Early Detection Is Critical for Fraud Prevention
By Marco Morana, January 16, 2015.
Malware banking threats are escalating in sophistication, and financial institutions and bank customers are at increased risk for loss of personal data and wire transfer fraud.
According to a survey on data breaches conducted by Verizon in 2014, Citadel is the preferred banking malware among criminals for personal data information theft, while Zeus continues to be the favorite banking malware for stealing money from bank accounts.
Today, it is safe to assume that standard multifactor authentication and transaction monitoring can be compromised or bypassed by banking malware.
Early detection of banking malware compromises is critical for preventing online fraud.
Compliance Requirements
When banking customers' personal data is breached, banks that fail to promptly notify the customers affected might incur penalties that fall under state data breach notification laws in the U.S., as well as the European Union's General Data Protection Regulation.
Early detection of possible data compromise for bank customers affected by banking malware helps banks comply with data breach notification laws. Bank-owned online banking applications also are required to adopt strong customer authentication, transaction monitoring and implement multiple layers of defense, as required by the Federal Financial Institutions Examination Council and the European Central Bank.
But being compliant with regulations is often not enough to effectively detect and protect your institution and its customers from emerging banking malware threats and online fraud.
Today, it is safe to assume that standard multifactor authentication and transaction monitoring can be compromised or bypassed by banking malware.
Effective risk management should ensure that additional layers of detection and prevention controls are in place to reduce the impact of a personal data compromise and/or account takeover incidents.
Assuming the fraudster is able to modify the money movement transaction with an account takeover, he still might not be able to steal money if the money transfer requires approval from a different user. Generally, risk-prevention measures, such as out-of-band transaction verification and authentication, work best when used in conjunction with Web-fraud detection measures.
Real-time Monitoring
Knowing which banking customers are infected by banking malware is the first step toward assessing the likelihood of banking malware risks - and for taking action.
Giorgio Fedon, technical director of Minded Security, a software security company whose products include malware-detection, says in any given day at a major European bank, at least 5 percent of bank customers' devices will be infected by some kind of malware. He points out that 3 percent will be infected by unwanted adware, 1.5 percent will be infected by spyware, and 0.5 percent will be infected by banking-related malware.
Detecting which browsers are compromised by banking malware helps banks prevent fraud through account takeover.
This detection of browser compromise, which includes the details of the origin of fraud, can be fed into the Web fraud system and be analyzed for anomalies and behavior to calculate the level of risk at the transactional level. From there, flagged transactions can be monitored or put on hold until additional verifications take place.
Multilayered Defenses
From a compliance, risk and fraud management perspective, a good choice is to adopt multilayered detection and risk-prevention controls. For account takeover fraud detection, it is important to cover multiple layers of detection, including the client browser, the online banking application, as well as the data and transactions that are at high risk of compromise by banking malware.
The different layers of Web fraud detection can also be used for evaluating the capabilities of vendors to beat malware, which has been documented by financial consultancy Gartner.