Fading quickly into rear-view mirrors in 2016, and cyber security and fraud-related announcements show no signs of slowing down, it takes a closer look at global trends in online banking fraud and what we can expect for 2017 Yes, this is a good time.
Trends in online fraud
2016 saw the rise of various types of cyber security attacks. According to Microsoft Azure partner BioCatch’s webinar “Global Trends in Online Fraud: 2016 Year in Review”, remote administration tool (RAT) attacks have seen a boom in previous years.
One of the main reasons for the increase in RAT attacks is the difficulty of detecting them using traditional means, especially in the financial sector. RAT attacks use system-level remote access tools commonly used by desk administrators or desk personnel to provide technical support. Consequently, because a RAT attack originates from a customer’s device and uses non-Trojan, system-level software, such attacks bypass traditional anti-malware techniques.
One cyber security tool that has consistently
demonstrated the ability to thwart such attacks is behavioral biometrics. For example, in an international bank transfer attempt in 2016, a fraudster gained access to a customer machine through a RAT attack. Ultimately, however, behavioral biometrics characterized the transfer attempt as fraudulent, similar to the way in which the fraudster was interacting with the user’s device via the RAT.
In the accompanying infographic, the green dots to the right of the first image show that the legitimate user relied primarily on the scroll bar on the right side of the screen, while the red dots in the second image show that the scammer preferred the mouse scroll wheel to the same. To complete the task. Biometric analysis also showed that the fraudster used the caps lock key, as opposed to the legitimate user’s preference for the shift key.
Apart from RAT attacks, voice phishing (wishing), account takeover (ATO), refund attack and mobile banking fraud are some of the methods which also saw an increase in usage in 2016.
What to expect in 2017
As of March in 2017, many of these attack methods will only grow in popularity. In particular, RAT attacks have proven to be a very reliable and successful way to circumvent more traditional means of protection and there is no doubt until behavioral biometric security is more widely adopted.
Changes in various industries such as open API banking in the financial sector will open the way for rapid attack. 2016 saw an increase in aggregator attacks, namely attacks on services that allow users to access multiple services through one aggregator. Social engineering, one of the oldest methods of attack in the arsenal of fraudsters, will also see continued growth in 2017.
The BioCatch solution leverages Microsoft Azure cloud technology.
The solution analyzes users’ online interactions and provides a real-time risk score on an impulse, human or non-human (malware, bot, remote access trojan) in a single session. BioCatch uses Microsoft Azure Table Storage, Azure blobs, Azure Service Bus, Azure SQL Server and Event Hub.
Difficult to ensure compliance
Ensuring compliance In-depth regulatory scrutiny in response to terrorist funding and other accepted transactions has posed enormous challenges for banks. 20% of financial services have experienced enforcement action by a regulator, and this number is likely to increase. [ii] Banks face heavy fines, operational closures and reputational risks if they do not check against the rules and ensure all informational gaps.
Transaction takes place. And banks are not the only ones who suffer if they are not compliant – their customers are facing the effects of compliance as well. A bank in Asia was ordered to cease operations entirely as a result of serious regulatory violations by regulators and poor management oversight of bank operations. [iii] Customers expect compliance as a prerequisite and indicate good governance to ensure that banks are doing the business they want. Not mixed in criminal activities.