Staying One Step Ahead of the Cyber Criminals
The latest Symantec report suggests that the number of worldwide malware samples increased by an astonishing 71% in 2009 compared to the previous year. According to the report, this increase stems from the growing popularity of easy to use toolkits that novice cyber criminals are using to turn out their own malware. In our experience, banks and their customers are one of the key targets for this new breed of criminal. While customers need to be more aware of online security risks, banks are also doing their bit to protect their customers. The challenge for banks, however, is to remain one step ahead of the criminals.
The latest technique to be used by fraudsters is to implant a code in the customer’s browser to gain control of their banking session while using the same IP address of the legitimate user. These so-called ‘man-in-the-browser’ attacks are capable of moving funds out of a user’s account without the bank or the customer being aware until transactions have been clocked up on credit cards or the balance on their current account begins to dwindle unexpectedly.
Man-in-the-browser viruses are difficult to detect as often standard security measures do not even reveal the presence of the virus. However, financial institutions can reduce the effectiveness of man-in-the-browser attacks by gaining a better understanding of a customer’s online banking profile and their regular interactions online, so suspicious activity can be recognised more quickly and easily. Banks can also use out-of-band communication, such as a mobile phone, as an additional method of authentication to confirm the transaction details and verify the user. This makes it more difficult for fraudsters to operate, as they have to simultaneously compromise multiple channels.
The findings from Symantec’s latest report, highlight the importance for banks of taking a layered fraud prevention approach - one that analyses the log-in, the transactions, and risky sequences of events – to give banks the best chance of minimising online banking fraud, thwarting attacks and ensuring the industry doesn’t continue to contribute to the rising malware attack figures.
Fraud & Risk Solutions Consultant
Related Blog Posts
Regulating for Real-Time: The Role of Government in Payments Modernization
Dr. Leo Lipis and Craig Ramsey, Head of Real-Time Payments for ACI Worldwide, continue their discussion on real-time payments and the findings of the new white paper, Get More from Real-Time.
Issuing and Acquiring in a Real-Time and Open Payments Ecosystem – The Global Picture
Dr Leo Lipis and Craig Ramsey, Head of Real-Time Payments for ACI Worldwide, continue their discussion on real-time payments, stemming from the findings of the new white paper, Get More from Real-Time. See part one.
SWIFT gpi: Leveraging Cross-Border Payments for the Real-Time World
SWIFT gpi represents the evolution of business done over the SWIFT network, bringing correspondent banking into the digital era.
I’ve covered this topic before, but with gpi now reaching the two-year milestone, it’s a good chance to reassess the progress that has been made – and what is needed to drive further adoption.
The Race to Real-Time Payments in Europe
Instant payments have quickly morphed into the new norm, and as individual European nations forge a real-time, digital-first payments environment, they raise the bar for all financial institutions conducting business in the Eurozone. It’s no longer a question of “what’s the business case?” but a matter of how instant payments players can take advantage of the opportunities now being created.
Der Wettlauf um Echtzeitzahlungen in Europa
Echtzeitzahlungen haben sich zur neuen Norm entwickelt. Indem einzelne europäische Länder die Rahmenbedingungen für digitale Echtzeitzahlungen schaffen, setzen sie neue Maßstäbe für alle Finanzinstitute, die Geschäfte in der Eurozone abwickeln. Es geht nicht mehr um die Frage „Was ist das Business Model?“, sondern darum, wie Akteure im Bereich der Echtzeitzahlungen die sich bietenden Geschäftsmöglichkeiten erfolgreich nutzen können.
Local Perspectives: Real-Time Realities Across Asia-Pacific in 2019
Money20/20 Asia returns to Singapore this week, attracting payments professionals from around the vast APAC region – and beyond. The real-time and open imperative is one of the reasons why all eyes are on Asia-Pacific when it comes to payments, so I caught up with ACI payments experts representing three of the key countries within the region, to take the pulse of real-time schemes that are in varying stages of maturity.
What it Means for a Bank to be Real-Time Ready – It’s More Than Just Payments
Banks are quickly learning that real-time enablement of the business is more than just a technological upgrade – there is a wider challenge of transforming services and customer experience. Although the banking world faces this challenge with some trepidation, there are success stories from other industries that have overcome legacy technologies and transformed frustrating and opaque customer experiences.
Instant and Open Payments for Consumer Purchases – Lessons Learned From India and Beyond
Did you know that 65% of merchants want to accept instant payments? That’s because they know the customer experience (CX) benefits will drive growth for their business, and they recognize that this payment type will save their business money.
Putting Malaysia on the Path to Payments Innovation
The public launch of the DuitNow instant credit transfer service, in December 2018, provides just a taste of what lies ahead as Malaysia’s Real-time Retail Payments Platform (RPP) is progressively rolled out. Fueled by Bank Negara’s (BNM) increasing support for e-payment platform development, there has been a steady increase in mobile wallet and digital payment usage, setting the stage for 2019 to be a year of transformation for the payments industry in Malaysia.