Criminals don’t care how your org chart is drawn—and banks are paying for it in duplicated work, slower response, and frustrated customers. Across institutions, a consistent point is emerging: when fraud and cyber threats overlap, the biggest vulnerability often isn’t detection—it’s coordination.
Here are a few practical takeaways leaders have highlighted for tightening fraud-cyber cooperation.
Assume attackers “look at themselves as opportunists.” During a session at ProSight’s Annual Risk, Compliance, and Fraud Virtual Conference, Lawrence Zelvin, executive vice president and head of the financial crimes unit at BMO Financial Group, said bad actors “don’t look at themselves as cyber or fraud or physical security”—they’re focused on “here’s what I want to do, and here’s what it’s going to take to get there.”
Stop working the same incident three different ways. Zelvin described a familiar breakdown: cyber resets credentials after a takeover attempt, fraud investigates suspicious transactions, and a branch handles a complaint—without a shared view. “We could have three different cases all working on the same event with the same customer, and it never comes together,” he said.
Unify the picture—or miss the pattern. Without an aggregated view, banks can miss broader signals, from repeated compromises tied to malware on a customer device to geographic clusters of elder abuse fraud. “We only look at the dots,” Zelvin said. “We never look and say, ‘wow, there’s a lot more elder abuse fraud than normal’ so we can be predictive and get ahead of it and work with law enforcement.”
Fix information flow before you rewrite org charts. Larry Trittschuh, managing partner at ILORU Technology, said many organizations remain structured traditionally—but during incidents, what helps is “a joint operations group or center, or some process that brings those different silos together so that we can operate jointly.”
Case management is the hard part. Zelvin called out how difficult it is to get “that one case management system for cyber fraud and physical [fraud],” noting many institutions juggle “10 to 12 separate case systems for the same event.” Even a shared case report spanning all three areas could reduce duplicate work and keep teams from bouncing between systems.
Borrow cyber playbooks to get more preventive in fraud. Trittschuh described applying cybersecurity-style tactics and indicators of compromise to flag fraudulent accounts earlier—using shared data points like phone numbers, email addresses, and registration patterns. In one case, he said, it was “our first step and our first success in actually getting the organization to be more proactive.”
Define “success” the same way. Zelvin contrasted the functions: “In cyber, a good day is not having a bad day.” In fraud, success is measured by losses going down. “No one is actually defining what success is,” he said—leaving teams “constantly feeling you’re a failure.”
The throughline: “You can’t do it alone,” Trittschuh said. “We have to start doing it together.”
To that end, one place to start would be the ProSight Fraud Alert Network, which connects fraud professionals to exchange timely fraud insights and prevent loss faster.
