buguroo’s 3 Predictions for 2021: The Now, The New and The Revealed

Share this post

As for many other industries, 2020 was a turbulent year for the world of online banking fraud and behavioral biometrics.

Hindsight is a useful thing, and in a previous blog, we used it to evaluate the biggest lessons learnt in the year of COVID scams and maturing behavioral biometrics cybersecurity tactics.

Now, we look to the new year ahead and prepare for what we see as the top three trends in the online banking fraud industry for 2021.


The Now: Rise of digital banking to cause further online banking fraud

The pandemic has meant that social interaction – whether seeing friends, going shopping, or working with colleagues – has seen a notable shift to online channels. The same is true of banking, as banks have closed down the physical branches, and banking has to be carried out through digital channels. People who had never used online banking before had to figure it out for the first time in order to stay in control of their money.

This will lead to the following security issues in 2021:

  • The influx of new online customers presents a unique opportunity for fraudsters, who will look to exploit their inexperience. While many consumers are becoming well-versed in identifying and avoiding potential social engineering techniques, those who are unused to technology have become prime targets. As the pandemic continues to necessitate online banking, we expect the upward trend of targeted social engineering attacks to continue to increase this year.
  • Those who are unsure about online banking will look for help from their friends and families. But entrusting others with sensitive information such as passwords that shall always be kept secret diminishes their bank accounts’ security.
  • Another issue with more than one person accessing the same account is that it can trigger false positives in the bank’s fraud detection. This happens more and more as the inexperienced users ask their relatives to manage their accounts on their behalf. With that phenomena, legitimate customers are likely to end up being hindered or entirely blocked from accessing their own funds.


The New: Increase in new account fraud

As well as a broader shift to digital services, the current upward surge in virus cases is continuing to push the e-commerce drive after the holiday period. The increase in remote activity – along with the inability to authenticate customers in-person in local banking branches – inevitably coincides with an increase in new account fraud (NAF).

NAF is where fraudsters use stolen or synthetic identities to open accounts that appear legitimate but are used to commit fraud. Banks have been faced with no choice but to verify customer identity solely online. But, as it is much harder to accurately authenticate a customer that you’ve never met, fraudsters are finding a higher success rate in submitting fake documentation or manipulated personal information.

Meanwhile, credit card companies are continuing to attract new customers amid this online shopping drive with discounts and promotions – tactics that will also continue to entice fraudsters. Aite Group estimates that losses from false credit card applications in 2020 will come to approximately $2.1 billion in the U.S. alone, and this shows little sign of slowing down.


The Revealed: The Cerberus source code

Cerberus is a mobile banking Trojan designed for Google Android that, amongst other things, can intercept communications, carry out covert surveillance of devices and steal data including online banking credentials. Cerberus specifically targeted the customers of hundreds of banks around the world.

Then, during 2020, Cerberus’s source code was revealed online for free. The increased availability of malicious code has, in turn, increased the surface area of these types of attacks, including reading text messages that contain one-time passwords (OTPs) and two-factor authentication (2FA) codes. If that wasn’t scary enough, new samples of the malware that have been detected since the release show a new remote access trojan (RAT) functionality that can enable total control of an infected device.

All of this means that now fraudsters can manipulate the malware and continue to reuse new versions of it this year to perpetrate online banking fraud.


How can we stop these types of attack as we enter 2021?


By analyzing users’ behavioral biometrics as they use online banking services, it is possible to distinguish between legitimate customers attempting to access their own bank accounts and fraudsters who have stolen a customer’s information. Even a fraudster who has entered a customer’s legitimate username and password will be denied explicitly or quietly access to the account, while false positives of fraud will be reduced.


Using behavioral biometrics to analyze user behavior during the account opening process can prevent new account fraud by identifying fraudster behavioral patterns. This means financial services can block fraudsters and prevent fraud without introducing extra hurdles for genuine customers to overcome.

Read more on this in our whitepaper here.


Banks need a multi-layered approach to their security here. Smart and frictionless advanced malware detection combined with behavioral biometrics is the only way to block new variations of the Cerberus malware and new variations of it.

RATs are particularly tricky, as they have already infiltrated a user’s legitimate device and can circumvent other authentication attempts through the methods described above. Financial services organizations can use advanced behavioral biometrics analysis to dynamically profile users, flagging any unexpected changes that might occur during the entire online session, however small or temporary these anomalies might be.

Read more on stopping RATs in our whitepaper.



From the trends that emerged last year, it seems that the effects of 2020 only served to expand the negative implications of online fraud and increased the attack surface. With more banking now taking place online, we need to find a way to block the tempting opportunities this has created for fraudsters.

An anti-fraud solution that incorporates behavioral biometrics analytics combined with advanced malware detection is technology is fast-becoming truly crucial in any comprehensive online banking fraud strategy.

If you want to know futher information about Malware and Online Fraud Trends in 2021 take a look our webinar: Top three online fraud trends 2021.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?