Internet Banking Faces A New Threat
The recent announcement of the multi-channelled Zeus attack on a user’s internet banking account is an interesting hypothesis and surely will not be the last when it comes to beating the ever advancing online banking systems. The attack method currently seems to use the mobile phone as a forwarding device for any one time password that is delivered to the customer. It’s unclear whether or not the mobile phone hack would hide the incoming SMS from the customer, however if it doesn’t, then if banks ensure they include relevant transaction details in the SMS - amount, and beneficiary - it could allow the legitimate customer to detect that something has gone wrong prior to money being lost.
However, if this is the beginning of these types of attacks, we can be sure that the sophistication will also ramp-up as time passes. It’s easy to imagine a few other tricks that could be implemented in the mobile phone side of the attack to further mask the attack. Banks need to keep on top of these threats by maximising the technology they use in Out of Band communication and not simply using it as a basic notification service.
Having the customer respond or sign a transaction via the Out of Band channel could cut down on the potential for abuse since the bank would be able to look at the incoming mobile phone number to help authenticate the transaction. All of this, however, further points to the fact that our most advanced and innovative protection methods will inevitably be defeated as the never-ending game of cat and mouse progresses. When the locks on the door cannot fully protect, the banks will always have the incredibly robust suite of transaction behaviour detection tools available to them.
Regardless of what technology is sitting at the front gates, there is always a way to detect abnormal behaviour when it's occurring, and banks will always keep these systems honed to ensure customers' money is protected.
Fraud & Risk Solutions Consultant
Related blog posts
Payments Are Changing Big Banks
Once viewed as a necessity, they can reposition themselves to prove valuable in the value chain.
Everything is Commerce in Asia Pacific for 2016
Black Friday, Singles Day and the fast approaching Spring Festival—the world is spending billions online for the festive season (Alibaba alone grossing $14.3bn).
Its the most wonderful time of the year for payments
As 2015 quickly comes to a close and we ready for an exciting New Year, I/we thought it would be prudent (or at least kinda fun) to provide yet even more prognostications for 2016, because after all, who doesn’t love predictions?
Big regional growth opportunities in ASEAN banking
Leslie Choo addresses the opportunities for the AESEAN countries to build a digital payments community to support commerce within the region.
Everyones talking digitization
Digitization, digital natives, digital platforms and digital banking – many comments at Sibos 2015 point to the state of the digital age and how banks can keep pace and remain competitive.
Analytics fraud prevention immediate payments improved customer experience
Craig Ramsey, Director of Product Management at ACI, explains how real-time analytics required for fraud prevention through immediate payments can also be leveraged to drive better products and revenue.
Big Data and Analytics a Popular Topic of Discussion at Sibos
After much anticipation, Sibos 2015 finally kicked-off. One hot topic across the conference floor on day 1 was big data and analytics.
Benefit to banks
Barry Kislingbury, ACI Senior Principal Solution Consultant, describes the opportunities to realize a changing stream of revenue as financial institutions embrace immediate payments.
When immediate payments go bad
“I want it now.” Sounds like a petulant teenager, doesn’t it? But actually, it’s the sound of consumers and corporations around the world demanding immediate payments solutions.
Immediate Payments is Worth the Risk
The problem with fraud prevention is just when you think you’ve got it under control, those pesky criminals change their scams. And that’s all well and good if you’ve got systems capable of adapting to their new and creative tactics. But what if you don’t know what to protect against? What if your customers don’t even know what it is they could be getting scammed for?