In the past decade we have seen a tremendous change in the way banking services are offered to customers without needing to visit a bank branch: via the telephone, Internet and, most recently, mobile platforms. Simultaneously, consumers have rapidly embraced the use of smartphones and tablets to conduct financial transactions.
But the convenience of electronic banking also brought new risks. Account takeover is the primary fraud attack on electronic banking channels. This is when a customer’s logon information is obtained and used to make unauthorised withdrawals. Account takeovers often extend into identity theft, when the perpetrator applies for new account privileges (cheques, credit cards, overdrafts) or products (cards, lines of credit, loans). These fraud attacks often involve multiple channels.
The first step in performing an account takeover is to steal access information. Access information varies by channel, but usually involves something you have, such as a card, or something you know, such as a PIN or password. This access information is most commonly obtained in two ways: either by employee fraud, where employees with access to customer data use it themselves or sell it to others for profit; or by social engineering, where customers are tricked into divulging confidential information. It includes:
Three ways financial institutions can prevent such attacks and thefts:
How analytical software can help detect fraudulent activity
Sophisticated fraud detection software works in several ways, such as maintaining “fingerprints” of customer PCs to be able to detect changes that may indicate the presence of malware. It also looks at patterns of behaviour such as unusually quick inputs from a customer, which may indicate the presence of “man in the browser” code running in the background. We also look at the financial profiles of transactions to identify abnormal behaviour for customers and devices and determine the level of risk.
The software can also automate policies and procedures as to whether to block, delay, or allow certain transactions based on the company’s risk appetite and desired end-user experience. Various tools are also used to conduct investigations to find the root cause of cases, such as looking for common factors in incidents across multiple customers (“triangulation”).
Unisys anti-fraud solutions are based on the creation of a unified financial crime prevention platform that spans across products, channels and regions to deliver superior protection, detection and investigation. This approach addresses multiple modes of fraud in a consistent way including: Internet and mobile banking, debit and credit cards, retail and commercial payments, employee fraud, deposit fraud and claims fraud.