The Modeling of the Probable Behaviour of Insider Cyber Fraudsters in Banks

Insider cyber fraud in the banking sector is a serious and complex issue for financial institutions. This form of cyber fraud is particularly insidious due to insiders’ inherent access and knowledge, necessitating banks to implement comprehensive strategies for detecting, preventing, and responding to these internal threats. The aim of this study is to develop a scientific and methodological approach to model the probable behaviour of insider cyber fraudsters in banks based on a complex combination of principal component analysis, k-means clustering, and associative analysis. During the analysis of current challenges in the financial sector regarding the evolution of cyber fraud and its implications, the systematization of existing theoretical approaches concerning the examination of cyber fraud in banks was performed. Its result revealed a positive trend in the dynamics of the number of published materials in conferences and articles using keywords “cyber” and “frauds” in the Scopus database from 2000 to 2023. Additionally, utilizing the VOSviewer software facilitated the systematization of keyword combinations used in scholarly publications on the chosen topic, forming clusters to visualize and organize vectors of scientific research. Analytical data from Google Trends on critical issues related to cyber fraud were chosen as input data. Twenty variables were formed, which are the results of search queries, characterizing cyberattacks and decreased trust in financial institutions. The principal components method was used to reduce the dimensionality of the input data array, making it possible to select the nine most significant for the study. Conducting a cluster analysis using the k-means method made it possible to form 3 main groups of search queries, which included 12 of the selected variables. The results of the performed procedures contributed to the implementation of associative analysis for three sets of variables. It has been found that what intrigues potential insider cybercriminals in banks the most is the personal financial information of the client, access to the client’s profile in online banking and gaining access to his phone data. The obtained results can be utilized by commercial banks for identifying potential insider cyber fraudsters and ensuring a higher level of client protection against the actions of insider cyber fraudsters, by bank clients for analysing and mitigating potential threats from insider cyber fraudsters, and by law enforcement agencies for prompt responses to potential threats posed by insider cyber fraudsters in banks.