How to guarantee online banking fraud won’t happen again

Share this post

How do you trust a customer you’ve never met? This is an issue banks contend with every day, as they try to detect and prevent fraud.

Online banking fraud has become an epidemic – and as fraudsters continue to adapt and employ more and more sophisticated techniques to commit their crimes, fraud analysts are left playing catch up.One in every two companies in the world has been a victim of cyber fraud in one way or another.

Online banking fraud prevention traditionally focuses on static points in the user journey, for example, at account creation and at access layers such as login and the moment of transaction.

What happens if a fraudster has already infiltrated a bank’s system and is operating undetected from within?

According to a recent report by RSA, more than 30 percent of online banking fraud is carried out from accounts supposedly belonging to legitimate customers.


The battle which is consistently the hardest to fight is against those fraudsters who are already on the inside.

In order to comprehensively detect and prevent fraud and then block it from happening again, the battle needs to be fought dynamically throughout user sessions, as well as throughout the entire system: identifying fraudsters, investigating and understanding their operational behavior, and then stopping the criminal activity at its source.

Finding fraudsters and the compromised accounts linked to them is extremely important if fraud is going to be cut off at its root. But once the fraudsters have been discovered, fraud analysts at individual banks need to be able to bar their digital door against them, and guarantee those same criminals – and anyone connected with them – can’t gain access to the bank’s system in the future.


Fraudster Hunter’s Policy Manager

In order to successfully block fraud at its source, the focus has to be on locating the fraudsters themselves.

buguroo’s platform generates a unique digital profile – or Bionic ID – for every user who accesses a bank’s online system by analyzing thousands of parameters relating to each user’s behavioral biometrics, from the way in which they type their name to the angle at which they move the mouse or hold their phone, as well as contextual information such as geolocation, device profiling and malware records.

buguroo’s unique capability, Fraudster Hunter, performs link analysis powered by these Bionic IDs to recognize the real user behind the user profile.

The tool identifies and investigates fraudster activity and visualizes the connections between components to discover the accounts being used to commit fraud or those at high risk of being used to commit fraud.

This is where things get innovative.

Once a fraudster or any kind of fraudulent activity has been found, the bank’s analysts can utilize fraudster identifiers or behavior links to create a bespoke rule, which automatically flags up the same type of fraud or person in the future.

These individual rules utilize dozens of Bionic ID attributes to detect fraudster activity, before automatically triggering a predefined action which can range from stepping up authentication to terminating the transaction altogether, depending on the level of risk.

For example, once a fraud team has uncovered a fraudster and blocked them from logging in or carrying out a transaction, they can then create a bespoke rule surrounding this same user.

The next time the fraudster tries to log in to the bank’s online system, the rule will detect a match, essentially recognizing them before automatically blocking them from logging in or carrying out a transaction.


Rule-based fraud prevention campaigns

What’s more, these rules can be stored and then combined to create personalized, rule-based fraud prevention campaigns, that are built to address any combined set of attacks the fraud team deems necessary – ranging from phishing to RATs to new account fraud. In the example above, rules can be combined to ensure the fraudster is effectively blacklisted and can never access accounts in the bank’s system.

Furthermore, link analyses delivered by Fraudster Hunter mean that if the fraudster is acting as part of an organized fraud ring, anyone connected to them can be blocked as part of the same campaign, automatically revealing and blocking fraudsters and potentially freezing entire networks of mule accounts.

Enabled rules and campaigns actively scan all mobile and online transactions for matches with predefined fraudster identifiers and activity in real-time.

Key benefits of Policy Manager

The introduction of Policy Manager, which is now a standard feature included with Fraudster Hunter, allows fraud teams to drastically increase their efficiency and fraud detection rates.

The customizable nature of the capability allows fraud analysts to personalize the deployment of AI in their fight against online fraud, which means the solution is like adding another member to the team. Only this teammate has a photographic memory, and can identify fraud and then recognize it again every time it occurs.

Teams now have an increased flexibility to respond to emerging fraud attacks, reducing losses caused by fraud without having to increase fraud team size.

Above all, the campaign-based solution is fast, it’s flexible, and it’s scalable; irreversibly eliminating fraud throughout banks’ systems and at all points in the user journey through continuous authentication.

It allows financial services to swiftly respond to threats and stop new fraud schemes without affecting legitimate customers and therefore maintaining customer trust and safety.

With the addition of Policy Manager, Fraudster Hunter now delivers the ability to comprehensively:

1)      identify fraudsters

2)      learn and understand how they operate

3)      create automated defenses to stop them from committing fraud at the bank in the future.

More To Explore


Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?