Corporate banking typically requires increased security over other banking functions as it is targeted by the most sophisticated cybercrime schemes and presents high risk due to the value of transaction amounts that are often sent to international or unknown destinations. Digital transformation has also put pressure on the financial services industry to move money faster and with minimal disruption to businesses. See how one financial institution put the brakes on a sustained account takeover cyber attack with behavioral biometrics and stopped a £1.6 million fraudulent transaction.
Account takeover fraud remains an ongoing problem for financial institutions, e-commerce merchants, and virtually any organization that offers products or services that can be monetized. Last year, account takeover fraud cost U.S. businesses nearly $7 billion in losses. This e-book provides insights into what is fueling the growth in account takeover attacks, what traditional fraud prevention tools are missing, and new strategies and approaches to fight back.
The BioCatch Case Manager tool empowers fraud operators to investigate high-risk activities and provide genuine and fraud feedback in real-time, reducing the fraud-review operational cost and enhancing accuracy of the risk engine based on confirmed fraud cases. The Case Manager tool helps simplify investigation and drives faster resolution, while providing visibility into the fraud operators activities and workload
Customer experience is the hallmark of growing revenue in digital channels. However, that revenue can be threatened by losses sustained from new account fraud, account takeover and other fraud threats. As the volume of digital transactions continues to surge, the need to provide a seamless customer experience and manage risk remains a delicate balancing act.
Within a remarkably short period of time, COVID-19 has dramatically altered the way in which the global population works, transacts, and interacts. Social distancing, a term that was not in most people’s vocabulary just a few short months ago, is the new norm. Fraud and AML operations functions at financial services firms have not typically consisted of a remote-enabled workforce, nor are most operations centers known for ample space between workers, so the shift to remote workers and the requirements of social distancing have necessitated a rapid adjustment for firms around the globe.
The US banking industry has made a significant leap forward by launching Zelle, a real-time p2p platform for moving money from the user’s bank account to an email/mobile contact. In Q3 2019, Zelle traffic was reported to be 196 million transactions with a volume of $49 billion, and many banks in US are now offering Zelle functionality via their online and mobile banking applications.
According to multiple threat index reports issued at the end of 2018, the threat of Remote Access Trojans (RATs) is at an all time high. One RAT made Checkpoint’s Global Threat Index Top 10 list, while Proofpoint reports that the number of RATs doubled each quarter of 2018, accounting for more than 5% of all malicious payloads for the year, marking a significant change from the past.
Zelle is awesome! The highly innovative P2P scheme allows people to pay in real-time from their bank account to any of their contacts. It’s easy to use, super-fast and extremely convenient.
Digital transformation has introduced exponential opportunity in the financial space. The way we manage our money online (via banking, money transfers and shopping) has changed dramatically. We have moved away from a one-time, occasional transaction with a merchant, requiring several steps to checkout, to a continuous, connected relationship and quick, instant checkout. Digital identity has evolved into an essential part of the modern money lifecycle, bringing into the mix issues of securing personal data, privacy and more. At the same time, data breaches and phishing attacks have created an abundance of stolen credentials, turning identities into the most consequential attack vector in the financial world. During this webinar, Ayelet Biger-Levin, VP, and Gareth Campbell, Head of Threat Analytics, will discuss how BioCatch enables the future of money by providing a secure and frictionless user experience across multiple use cases such as account opening, login and payments.
BioCatch takes a unique approach to solve the Trojan predicament. Rather than detecting a specific Trojan variant, wouldn’t it be better to detect all types of malicious actors, be it Trojans, bots or other adversaries? And what if we could not only protect against current, known, threats, but also future, unknown modes of operation? And finally, what if this detection can be truly continuous, easy to integrate with and deploy, with tools that provide visibility into the user activity?
The Policy Manager allows fraud teams to define the actions that should take place depending on the various system outputs, streamlining the implementation process and heightening the usability of the BioCatch system. Going beyond simply providing a best-of-breed risk score, the BioCatch Policy Manager offers flexibility in establishing the actions that should occur if the user behavior inside a session triggers a predefined condition. Instead of building rules based on 0-1000 ranges that have to be well-understood for a particular environment, the Policy Manager allows fraud analysts to benefit from added logic that mitigates fraud in real-time, simplifies back-end operations and assists with gathering data for proactive, investigative analysis.
New account fraud continues to grow at a rapid pace, threatening new digital banking business models and fintech platforms such as Zelle, that are in a customer acquisition race. Convenience, speed and ease of use make digital the preferred channel for consumers, but also open the door for criminals. With 14.7 billion personal records stolen in the last 6 years and the proliferation of synthetic identities making it very difficult to tell the difference between a legitimate applicant and one that will result in loss, new models for identity verification are starting to emerge, with behavioral biometrics as a key component.
The newest report issued by the U.S. General Accounting Office (GAO), Federal Agencies Need to Strengthen Online Identity Verification Processes, calls for an overhaul and updated guidelines on identity proofing, highlighting the availability of data stolen in various data breaches over the years in the hands of attackers and fraudsters. Already, the National Institute of Standards and Technology (NIST) has issued guidance in 2017 that effectively prohibits agencies from using Knowledge-Based Authentication (KBA) methods for sensitive applications. Now, the GAO is going one step further, recommending that all agencies discontinue the use of KBA and highlights various alternatives for consideration. The outcome may have far-reaching implications not just for federal agencies but across the board for all private entities that conduct identity verification and authentication to provide digital products and services.
