OneSpan: how to address fraud through risk analytics
Protecting financial institutions from account takeover (ATO) and cybercrime is essential, says OneSpan in its latest webinar
The webinar, How to Address Fraud Through Risk Analytics, discusses the various forms of ATO and cybercrime that banks and other institutions face, and sets out how to implement an effective defence.
This, says OneSpan, can be achieved through continuous monitoring techniques as well as intelligent risk analysis.
ATO refers to an identity theft crime, whereby a cybercriminal gains unauthorised access to an account that belongs to someone else.
Cybercrime on the rise
According to OneSpan’s webinar, there were 3.3 billion compromised records globally in 2018 - close to half the world’s population.
Further, 45,000 identities are stolen each day in the US and as many as one in eight people worldwide have been impacted by cybersecurity breaches.
OneSpan reports that cybercrime is one of the fastest growing forms of transnational crimes. It states that, by 2020, organisations are expected to spend $101.6bn on cybersecurity measures.
There are several methods that a criminal can use to perpetrate ATO, including:
- Theft
- Skimming
- Digital hotspots
- Phishing
- Dumpster diving
- Pretext phone call
- Crime as a service
- Victim assisted
Other methods by which user identities can be stolen include data breachers, phishing, SIM swapping and malware.
For banks, says OneSpan, it is not enough to consider how to protect a product against these efforts. Those organisations must also consider their recovery processes, too. The company's latest webinar gives a complete insight into financial services protection.
According to OneSpan, there are several serious impacts of ATO for banks and other financial services institutions. These include:
- Financial damage to the organisation and the user
- Damage to the reputation of the brand
- Regulatory breaches
- Loss of trust in the service
- The time and money spent on activating a recovery
- Ultimate loss of service
Phishing
Phishing is a method of attaining identity, credentials or details from a user. In 2018 29% of phishing activity was aimed at financial institutions, with phishing attacks targeting the same organisations increasing 30% year on year.
OneSpan also confirms that one in every 2,628 emails is phishing in finance. This form of attack, it states, remains highly successful with many forms being used including email and spear phishing, whaling and vishing.
During its latest webinar, OneSpan outlines these forms of attack in more detail, as well as explaining how a typical attack works.
Phishing largely revolves around one core individual that OneSpan says is the weakest link: the customer.
Once a typical attack has been completed, an attacker can access a customer’s user name, credentials, recovery email address and credentials. This is, says OneSpan, effectively “game over”.
Second factor authentication proves successful against phishing attacks, says the webinar. However, there are also advanced attacks that are able to overcome this defence method.
SEE MORE:
Threat landscape
As much as 80% of hacks currently come from organised crime-related groups, says OneSpan.
The webinar also discusses the dark web and its associated threats, as well as crime as a service (CaaS). The latter, says OneSpan, includes fraud as a service, malware as a service, ransomware as a service and attacks as a service.
In this instance, user identity is sold for a price, says OneSpan, listing those mostly commonly sold components. This can range from social security number ($1) to passports ($2,000).
The OneSpan approach
OneSpan recommends an approach based around continuous monitoring and intelligent risk analysis.
The former revolves around considering different types of events that may occur, and those steps that can be taken to protect against those events.
In the approach of continuous monitoring several steps can be taken, including a decision event, authentication event, establishing of the context around that authentication and then applying it.
This covers many types of attack, including onboarding, user and behaviour profiling, malware, phishing and man-in-the-middle attacks, and more.
The full benefits of the continuous monitoring approach as advocated by OneSpan are available to find within its webinar. They include, but are not limited to, reduced fraud, improved user experience, identifying and reacting to a session hijack, identifying when new devices are introduced to a session, increased real-time intelligence and more.
Find out more, and register for OneSpan's How to Address Fraud Through Risk Analysis webinar, here.
Read how to protect from account takeover fraud according to OneSpan here.
For more information on all topics for FinTech, please take a look at the latest edition of FinTech magazine.