There’s no escaping the fact that criminals are constantly evolving their electronic payments fraud techniques and increasing the threat to financial institutions, businesses and consumers. Their tactics encompass all types of electronic financial transactions including wire transfers, SEPA credits and debits, online and mobile payments, writes Mike Urban
The recent Payments Fraud Survey by the Association of Financial Professionals (AFP) found that wire transfer fraud alone more than doubled between 2011 and 2012 in the US.
Similar wire fraud incident increases are occurring in all regions around the globe. Wire fraud incidents have, over the past year, led to million dollar losses at institutions in multiple geographies.
It is no wonder then that experts are predicting that a wire fraud attack could potentially have a systemic impact on a major financial institution in the near future.
In addition, the growth of mobile banking (with users expected to exceed 1 billion by 2017) is presenting its own unique set of challenges. Financial institutions need to work hard to combat the risks that these existing and new digital channels present – with those that are unable to protect their customers from cybercrime inevitably risking reputational damage and potential loss of revenues.
Malware is one of the most common methods used to attack computer systems and gain access to private information, and cybercriminals are becoming ever more sophisticated and varied in their methods for developing attacks.
Recent figures show that there are tens of millions of malware variants alone and spear phishing, whereby a criminal poses as a trusted source while attempting to gain access to confidential data, is being used extensively.
Distributed Denial of Service (DDoS) attacks are also an increasingly popular method of attack in order to divert the attention of bank security staff while defrauding bank systems. Of particular concern is the growing trend for insiders – staff within financial institutions – to steal financial details.
With criminals devising increasingly complex and innovative ways to execute payments fraud, the creation of a robust prevention and detection strategy is imperative for financial institutions to protect both themselves and their clients.
A layered security model, which is characterised by the use of different controls at different points in the transaction life cycle, is the strongest method of fraud prevention. This means that any weakness in one control is generally compensated for by the strength of a different control.
Go deeper with GlobalData
The Layers in Layered Security
1. Perimeter Detection – monitors whether an attempt to access an account on a particular device is consistent with previous behavior;
2. Transaction Initiation – uses behavioral profiling to determine whether the type of transaction is consistent with previous transactions, or consistent with the behavior of a peer customer or business, and
3. Transaction Authentication – uses multifactor authentication and identification. Non-transactional data is used to authorise a transaction at this stage and financial crime platforms use predictive modelling based on outcomes of previous investigations to flag whether a transaction is potentially fraudulent.
The stage at which an institutions’ fraud prevention and detection systems will flag a transaction as potentially fraudulent depends on the risk profile of the individual or organisation involved and the defences that financial institutions have in place at any point in time need to be flexible enough to react to evolving typologies of financial crime.
Such rapid change requires technologies, models and solutions that can be focused on preventing specific fraud attacks. What’s more, financial institutions must be empowered to effect this change themselves based on their changing risk exposure.
The growing use of the mobile channel for transactions creates its own unique set of challenges as mobile devices are an additional entry point for criminals to commit payments fraud.
While organisations are well-versed in monitoring the IP address of any computer attempting to gain access to accounts, for a mobile device they must be able to track its IMEI code or device ID.
Mobile devices are easily stolen and often come complete with all the personal data consumers have stored on the devices, including social network accounts that they are permanently logged into.
According to the 2012 Identity Fraud Report, ‘Social Media and Mobile Forming the New Fraud Frontier’, only 38% of smartphone owners and 34% of tablet owners use passwords on their home screens.
The report also revealed that one third of smartphone owners save personal login data to their device. Few consumers take the time to log out of banking or social networking apps, making it very easy for criminals to steal their details to use fraudulently.
For the majority of organisations, the greatest threat of cybercrime is loss of reputation. Organisations which fall victim to cybercrime will be perceived by business partners and customers as less secure, resulting in a loss of trust.
With clients demanding more from their financial institutions and reputations hanging in the balance, proving that defences are safe and robust is crucial in order to gain competitive advantage – not to mention the ever present drive for efficiency requiring that the cost of managing payment fraud keeps reducing.
Mike Urban is Director of Product Management, Financial Crime Risk Management, Fiserv
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData
