention Framework, FS-ISAC notes that the data and capabilities needed to stop cyber-enabled fraud are often siloed across those functions, and it recommends a common structure for pooling indicators and coordinating response so teams can “look both ways” across phases of an attack and implement controls sooner.
Some banks are beginning to borrow directly from cybersecurity playbooks to make fraud operations more preventive.
Trittschuh described applying cyber-style tactics, techniques, and procedures, along with indicators of compromise, to identify fraudulent accounts before losses occur. By analyzing shared data points such as phone numbers, email addresses, and registration patterns, teams were able to flag networks of suspicious accounts that had not yet generated customer complaints.
In one case, Trittschuh said, his team surfaced accounts it believed were fraudulent before any losses appeared and handed the list to the fraud team. After reviewing the accounts using its usual process, the fraud team said it could not see fraud on them, he said, but his group argued that was the point—the accounts should be shut down before they were used. It was, he said, “our first step and our first success in actually getting the organization to be more proactive.”
That difference in mindset is one reason the two functions can struggle to agree on when to intervene.
“In cyber, a good day is not having a bad day. It’s binary—either you had a breach or you didn’t,” Zelvin said. In fraud, by contrast, success is measured by losses going down.
That mismatch, he said, creates friction not only between teams, but also in how leaders evaluate outcomes and set priorities across the organization. “No one is actually defining what success is, because it’s all over the place,” Zelvin said. “So you’re constantly feeling you’re a failure, which is demoralizing, not only to the team but also the leadership.”
Trittschuh said banks are under pressure to keep pace with rapidly changing tactics, and that reality is driving more collaboration across teams. “You can’t do it alone, and we have to start doing it together,” he said. “We have to bring all of these areas together.”
