PITTSBURGH – When it comes to preventing and detecting fraud, multiple heads are better than one, and the National Cyber-Forensics & Training Alliance (NCFTA) has 18 years of successful teamwork to prove it.
Alison Ward understands this better than anyone. As a senior detection and investigation associate with PNC, Ward works with other members of the NCFTA, a non-profit organization that combines the public and private sectors. In this unique collaboration, the U.S. government and various companies share information and analysis to identify, mitigate and ultimately help to neutralize cyber crime threats throughout the world.
At the NCFTA offices on the site of a former steel mill near downtown Pittsburgh, government and private industry cyber security experts share cyber threat intelligence via strategic alliances with more than 1,200 subject matter experts in the public, private, and academic sectors.
These alliances are what sets the NCFTA apart from other fraud fighters—companies like PNC not only identify and block threats, but they also can work with the FBI and other government agencies to crack larger cases and ultimately prosecute cyber criminals.
“Fraud moves fast, but we are working collaboratively to move faster,” Ward said. “A data breach can quickly turn into identity theft or money laundering tied to dangerous criminal activities. Real-time information allows us to be both proactive and reactive in our investigations.”
The NCFTA has played a large role in cracking major cases, including the 2014 scheme called GameOver Zeus in which hackers stole money from businesses across the United States. As a result, Pittsburgh has gained a reputation as a hub for cyber security. Dan Larkin helped create the alliance in 1997. A retired FBI agent, he is a director of fraud prevention within the Enterprise Fraud Group at PNC.
Ward, a member of Larkin’s team of investigators, serves as the eyes and ears of the bank five days a week at the alliance offices, which are lined with numerous monitors to track cyber activity.
The representatives at the NCFTA constantly share information that could be related to pervasive schemes—and because they all work together in the same office, the investigators have easy access to a wider network of resources.
Outside of this environment people can be hesitant or suspicious of sharing information. But here, we all have the same goal of fighting fraud and protecting the bank and its customers.
When representatives at the NCFTA see potential fraud, they share that information with other representatives, enabling industry partners to put up their defenses and create a more secure cyber environment.
When Ward learns about a potential threat she reports back to her PNC team so they can look for indicators of those threats and take steps to protect customers. Her team then works on the issue, with Ward serving as the liaison between the bank and the alliance.
This intense level of communication and collaboration has obvious benefits when companies are experiencing the same type of fraud at the same time. But one of Ward’s most memorable cases involved information an industry partner had shared with her three years earlier.
In 2012, another bank in the NCFTA shared information about suspicious activity involving customer reward points. At that time, the points were a new way to encourage customers to pay with a credit or debit card, allowing them to accumulate points and redeem them for gift cards.
“We were seeing fraudsters hack into accounts to redeem the gift cards and then send the information to an address not associated with the customer,” Ward said. This fraud was particularly problematic because customers and companies did not immediately notice the missing rewards points the way they would notice missing money.
Ward helped her colleague with the case, but her own team did not see it happening at PNC until three years later. When she saw the suspicious activity, Ward immediately identified it as the same fraud from 2012 and the PNC team acted quickly to prevent any significant fraudulent activity.
Communication plays a large role in Ward’s daily work, but so does analysis. “I have an analytical mind, especially when it comes to fraud. I’ve always been curious about what makes people do the things they do,” Ward said. “With fraud, even though I’m looking at a lot of data, I still have to analyze the big picture and determine why someone would do this.”
In college, Ward followed this inherent curiosity and studied sociology and criminal justice, planning on a career in law enforcement after an internship with the Allegheny County Police Department. However, a lack of open positions prompted her to pursue fraud investigations instead.
With this plan in mind, Ward’s parents encouraged her to submit just one job application before heading off for a summer backpacking through Europe with friends. That one application was for a job in fraud investigations with National City, which was since acquired by PNC. Ward landed the job and started working three weeks later. Although she did not have the chance to explore Europe with friends that summer, she launched a career cracking fraud attacks coming from around the world.
Twelve years later, Ward is still helping solve fraud cases. “I love my job because every day is different. What I do is only a small piece of a much larger puzzle, but it’s rewarding to see my small pieces contribute in a big way to some larger cases. It’s all about looking at the bigger picture and how the little pieces add up.”
In the past three years, the NCFTA has contributed to over 800 cyber threat intelligence reports and the prosecution of more than 300 cyber criminals.
PNC Point of View
Real People. Real Perspective. Real Insights. »