Internet Banking Faces A New Threat
The recent announcement of the multi-channelled Zeus attack on a user’s internet banking account is an interesting hypothesis and surely will not be the last when it comes to beating the ever advancing online banking systems. The attack method currently seems to use the mobile phone as a forwarding device for any one time password that is delivered to the customer. It’s unclear whether or not the mobile phone hack would hide the incoming SMS from the customer, however if it doesn’t, then if banks ensure they include relevant transaction details in the SMS - amount, and beneficiary - it could allow the legitimate customer to detect that something has gone wrong prior to money being lost.
However, if this is the beginning of these types of attacks, we can be sure that the sophistication will also ramp-up as time passes. It’s easy to imagine a few other tricks that could be implemented in the mobile phone side of the attack to further mask the attack. Banks need to keep on top of these threats by maximising the technology they use in Out of Band communication and not simply using it as a basic notification service.
Having the customer respond or sign a transaction via the Out of Band channel could cut down on the potential for abuse since the bank would be able to look at the incoming mobile phone number to help authenticate the transaction. All of this, however, further points to the fact that our most advanced and innovative protection methods will inevitably be defeated as the never-ending game of cat and mouse progresses. When the locks on the door cannot fully protect, the banks will always have the incredibly robust suite of transaction behaviour detection tools available to them.
Regardless of what technology is sitting at the front gates, there is always a way to detect abnormal behaviour when it's occurring, and banks will always keep these systems honed to ensure customers' money is protected.
Fraud & Risk Solutions Consultant
Related blog posts
Rio 2016 – Once the Games Are Over, It Doesn’t Mean Fraud Is Over
The 2016 Rio Games are in full swing—with great story lines and unbelievable performances by incredible athletes, all being watched and admired by a million additional tourists in town (not to mention the many billions watching on TVs and computer screens).
The connected world, mobile commerce and fraud
The following Portuguese language contribution comes from one of our many talented Latin America-based colleagues and fintech experts. Based in Sao Paolo, Hugo Costa, general manager of ACI Brazil, provides some great insight into the connected world, mobile commerce and fraud.
Alarming Brazilian card fraud trends & outlandish risky behavior
In a recent report “Global Consumers: Losing Confidence In The Battle Against Fraud,” it was found that 30% of consumers have experienced card fraud in the past five years. Against a backdrop of 2,260 confirmed data breaches in 2015 and over 4 billion records stolen since in 2013, consumers are losing faith in the ability of providers to protect them.
South African card fraud trends & risky consumer behavior
In conjunction with the PASA International Payments Conference this week, we decided to take a look at some recent consumer fraud data from the host nation, South Africa. The market is very similar to the global averages, in that a shockingly high number of consumers continue to experience card fraud. Despite the number of fraud attacks and breaches, consumers in South Africa continue to engage in risky behavior such as providing information in phishing attempts and writing down their PIN numbers.
July: the hottest shopping time of the year for consumers, retailers—and fraudsters
Summer is in full swing, and while many people equate this time of year with beach-hopping and BBQs, retailers—and those of us who keep them in business— are quickly making July one of the most exciting shopping months of the year. Irresistible online sales and promotions abound, and with that, so does the risk of fraud. In fact, eCommerce fraud attempt rates in July, 2016 (1.6%) are slightly higher than fraud rates in December, 2015 (1.2%), which is the busiest holiday shopping time of the year.
Three things that it takes to be in the Fraud Management Business in 2016; a survey reflection
On the heels of ACI’s latest Consumer Fraud Survey, recurring questions have continued to solidify themes. Let me summarize the results for you: There is incrementally more card fraud, consumers are not changing their behavior all that much in reaction to it, and they expect any issues to be addressed and resolved more easily today than in years past. Of course, this is about what we should be anticipating in our “always on”, service and convenience oriented, mobile world. So, with that said, here’s what fraud management means to consumers and fraud managers in 2016.
Consumers want access Merchants want simple global and secure opportunities How to achieve both
While riding the local commuter rail on my last leg home from NYC, I sat next to a woman who was on her smartphone shopping on what looked like a Chinese website. I smiled to myself after just having spent the day talking about the massive opportunities presented in the borderless world of eCommerce. The scenario was very timely as the day’s discussion centered on providing consumers with access to goods and services and the merchants’ opportunity to serve them anytime, anywhere with the payment options they desire.
EMV in the US The picture six months on Part 2
EMV implementation – the side effects
EMV in the US The picture six months on Part 1
It has been six months since the EMV liability shift occurred in the US on October 1, 2015 – and it’s time to assess our progress, challenges and outlook.
How the Canadians are beating back fraud
Greetings, Canadians from your friends down south. While I am an American by passport, I am longing to be a Canadian in spirit, finding things like Poutine, Hockey and Cream Ale far better beyond the border.