Internet Banking Faces A New Threat
The recent announcement of the multi-channelled Zeus attack on a user’s internet banking account is an interesting hypothesis and surely will not be the last when it comes to beating the ever advancing online banking systems. The attack method currently seems to use the mobile phone as a forwarding device for any one time password that is delivered to the customer. It’s unclear whether or not the mobile phone hack would hide the incoming SMS from the customer, however if it doesn’t, then if banks ensure they include relevant transaction details in the SMS - amount, and beneficiary - it could allow the legitimate customer to detect that something has gone wrong prior to money being lost.
However, if this is the beginning of these types of attacks, we can be sure that the sophistication will also ramp-up as time passes. It’s easy to imagine a few other tricks that could be implemented in the mobile phone side of the attack to further mask the attack. Banks need to keep on top of these threats by maximising the technology they use in Out of Band communication and not simply using it as a basic notification service.
Having the customer respond or sign a transaction via the Out of Band channel could cut down on the potential for abuse since the bank would be able to look at the incoming mobile phone number to help authenticate the transaction. All of this, however, further points to the fact that our most advanced and innovative protection methods will inevitably be defeated as the never-ending game of cat and mouse progresses. When the locks on the door cannot fully protect, the banks will always have the incredibly robust suite of transaction behaviour detection tools available to them.
Regardless of what technology is sitting at the front gates, there is always a way to detect abnormal behaviour when it's occurring, and banks will always keep these systems honed to ensure customers' money is protected.
Fraud & Risk Solutions Consultant
Related blog posts
Payment Geeks (umm, I mean Professionals) Unite!
The beacon in the desert has been lit and the anticipation is palpable—for the next 3+ days, more than 10,000 of us will debate, discuss and help shape the future of our industry. From the amazing main stage lineup to the top of the line track sessions to the overflowing show floor, this week will surely not disappoint. So as we await the start of this year’s Money20/20, I wanted to share a three areas I literally am on the edge of my seat for:
How Will Insurers Modernize Bill Payment Systems?
When looking for a date in college I had to ask 13 girls before one said yes. The consumer experience at insurance companies isn’t much better. 80 percent of shoppers abandon during checkout. Of those who do sign up, 34 percent intend to leave their insurer next year.
Detecting Internal Fraud by ‘Breaking Bad’
There has been no shortage of news stories around the banking industry and its vulnerability to internal fraud, particularly that the industry has limited internal surveillance. Internal fraud has proven to be news-driven (and news-worthy); it’s a great feature lead-in story and scintillating red-meat for mass consumption. Internal fraud events are obviously a reputational risk for banks, but then take a huge turn into regulatory risk territory, before winding up squarely a legal risk (and the headline-grabbing fines that come with it). Finally, a strategic and market risk bubble up as customers are lost to competitors.
2017’s Payment Buzzwords in October…and Other Insanity
Is it just me or are things a little insane right now? From clowns wreaking havoc across the country to category 4 hurricanes also wreaking havoc (later and later into the year) to a certain presidential election (Sunday’s debate was, how you say, actually, it’s difficult for me to put into words) to now…Christmas decorations in October! And don’t forget the pop-up Halloween stores that arrived in August…August! So let the Rantings begin.
Integrated Fraud Prevention Tools in an Omni-channel World
In a previous blog post, I discussed the way in which technology partnerships are driving the evolution of the traditional payment gateway model, with value-added services becoming an increasingly important aspect of a payment gateway proposition. Real-time fraud prevention is one of many potential value-added services that a payment gateway can offer, but one that deserves particular focus, as the trend towards omni-channel commerce presents new challenges around fraud management.
How Digitalized Banking Will Force Collaboration And Other Key Highlights From Sibos
Returning from Sibos in Geneva, I am in a reflective mood on the main take-aways from this year’s event, key updates about the state of the payments industry—and what to expect in 2017.
Same Day ACH in the U.S.: Which Companies will take Advantage of Faster Payments—and Why
The faster payments movement in the U.S. could be the first opportunity for corporate entities to realize true Straight through Processing (STP) of payments. Anyone involved in payments for corporate entities can see the benefits of this type of new payment opportunity.
Immediate Payments Are "Necessary"—And the Banks Know It
Who says banks are dinosaurs? They just have a lot of innovation to juggle to keep pace. There are so many new initiatives to address—so how should banks prioritize?
DCC Cuestión de Elección y Servicio [DCC: Offering Choice and Service]
We continue our exploration of key trends impacting the Latin America market with a blog on Dynamic Currency Conversion. Many of our reader are seasoned travelers and you will be familiar with the option to pay in the local currency or your own currency using your credit card. Sonia Gomez provides an overview of DCC and how it can benefit all within the payments value chain.
Is Blockchain Ready?
SIBOS is just around the corner and blockchain will undoubtedly be one of the buzzwords at this year’s event (as is the case at pretty much every payments or fintech conference these days). The big question on everyone’s mind is whether blockchain really has the potential to change the global systems that process trillions of dollars in payments every day or whether it’s hype. I recently sat down with Paul Thomalla, ACI’s senior vice president of global corporate relations, to delve deeper into the topic, a topic on which he has just published a white paper.