Members Case Studies
April 4, 2024
As for many other industries, 2020 was a turbulent year for the world of online banking fraud and behavioral biometrics.
Hindsight is a useful thing, and in a previous blog, we used it to evaluate the biggest lessons learnt in the year of COVID scams and maturing behavioral biometrics cybersecurity tactics.
Now, we look to the new year ahead and prepare for what we see as the top three trends in the online banking fraud industry for 2021.
The pandemic has meant that social interaction – whether seeing friends, going shopping, or working with colleagues – has seen a notable shift to online channels. The same is true of banking, as banks have closed down the physical branches, and banking has to be carried out through digital channels. People who had never used online banking before had to figure it out for the first time in order to stay in control of their money.
This will lead to the following security issues in 2021:
As well as a broader shift to digital services, the current upward surge in virus cases is continuing to push the e-commerce drive after the holiday period. The increase in remote activity – along with the inability to authenticate customers in-person in local banking branches – inevitably coincides with an increase in new account fraud (NAF).
NAF is where fraudsters use stolen or synthetic identities to open accounts that appear legitimate but are used to commit fraud. Banks have been faced with no choice but to verify customer identity solely online. But, as it is much harder to accurately authenticate a customer that you’ve never met, fraudsters are finding a higher success rate in submitting fake documentation or manipulated personal information.
Meanwhile, credit card companies are continuing to attract new customers amid this online shopping drive with discounts and promotions – tactics that will also continue to entice fraudsters. Aite Group estimates that losses from false credit card applications in 2020 will come to approximately $2.1 billion in the U.S. alone, and this shows little sign of slowing down.
Cerberus is a mobile banking Trojan designed for Google Android that, amongst other things, can intercept communications, carry out covert surveillance of devices and steal data including online banking credentials. Cerberus specifically targeted the customers of hundreds of banks around the world.
Then, during 2020, Cerberus’s source code was revealed online for free. The increased availability of malicious code has, in turn, increased the surface area of these types of attacks, including reading text messages that contain one-time passwords (OTPs) and two-factor authentication (2FA) codes. If that wasn’t scary enough, new samples of the malware that have been detected since the release show a new remote access trojan (RAT) functionality that can enable total control of an infected device.
All of this means that now fraudsters can manipulate the malware and continue to reuse new versions of it this year to perpetrate online banking fraud.
By analyzing users’ behavioral biometrics as they use online banking services, it is possible to distinguish between legitimate customers attempting to access their own bank accounts and fraudsters who have stolen a customer’s information. Even a fraudster who has entered a customer’s legitimate username and password will be denied explicitly or quietly access to the account, while false positives of fraud will be reduced.
Using behavioral biometrics to analyze user behavior during the account opening process can prevent new account fraud by identifying fraudster behavioral patterns. This means financial services can block fraudsters and prevent fraud without introducing extra hurdles for genuine customers to overcome.
Read more on this in our whitepaper here.
Banks need a multi-layered approach to their security here. Smart and frictionless advanced malware detection combined with behavioral biometrics is the only way to block new variations of the Cerberus malware and new variations of it.
RATs are particularly tricky, as they have already infiltrated a user’s legitimate device and can circumvent other authentication attempts through the methods described above. Financial services organizations can use advanced behavioral biometrics analysis to dynamically profile users, flagging any unexpected changes that might occur during the entire online session, however small or temporary these anomalies might be.
Read more on stopping RATs in our whitepaper.
From the trends that emerged last year, it seems that the effects of 2020 only served to expand the negative implications of online fraud and increased the attack surface. With more banking now taking place online, we need to find a way to block the tempting opportunities this has created for fraudsters.
An anti-fraud solution that incorporates behavioral biometrics analytics combined with advanced malware detection is technology is fast-becoming truly crucial in any comprehensive online banking fraud strategy.
If you want to know futher information about Malware and Online Fraud Trends in 2021 take a look our webinar: Top three online fraud trends 2021.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