Identity is everything on the internet. Every authentication hurdle online users need to jump through, such as two-factor authentication and passwords, is aimed at one goal – verifying the identity of the user. Digital identity has never been as important as it is now and will only continue to grow in importance as digital transformation takes hold.
This tier-one credit card issuer suffered from millions of dollars in fraud losses caused by the use of stolen personal information or synthetic IDs in the application process. Their existing fraud detection model was based on traditional means of verifying identity – personal data, device reputation, etc.
One-time passwords (OTP) remain one of the most widely used forms of two-factor authentication, despite their well-documented vulnerabilities. Earlier this year, a major UK bank was hit by an attack in which fraudsters diverted text messages from legitimate customers’ phones in order to bypass two-factor authentication and access accounts.
With 55 percent of millennials stating that difficulties in resolving problems with their bank are frustrating enough to make them leave and traditional fraud detection measures yielding 30–50 percent false alarm rates,1 BioCatch knew they had to play squarely into next-generation banking approaches to improve business outcomes.
According to a recent UK Finance report, British banking customers lost £500m to fraudulent schemes in the first half of 2018 alone, the majority of which came from “unauthorised fraud” (i.e., hacking of user accounts.) During these six months, there were 3,866 confirmed cases of social engineering scams (“authorised fraud” or “impersonation”) in the UK, with the scams leading to £36.6M in losses, for an average loss in excess of £9,000 per person.
The problem is most acute in the UK but is not limited to that country. These types of scams are on the rise everywhere. The European Commission has revealed that it is looking into ways to address this vexing challenge. In the U.S., the Federal Trade Commission has reported that 77% of its fraud complaints involve contacts by telephone, of which voice social engineering is a subset. Most recently, the Australian Taxation Office has issued a warning on the rise of this threat.
The paradigm for identity risk management and authentication is changing. In the new paradigm, context and data available for a specific type of interaction must drive analytics. Instead of just looking for commonality, we need to make better use of data that is unique.
The BioCatch Analyst Station is a web-based interface that displays the data for one or many sessions and provides summary reports. The portal enables the customer to easily detect and act upon possible fraudulent activity in user accounts. The BioCatch Analyst Station is used for post-session data analysis, typically at the end of each day or whenever required by the administrator.
In recent years, Peer to Peer payments have shown a significant increase, passing the $120 billion mark (2017). Currently, one in three American consumers uses P2P apps to make instant payments to friends, relatives, service providers, or anyone they owe money. Since P2P account opening does not require identity verification, it is vulnerable to various types of fraud and threats including malware, social engineering, remote access, SIM swapping, call forwarding and other techniques. Using these techniques, the fraudsters are able to exploit two main points of failure:
Malware infections and Remote Access Trojan (RAT) attacks are on the rise, enabling cyber criminals to take over accounts from afar and automate fraud. Despite traditional fraud detection measures and cybersecurity safeguards, malware and RAT attacks remain prevalent. Undetected malware attacks can result in direct losses to account holders and have a long-term detrimental effect on business and customer confidence.
In recent years, a growing number of organizations have employed two-factor authentication (2FA) as a primary safeguard mechanism. They all share the notion that requiring a second security layer will be instrumental in reducing data breaches and identity theft. Two-factor authentication is based on the fundamental assumption that at least two out of three authentication factors are used in the process (“something you know, something you have, something you are”). 2FA is not a new security measure, nevertheless, it is in extensive use, despite the growing recognition that it is not so effective.
As account opening continues to transition from physical to digital channels, financial institutions, issuers, lenders, and other organizations must optimize the digital experience of applicants in order to compete. At the same time, fraud is on the rise as criminals have become more successful than ever, thanks to some of the same digital channel benefits enjoyed by consumers: convenience, speed, and ease of use. To achieve the necessary balance between preventing fraud and providing a delightful experience for consumers, an approach to identity proofing that accounts for the channel, product, customer, and threat environment is absolutely critical. But regardless of the approach, inconspicuous solutions — like those based on applicant behavior — have a distinct role to play in how institutions manage the risk of application fraud.
Customer experience is the hallmark of growing revenue in digital
channels. However, that revenue can be threatened by losses sustained from new account fraud, account takeover and other cyber threats. As the volume of digital transactions surges, fraud and risk management leaders are tasked with building trust across a broad range of use cases, managing risk across digital channels, and limiting financial losses from cybercrime.
The global insurance market is a multi-trillion-dollar market worth more than $4.5 trillion in gross insurance premiums (2015). In 2016, the gross insurance in premiums in the U.S reached $2.67 trillion with $1.5 trillion in paid claims.
As mobile devices eclipse computers and laptops as the preferred method of going online, fraudsters have followed users, porting their modus operandi –account takeover, social engineering, and malware based remote control attacks – to the mobile arena. Mobile has opened up many new ways for users to communicate and connect without being tied to a desk or a power outlet – and at the same time, it has presented hackers with many more opportunities to perpetrate fraud and carry out attacks that cannot be detected with traditional tools used to detect attacks in web sites. As a result, companies need to apply new fraud controls to protect mobile users and enable them to carry out transactions, check bank accounts, make purchases, etc.