News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Learning from cybercriminals - banks beware

Given that South Africa loses billions of Rands to cyber fraud every year, with 19% of online banking users have fallen victim to online fraud, banks should learn the techniques and modus operandi of cyber criminals.
Learning from cybercriminals - banks beware
© weerapat1003 - Fotolia.com

They share information

Most criminal syndicate members have never met face to face. They communicate over social media, blogs and the Deep Web, gathering information about their victims - names, ID numbers, credit card details - to provide to other criminals. They share resources and develop sophisticated technology, which they sell to other syndicates.

Current fraud detection systems are no longer fit for purpose. Banks use disparate systems that focus on single lines of business or channels, rather than adopting a holistic view of the customer. Typically, banks will have one solution for fraud detection in current and savings accounts, another for credit cards and yet another for home loans. These systems act on a transactional and single customer level using predictive or reactionary models but the biggest problem is that these systems do not talk to each other and the different departments do not share information.

Information and knowledge is one of the best defences a bank can deploy to protect its customers and itself from fraud.

Fraudsters are constantly evolving

Between 70 and 100 new phishing malware websites appeared each day during the World Cup. Phishing occurs when fraudsters send emails supposedly from reputable organisations, such as banks, that try to get recipients to disclose personal information, such as their credit card or Internet banking details.

When those tactics stop working, they simply deploy new ones and replicate others that have worked in the past.

While banks evolve in the sense that they are always introducing new products and services, in many cases these are monitored in isolation by disparate fraud detection systems. Current solutions do not keep pace with advances in cybercrime, to the detriment of the organisation and its clients.

The challenge for banks is to balance the customer experience by putting measures in place to prevent fraud. The best way they can achieve this is by adopting advanced, hybrid analytics that provide an end-to-end view of the customer.

Cybercriminals use sophisticated technology

Fraudsters send emails or set up websites that automatically install malware on a user's computer. Some Trojans allow cybercriminals to discreetly change transaction details, log key strokes and grab information and are even able to do a measure of analytics to record online behaviour, such as what time of day you typically log onto your Internet banking profile and what transactions you make.

Criminals often engage insiders to understand banks' fraud detection environments, such as what business rules or thresholds they apply and circumvent these. For example, a bank may only scrutinise transactions over R10,000 for fraudulent activity. Fraudsters will then only initiate transactions below R10,000 to avoid detection.

Banks need to adopt equally sophisticated technology and smarts to ensure fraudulent transactions are identified and blocked before the money leaves the account in question.

Spotting warnings

Advanced solutions cover multiple points of vulnerability and use 'event stream processing' to analyse online banking sessions at a transaction level, customer level and network level. Using normal business rules, anomaly detection techniques and advanced analytics, these solutions will raise flags, in real time if:

  • someone enters their login details incorrectly multiple times;
  • they access their accounts from an unusual device or location;
  • they add a beneficiary who is on a watch list, such as a suspected mule account;
  • they make multiple payments to new beneficiaries
  • they display unusual "session" behaviour, such as if they log in using the 'Shift' key on the left when they usually use the one on the right of the keyboard - an activity fraudsters are unlikely to know.

In isolation, these incidents would not necessarily trigger a warning, but if multiple flags are raised, the transaction may be blocked immediately, depending on its overall fraud score, and will be escalated for further investigation.

By sharing information between departments and systems and by harnessing analytics technology that is able to analyse transactions and user behaviour in real time, banks will be in a better position to fend off cyber-attacks and better protect clients.

About William Lawrence

William Lawrence is the Regional Practice Lead: Fraud and Financial Crimes at SAS.
Let's do Biz