Fraud Management

  • TYPE: Combined Session DATE: Wednesday, May 11, 2016 TIME: 12:00-13:00 LOCATION: AMMERSEE II


As of now, Fraud Management and Security, including Real Time Security Intelligence (RTSI) and advanced security and threat analytics are commonly segregated from each other. While this at first glance makes sense, given the different corporate buyers, there are three good reasons for a more integrated perspective. On is that the underlying analytical technologies are vastly the same. It is about machine-learning and pattern-based analytics, helping better protecting organizations against fraudulent behavior and attacks (notably, banking fraud is tightly related to threat analytics anyway). It is about Adaptive Authentication, taking the context risk into account when e.g. granting customers access to their bank accounts or employees access from their mobile devices to sensitive business applications.

Moreover, the reason for doing all this is risk migration. Both Fraud Management and RTSI are elements of risk mitigation strategies. Both should integrate with GRC (Governance, Risk Management, Compliance) tools for providing an up-to-date risk view.

In this session, we will look at the similarities and differences, but also the emerging need for better integrating both Fraud Management and Security Management with the overarching GRC view.


There are two facets of fraud – the business fraud and the IT fraud. The first is about people e.g. transferring money to accounts they have created for a fake supplier. The latter involves all fraudulent behavior in IT systems, particularly when it leads to financial losses. However, IT fraud includes attackers hijacking accounts of business users, ending up in business fraud. And most business fraud scenarios are related to excessive entitlements and SoD violations. So business fraud and IT fraud are tightly aligned. On the other hand, both business risk management and IT risk management and business fraud management and IT security intelligence (including fraud management) are kept separate in most organizations. The panel will discuss whether this must be the case due to the fact that business organization and IT organization are kept separate or whether and how it should change. And if there should be one approach on fraud management: How must organizations look like, both from the line, the security, and the government organization? Is it realistic to integrate these areas or not?


Martin Grauel is Presales Engineer at Balabit IT Secuity, an IT security innovator specializing in log management and advanced monitoring technologies. After studying business informatics, Martin has been working in the IT security environment for more than 10 years. Prior to Balabit, he was a...

Andy Land is a security technology executive who runs worldwide product marketing at IBM Security for the Identity, Application, and Data Security segments. He has a successful background in leading marketing, product marketing/management, and strategy teams at start-ups and large enterprises....

Claus Vaupel accompanies enterprises across Europe on their journey of digital business transformation. His expertise as a long-standing IT consultant in networking, security, mobility and unified communications allows him to lead customers towards future-proof security infrastructure...

Log in to download the presentation:  


Session Links


European Identity & Cloud Conference 2016

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 10 - 13, 2016 Munich, Germany