On average, fraud costs organisations 6% of their annual revenues, and 60% of all fraud involves the organisation`s employees. In fact, fraud has reached such epidemic proportions that groundbreaking pieces of legislation have been passed to counter this crippling trend.
These laws include the Financial and Intermediary Services (FAIS) Act in South Africa, the Sarbanes-Oxley auditing standards law and Gramm-Leach-Bliley consumer protection act in the US and Basel 2 legislation in Europe, which requires banks to manage operational risk. The advent of these laws has compelled companies to monitor user activity on legacy applications, particularly in financial and healthcare organisations.
Leon Bouwer, Product Manager of Bateleur Software Solutions, says fraud detection is usually done by analysing the data store but is of limited use because it is retrospective. Quite often, internal transactions on the database cannot be linked to a specific user, and analysis is restricted to traceable media such as email and paper - easily eradicated by criminals.
`To implement proper monitoring of user access, organisations have begun changing existing code and adding business rules to their legacy applications,` Bouwer says. `This is a difficult, high-risk task requiring considerable manpower and a substantial financial investment. Even then, it`s not always successful.`
Thanks to the latest technological developments, a solution is at hand. Sabratec, a leading provider of rapid legacy integration and monitoring solutions, has developed IntellinX, the only solution on the market that non-invasively monitors actual business activity of all types of legacy applications in real time.
According to Bouwer, IntellinX is easy to implement and administer and can be installed and configured to monitor all user activity in a matter of hours, with no risk to normal IT operations. The system runs on a separate Windows, Unix or Linux server, eliminating the need to install any software or hardware on host or clients or change existing legacy applications.
`IntellinX can monitor a specific user, a group of users, or even just a specific application. It records all terminal activity, and can write the contents of the screens or maps which make up the application to a relational data store,` he explains.
`At the same time, IntellinX does further processing against the data. For example, the system can be set to alert the security department via SMS or email should a certain field be changed. Immediate action can then be taken to prevent fraud.`
Once the activity has been logged in the IntellinX database, a session can be replayed for a specific user. Application maps are presented, showing exactly what the user was doing when he or she operated the application. In addition, the data may be analysed by any data query tool.
`As no application changes are needed, this approach is risk-free, non-invasive and, most importantly, in most cases installation and configuration can be achieved in a single working day,` Bouwer says.
Bateleur Software Solutions is the official South African distributor for the Sabratec portfolio of products.
Share
Editorial contacts