Combating Online Banking Fraud - A Top 10 List
For many financial institutions, the recent ruling in the US holding a bank responsible for fraudulent losses from business accounts has raised a few eyebrows because, traditionally liability has remained with the customer for business accounts.
However, the court ruled that the bank has a responsibility to protect its customers through the use of fraud detection mechanisms.
For most banks this just means doing what they do already. The fraud detection systems used today are comprehensive - looking at payments from different organizations, across different channels, all day every day, and spotting anything that seems even slightly out of the ordinary. As an industry we share information about types of fraudulent attacks, or even the IP addresses used by criminals to try to gain access to online bank accounts, and the fight never stops to stay one step ahead of the fraudsters.
If banks want to check that they are promoting reasonable efforts to prevent and detect online banking fraud protection for their customers, we have produced a checklist of ten of the most important features of successful fraud prevention and detection:
- Apply multi-factor logon authentication for online banking systems – such as tokens with one-time password or Adaptive Authentication (risk-based authentication).
- Utilize real-time analytics – monitor transactional behavior to determine whether activity is standard or anomalous for that customer. When high-risk activity is detected, action can be taken in real time or near-real time to stop the transfer of funds from the customer’s account. Funds can also be held until customer validation can take place (see #4 below)
- Employ profiling – include non-financial information (IP address, login activities, and device characteristics) to build customer profiles which can be stored to monitor ongoing behavior.
- Make use of out of band notification methods – utilize phone call, text message, e-mail, etc to confirm activity with customers before transactions can be completed.
- Maintain anti-virus software – Be sure to recommend your customers keep it current on end-user machines. While not fool-proof, it can stop lesser forms of intrusion.
- Maximize password management – Ensure password management best practices are enacted (e.g. change password every ninety days, minimum length, combination alpha-numeric, varying history, etc.)
- Leverage dual approval and limit management capabilities in your online banking tool – End-users with transaction initiation or approval entitlements should not also have administrative rights.
- Implement token management at ACH or Wire release – this approach provides another layer of authentication prior to finalizing the transaction.
- Employ a prescriptive, layered approach to security – utilize security tools within your online banking solution (e.g. multi-factor authentication, limit management, etc) with a fraud prevention and detection solution (e.g. profiling, analytics, etc.
- Education – keep it simple but constant. Partner with your customers to ensure they are aware of today’s threats and know what tools are available today to protect themselves.
Related blog posts
Rio 2016 – Once the Games are over, it doesn’t mean fraud is over
The 2016 Rio Games are in full swing—with great story lines and unbelievable performances by incredible athletes, all being watched and admired by a million additional tourists in town (not to mention the many billions watching on TVs and computer screens).
The connected world, mobile commerce and fraud
The following Portuguese language contribution comes from one of our many talented Latin America-based colleagues and fintech experts. Based in Sao Paolo, Hugo Costa, general manager of ACI Brazil, provides some great insight into the connected world, mobile commerce and fraud.
Alarming Brazilian card fraud trends & outlandish risky behavior
In a recent report “Global Consumers: Losing Confidence In The Battle Against Fraud,” it was found that 30% of consumers have experienced card fraud in the past five years. Against a backdrop of 2,260 confirmed data breaches in 2015 and over 4 billion records stolen since in 2013, consumers are losing faith in the ability of providers to protect them.
South African card fraud trends & risky consumer behavior
In conjunction with the PASA International Payments Conference this week, we decided to take a look at some recent consumer fraud data from the host nation, South Africa. The market is very similar to the global averages, in that a shockingly high number of consumers continue to experience card fraud. Despite the number of fraud attacks and breaches, consumers in South Africa continue to engage in risky behavior such as providing information in phishing attempts and writing down their PIN numbers.
July: the hottest shopping time of the year for consumers, retailers—and fraudsters
Summer is in full swing, and while many people equate this time of year with beach-hopping and BBQs, retailers—and those of us who keep them in business— are quickly making July one of the most exciting shopping months of the year. Irresistible online sales and promotions abound, and with that, so does the risk of fraud. In fact, eCommerce fraud attempt rates in July, 2016 (1.6%) are slightly higher than fraud rates in December, 2015 (1.2%), which is the busiest holiday shopping time of the year.
Three things that it takes to be in the Fraud Management Business in 2016; a survey reflection
On the heels of ACI’s latest Consumer Fraud Survey, recurring questions have continued to solidify themes. Let me summarize the results for you: There is incrementally more card fraud, consumers are not changing their behavior all that much in reaction to it, and they expect any issues to be addressed and resolved more easily today than in years past. Of course, this is about what we should be anticipating in our “always on”, service and convenience oriented, mobile world. So, with that said, here’s what fraud management means to consumers and fraud managers in 2016.
Consumers want access Merchants want simple global and secure opportunities How to achieve both
While riding the local commuter rail on my last leg home from NYC, I sat next to a woman who was on her smartphone shopping on what looked like a Chinese website. I smiled to myself after just having spent the day talking about the massive opportunities presented in the borderless world of eCommerce. The scenario was very timely as the day’s discussion centered on providing consumers with access to goods and services and the merchants’ opportunity to serve them anytime, anywhere with the payment options they desire.
EMV in the US The picture six months on Part 2
EMV implementation – the side effects
EMV in the US The picture six months on Part 1
It has been six months since the EMV liability shift occurred in the US on October 1, 2015 – and it’s time to assess our progress, challenges and outlook.
How the Canadians are beating back fraud
Greetings, Canadians from your friends down south. While I am an American by passport, I am longing to be a Canadian in spirit, finding things like Poutine, Hockey and Cream Ale far better beyond the border.