Every industry where business can be done online has seen the speed of digitalisation increase exponentially as Covid restrictions forced individuals to lead predominantly digital lives – none much more perhaps than the financial services sector. The pandemic has turned more people to online banking than ever before, and fraudsters have quickly exploited this. Indeed, just in the first half of 2021, losses from online banking fraud were up by 32 percent compared to the previous year. Once we look at 2021, financial institutions need to draw conclusions and concentrate fraud prevention efforts around the three key trends that will dominate the industry this year.
- Social engineering attacks to focus on digital novices
The closing of physical bank branches, the limited face-to-face time and the convenience of digital channels have all led to a rapid shift to online banking services. While generally seen as a positive outcome, this can cause particular security problems for customers who have never had to make use of their computers or smartphones before to be able to manage their money. Often these people can be older or simply not technologically savvy enough to determine social engineering patterns, which aim to persuade a person to perform an action they otherwise wouldn’t do. Fraudsters feed on inexperience and insecurity. As the pandemic continues to necessitate using digital banking services, we will likely see a rise in social engineering attacks targeting these kinds of individuals.
There is another reason why banks should pay attention to their digital novices in 2021. Those people who are unsure about their abilities to avoid scams or use online banking tend to look for help from their friends often entrusting them with sensitive information such as passwords and logins. Not only does this automatically diminish the safety of their bank accounts, but it may also result in them not being able to access their own account, as more and more banks are leveraging behavioural biometrics to detect fraud effectively. Since these systems are usually trained to recognise users based on their unique behaviour and flag anomalous sessions, just the legitimate user should be while using account. This means there is a continued requirement for banks to build trust, educate their customers about cybersecurity best practices and adapt to ever-changing types of attacks to avoid false positives.
- New account fraud to increase
Another change in the financial ecosystem due to the pandemic is around authenticating new customers. With physical branches shut, banks have experienced to adapt to verifying customer identities solely online. But, as it’s much harder to accurately authenticate a person you’ve never met, fraudsters have found a higher rate of success in submitting fake documentation or stolen personal information.
Opening seemingly legitimate bank accounts to be able to commit fraud with the help of stolen or synthetic identities is called new account fraud (NAF) – a trend we can expect to hear a lot about this year, as more personal data is entering digital spheres. Luckily for banks, impersonating a legitimate person through stolen personal information is becoming a losing game with the proliferation of continuous authentication technologies and behavioural biometrics. As banks can reveal and block fraud attempts automatically, fraud fact is gradually moving to proactive prevention.
- New tactics come to the fore to circumvent two-factor authentication
With record numbers of people shopping online, we’ve seen a development in the sophistication of fraudster techniques targeting card-not-present (CNP) e-commerce transactions. SIM swapping scams and phishing attacks are prevalent techniques that attempt to steal one-time passwords (OTP), sent to customers during two-factor authentication. For example, during SIM swapping, cybercriminals get their victim’s phone number switched onto a SIM card that they own instead, which enables them to intercept OTPs in the cardholder’s place. Modern malware for example Cerberus can also forward the OTP through SMS and obtain time-based one-time passwords (TOTP) from applications that keep them secret such as Google Authenticator.
Hijacking OTPs is dangerous, as two-factor authentication is a cornerstone of stringent regulations such as the EU’s Strong Customer Authentication rules along with the 3D Secure payment protocol when it comes to risky transactions. 3D Secure has seen growing adoption in recent times and could be a highly effective method of stopping CNP fraud. Still, as tactics aiming to bypass two-factor authentication continue to evolve and increase, card issuers will need to take extra steps to guarantee the people behind the transactions are who they say they are.
As we look at the year ahead, it’s clear the pandemic has created a plethora of new opportunities for financial fraud. Fighting these is going to be one of the key challenges that banks will face this season, as well as the most important. With every attack, fraudsters are not only seen cheating people out of their money, they are also undermining the trust in the entire system. To gain an elevated foothold against maturing fraud, banks will need to step up their authentication strategies to provide automatic fraud response – according to real-time systems – and proactively block attacks. Coupled with the ability to reveal the true identities of fraudsters and also the use of relation analysis to trap them before the crime takes place, banks will avoid losses and foster customer loyalty and trust.