Share this post
In April 2021, we launched the Revelock Fraud Detection & Response (FDR) platform, our all-in-one solution which boosts financial organizations’ ability to accurately spot bad actors and actively protect legitimate users against identity manipulation and impersonation attacks.
Just as importantly, it does all this without adding friction to the customer journey. One of the core capabilities within this platform is Revelock Active Defense, which is designed to stop malware and phishing attacks, and give fraud analysts full control over client-side automated risk mitigation.
Revelock Active Defense delivers a new age of proactive fraud response in banking, rooted in the ability not just to detect suspicious activity, but also to automatically stop and respond to ever-changing threats. It’s a set of highly intelligent tools that increase the costs of committing fraud for cyber adversaries while decreasing the associated workload for banks’ cybersecurity teams.
Here, we explain how exactly this enhanced capability protects web and mobile banking apps and why it’s changing the game of online fraud prevention.
The need for a new kind of fraud defense
The way cybercriminals operate now is different to how they did 5-10 years ago. The evolution of their tactics in recent years has enabled them to carry out elaborate data breaches and manipulate users into surrendering personal information, all of which is used to perpetuate the vicious cycle of fraud. Add to this the rise of fraud-as-a-service schemes – which make launching attacks accessible even to non-technical actors – and a global pandemic accelerating the move to digital channels – thus increasing the pool of potential victims – and you get a perfect storm. Put simply, online banking fraud today is a low-risk, high-reward industry.
Historically, banks have been on the back foot when it comes to fighting these bad actors. Although the market is saturated with tools that detect and alert banks of suspicious activity, little has been done to actually move banks’ fraud response from “whack-a-mole” to a more proactive footing. While fraud analysts – who are overworked and in limited supply – are kept busy with the flood of alerts, false negatives, and false positives that these traditional anti-fraud systems generate, fraudsters are hopping from victim to victim, unencumbered by the consequences of their past actions.
This is where Active Defense is a game-changer. By automating the handling of most types of alerts, it gives fraud teams the tools they need to create real barriers to stop bad behavior, focus on the most crucial investigations and, in doing so, raise the stakes for cybercriminals to the point where there’s no longer enough of an incentive to perpetrate fraud.
What we mean by Active Defense
The term ‘active defense’ was first used by the US Department of Defense, but in cybersecurity, in particular, it refers to deploying actions that make it harder for cyber-adversaries to carry out attacks. These actions aim to confuse attackers with traps and advanced forensics and often provide an automated incident response – which can refer to different response strategies seeking to increase the work for the attackers and decrease the work for the defenders.
Revelock Active Defense follows this concept, but in the specific arena of online fraud. By automating fraud response, it actively stops and deters adversaries, thus increasing the cost and complexity required to commit online fraud.
The problem Active Defense solves: Identity attacks and manipulation attacks
In today’s post-breach world, stolen credentials are readily available for bad actors to use to impersonate legitimate users and carry out account takeover (ATO) attacks.
Revelock Active Defense prevents targeted credential theft – by way of malware and phishing attacks – through the power of automated detection and response. It allows financial organizations to pre-determine what kind of automatic response is triggered when malware or phishing attacks are detected – ranging from stepped-up verification requests, session termination, auto-logoff to account lockout – immediately protecting the user.
For example, a user might receive a phishing email from bad actors posing as the bank, prompting them to follow a link and log in to their bank’s online portal. This would take them to a cloned page where their credentials would be captured and used for a follow-on account takeover attack. Revelock’s Phishing Blocker recognizes this tactic and immediately directs customers to a legitimate page instead, stopping the identity attack.
Besides impersonation attacks, the other major family of threats is manipulation attacks. These utilize remote access software, either by fraudulently manipulating legitimate remote access software or by duping the victim into executing a form of malware called a Remote Access Trojan (RAT or mRAT for mobile devices).
Both are designed to gain control of a victim’s device, or more typically, hijack a user’s banking session. This form of attack is easier to execute because it bypasses traditional account security, allowing a bad actor to temporarily take control of a victim’s account.
Revelock’s Active Defense detects RATs, verifies who the person behind the account is at any given point – by analyzing the user’s BionicID and continuously asking the question “are you really you”? in the background – and auto-responds to stop the manipulation attack.
Three capabilities to avert any ID attack
Revelock Active Defense protects against online impersonation and manipulation attacks by giving financial institutions and financial services providers full control over their fraud response and granting them a strategic advantage over cyber-adversaries.
Its three core capabilities – Malware Blocker, Phishing Blocker and mRAT Blocker – form a protective layer between bad actors and bank systems, and automate proactive risk-mitigation before an attack can take place. The result is fewer alerts for fraud analysts to deal with, a more robust fraud defense for banks and a safe and silent customer experience for legitimate users.
To learn more about how Revelock Active Defense works – including the role of the Know Your User (KYU) verification approach, BionicID unique digital identifiers and Hybrid AI models – click here.