Combating Online Banking Fraud - A Top 10 List
For many financial institutions, the recent ruling in the US holding a bank responsible for fraudulent losses from business accounts has raised a few eyebrows because, traditionally liability has remained with the customer for business accounts.
However, the court ruled that the bank has a responsibility to protect its customers through the use of fraud detection mechanisms.
For most banks this just means doing what they do already. The fraud detection systems used today are comprehensive - looking at payments from different organizations, across different channels, all day every day, and spotting anything that seems even slightly out of the ordinary. As an industry we share information about types of fraudulent attacks, or even the IP addresses used by criminals to try to gain access to online bank accounts, and the fight never stops to stay one step ahead of the fraudsters.
If banks want to check that they are promoting reasonable efforts to prevent and detect online banking fraud protection for their customers, we have produced a checklist of ten of the most important features of successful fraud prevention and detection:
- Apply multi-factor logon authentication for online banking systems – such as tokens with one-time password or Adaptive Authentication (risk-based authentication).
- Utilize real-time analytics – monitor transactional behavior to determine whether activity is standard or anomalous for that customer. When high-risk activity is detected, action can be taken in real time or near-real time to stop the transfer of funds from the customer’s account. Funds can also be held until customer validation can take place (see #4 below)
- Employ profiling – include non-financial information (IP address, login activities, and device characteristics) to build customer profiles which can be stored to monitor ongoing behavior.
- Make use of out of band notification methods – utilize phone call, text message, e-mail, etc to confirm activity with customers before transactions can be completed.
- Maintain anti-virus software – Be sure to recommend your customers keep it current on end-user machines. While not fool-proof, it can stop lesser forms of intrusion.
- Maximize password management – Ensure password management best practices are enacted (e.g. change password every ninety days, minimum length, combination alpha-numeric, varying history, etc.)
- Leverage dual approval and limit management capabilities in your online banking tool – End-users with transaction initiation or approval entitlements should not also have administrative rights.
- Implement token management at ACH or Wire release – this approach provides another layer of authentication prior to finalizing the transaction.
- Employ a prescriptive, layered approach to security – utilize security tools within your online banking solution (e.g. multi-factor authentication, limit management, etc) with a fraud prevention and detection solution (e.g. profiling, analytics, etc.
- Education – keep it simple but constant. Partner with your customers to ensure they are aware of today’s threats and know what tools are available today to protect themselves.
Related blog posts
Mobile is Transforming the Travel Sector
February in South Africa means long, hot days, and seemingly endless sunshine (interrupted only by the occasional thunderstorm). Temperatures often top 30 Celsius (that’s mid-eighties for my American friends) and nearly every day is deserving of a braai (that’s barbeque for the rest of the world). But I do spare a thought for my colleagues and friends in Boston, New York, Munich and London (amongst others) at this time of year, as they slog it out through the darkest and coldest months of winter. Who’s to blame them for seeking a bit of light escapism as they plan and book their spring and summer vacations?
Connected Devices are Opening Up New Forms of Payments and Partnerships
Of all the trends that are currently shaping – or re-shaping – the nature of payments, none is more significant than the rise of the Internet of Things (IoT). We often talk about the payments ‘ecosystem’ and the complexity that exists between the many participants that are part of this ecosystem, but this complexity will expand exponentially as millions – no, billions – of devices become internet capable.
Busting Bitcoin Myths
Bitcoin has attracted its fair share of media attention – and some negative perceptions held by merchants and consumers are hard to shake. To what extend is this justified? Or are there myths that can be dispelled? Bernard Kaufmann, General Manager, Payment21 contributed the following guest blog post to do some cryptocurrency ‘mythbusting.’
Opportunities and challenges in Middle East and North Africa
HyperPay – a Gate2play product – launched in 2013, and is the fastest growing payment gateway in the Middle East and North Africa region. Providing a range of processing services that help businesses sell online and offline, HyperPay delivers the region’s leading payment gateway, enabled by the UP eCommerce Payments solution. We spoke with Alaeddin Elmajed, Payment Services Director at HyperPay, about the region's challenges and opportunities.
Addressing the Challenge of Advanced Remote Management of Payment Forms
Payment forms (also known as payment widgets) are an invaluable payment technology, not only because they are simple to integrate, but also because they give merchants full flexibility in the design of their checkout pages.
Open API Architecture is Now a Prerequisite for Merchants
Next generation merchants, including global players such as Uber and Airbnb, have built their success on openly accessible APIs and technologies that are constantly evolving to meet market needs. Because they have built their products and services on openness, they also expect an open technical setup from their payment providers. This puts pressure on payment providers to deliver state-of-the-art payment technology.
Peak Trading Is About More Than Black Friday And Cyber Monday
Many merchants will have now experienced their biggest single trading day of the year, either Black Friday or Cyber Monday, and alongside these peak trading days have focused their efforts on effective fraud managements and delivering a seamless and secure checkout experience. However, this is not universally the peak for all merchants.
Analyzing Annoyance Online Shopping Behavior at the Checkout
If you’re standing at the checkout in a brick-and-mortar store, it’s easy enough to see when fellow customers become agitated and annoyed. Impatiently checking the time, audible ‘harrumphs’ and negative body language are all tell-tale signs that the payment process is not proceeding as smoothly as desired. But how does this frustration manifest itself in online shopping behavior?
Connecting European Merchants and Chinese Shoppers via Alipay
Despite its size and reach, Alipay is still an emerging player outside its home country, China. Launched in 2004 as part of the Alibaba Group, its e-wallet is the world’s leading third party payment platform. Part of its success stems from the fact it is embedded in many of the Alibaba Group’s merchant services; including Taobao, an online consumer-to-consumer shopping platform; AliExpress, an online retail service for small Chinese merchants selling outside China; and TMall, an online platform for global brands selling to affluent Chinese shoppers.
Risky Business? Open Invoice Payments In Germany
PayProtect is used by merchants and payment service providers to manage the risk around 'purchase on account' – a payment method that is a must when operating in the large German eCommerce marketplace. Jens Kühle, MD of GPP, a company of the GFKL-Lowell Group, sat down with us to explain the specifics of eCommerce risk management in the German market.