Attacks on financial institutions, more sophisticated than ever
Experian’s Managing Director in Southeast Asia, Jeff Price opined that as technologies evolve, sophisticated fraudsters now have a growing arsenal of weapons at their disposal to infect individual and corporate systems and capture account information.
Case in point: phishing, SMSishing and Vishing attacks, malware, are all attempts to thwart security and access protected information.
Price said, “Fraud is not a point-in-time problem and should not be viewed in isolation. In fact, for many instances of data breaches, that is just the first stage of a rather complex fraud lifecycle that advances through several stages of validation and surveillance, which finally ends with a fraudulent transaction.”
He explained that for the fraudster, simply having access to an account is of limited value. “True value lies in surveillance: knowing which accounts have the largest balances, how they are clustered geographically, or exhibit recognisable transaction and behaviourial patterns.”
Imagine if a criminal had keys to your home and the password to your alarm system. The criminal would survey your home to determine the best time for a break in, they may even make an inventory of what items to steal in order to make a clean getaway with the maximum loot.
This type of intelligence is what sophisticated fraud rings are retrieving online every day just by access to an account and observation, Price said.
Overcome by tech
Fuelled by the growth of the internet and the proliferation of mobile devices, payment methods have evolved to even include cross-border commerce.
“With these shifts, we are also seeing vast majority of security breaches/fraud cases taking place online and mobile, especially across Asia Pacific. According to FireEye, the APac region is twice more likely to be targeted by advanced cyber-attacks than the world as a whole,” said Price.
Cybercriminals are taking advantage of this situation as organisations lack the know-how of protecting themselves from said scams and fraudulent acts. In China alone, online fraud costs $4.8billion in 2013 with 63 million online shoppers being victims to fraud, according to the China Electronic Commerce Association.
And many fraud prevention solutions and strategies are focused on detecting fraudulent money movement. However, these methods often prove ineffective because sophisticated fraudsters have figured out traditional solutions that are based on anomalistic behaviour, which are easily emulated by fraudsters.
Price stated, “For nearly two decades, Experian has been helping clients solve the difficult and ever-changing problems of fraud detection and identity management. Over time, the need has expanded from validating information on an application, to validating the identity of an individual and most recently to the device conducting a transaction, such as a phone, tablet or computer.”
Today, Experian’s set of tools now includes device identification, an important layer of sophistication given the rapid growth of mobile commerce.
“Essentially, we possess the expertise in sophisticated fraud analytics to help organisations interact and engage with their customers with confidence. We do this by possessing the ability to verify the device of each user each time they log into a bank/website/mobile site or an e-commerce site. The key is to provide that layer of protection even when apparently legitimate credentials are being used,” Price explained.
It means connecting the credentials with the device that is being used to access the account, and recognising when something seems odd or out of character for that particular user.
Businesses should also do their part by being intelligent in the way they monitor their environments to identify potential threats that are forming,
Today, in addition to staying vigilant, businesses need to be more reflective.
“One of the big challenge organisations have is data consolidation from multiple business channels into a central repository for data scientists to analyse and develop hypotheses.”
Price believed that with a controlled framework in place, businesses are then able to actively monitor, test and look out for loop holes and fraud threats in their systems.