Cybercriminals are stepping up their attacks on financial institutions by gaining control of customer devices with sophisticated malicious software installed on a computer or mobile device to secretly read online credentials. The criminals then conduct real-time credential theft and take over accounts. Current technologies are simply not capable of identifying and preventing these attacks and are overloading bank fraud prevention operation teams with unnecessary false positive alerts. In the latest real-time account takeover scheme, cybercriminals use malware to steal user credentials at login, block users from logging into online banking, use the credentials in real time to log into victims’ accounts, and also steal any secondary authentication requests the bank receives from the user to bypass the bank’s security and gain full access to accounts.
The main reason cybercriminals continue to succeed is that they are using highly evasive advanced financial malware for a wide variety of attacks that are very difficult to detect. Cybercriminals are acutely aware of the technologies deployed by most financial institutions and simply design attacks to circumvent these controls. Bypassing them remains relatively straightforward because the controls are isolated rather than integrated with each other.
The Four Keys to Holistic Fraud Prevention
A holistic platform to prevent fraud must be built on four key elements that ensure sustainable prevention of cybercrime in light of the rapidly evolving threat environment.
A comprehensive fraud prevention platform is required to protect an organization from fraud attempts across all possible access devices and all attack methods.
An intelligent fraud prevention platform correlates data from multiple sources including malware infection, phishing incidents, and device identification, to conclusively detect and prevent attacks.
A fraud prevention platform should adapt to changes in fraud attacks by rapidly deploying countermeasures without overloading your internal resources.
A transparent fraud prevention platform does not burden customers with complex authentication protocols or long delays in processing while transaction alerts are sorted out.
Financial institutions that adopt such a holistic solution acquire highly accurate fraud detection that entails negligible customer involvement. When it does involve customers, it is only because the bank has conclusively determined there was attempted fraud, malware or phishing. Additionally, the bank’s fraud prevention capabilities should meet the critical regulatory requirements delineated in the Federal Financial Institutions Examination Council Authentication Guidance Supplement.
Fighting the war on cybercrime will not get easier for financial institutions. Cybercriminals use a divide-and-conquer approach by relying on poor communication about fraudulent activity between financial institutions as well as poor communication between fraud prevention systems that exist in silos. Traditional fraud prevention technologies help reduce fraud but are easily defeated by advanced cyber fraud techniques. To date, advanced financial malware has bypassed virtually every authentication method. Malware also has bypassed risk engines that detect anomalies by learning behaviors and transaction patterns to conduct fraud within tolerable statistical limits.
To win the war on cybercrime, institutions must wage their battles on the front lines—at the customer endpoint. This is where malware and phishing initiate the chain of events that eventually leads to fraud. Breaking the first link of the chain keeps fraud from ever entering the system where it can be overlooked by risk engine analytics or bypass authentication methods. Focusing fraud prevention efforts on the customer endpoint affords the highest likelihood of preventing cyber fraud. This protection, however, cannot be accomplished by simple customer education. The attack sophistication requires banks deploy equally advanced protection technologies, including customer endpoint malware detection.
A holistic fraud prevention platform focuses on preventing fraud at the customer endpoint. Just as important, it incorporates the four key elements that ensure maximum effectiveness with minimal disruption, today and into the future. As cybercrime threats evolve, so does the fraud prevention platform, quickly and seamlessly.