OneSpan: how to address fraud through risk analytics

By Matt High
Protecting financial institutions from account takeover (ATO) and cybercrime is essential, says OneSpan in its latest webinar The webinar, How to Addre...

Protecting financial institutions from account takeover (ATO) and cybercrime is essential, says OneSpan in its latest webinar

The webinar, How to Address Fraud Through Risk Analytics, discusses the various forms of ATO and cybercrime that banks and other institutions face, and sets out how to implement an effective defence. 

This, says OneSpan, can be achieved through continuous monitoring techniques as well as intelligent risk analysis. 

ATO refers to an identity theft crime, whereby a cybercriminal gains unauthorised access to an account that belongs to someone else.

Cybercrime on the rise

According to OneSpan’s webinar, there were 3.3 billion compromised records globally in 2018 - close to half the world’s population.  

Further, 45,000 identities are stolen each day in the US and as many as one in eight people worldwide have been impacted by cybersecurity breaches. 

OneSpan reports that cybercrime is one of the fastest growing forms of transnational crimes. It states that, by 2020, organisations are expected to spend $101.6bn on cybersecurity measures. 

There are several methods that a criminal can use to perpetrate ATO, including: 

  • Theft
  • Skimming
  • Digital hotspots
  • Phishing
  • Dumpster diving
  • Pretext phone call
  • Crime as a service
  • Victim assisted

Other methods by which user identities can be stolen include data breachers, phishing, SIM swapping and malware. 

For banks, says OneSpan, it is not enough to consider how to protect a product against these efforts. Those organisations must also consider their recovery processes, too. The company's latest webinar gives a complete insight into financial services protection. 

According to OneSpan, there are several serious impacts of ATO for banks and other financial services institutions. These include: 

  • Financial damage to the organisation and the user
  • Damage to the reputation of the brand
  • Regulatory breaches
  • Loss of trust in the service
  • The time and money spent on activating a recovery
  • Ultimate loss of service


Phishing is a method of attaining identity, credentials or details from a user. In 2018 29% of phishing activity was aimed at financial institutions, with phishing attacks targeting the same organisations increasing 30% year on year. 

OneSpan also confirms that one in every 2,628 emails is phishing in finance. This form of attack, it states, remains highly successful with many forms being used including email and spear phishing, whaling and vishing. 

During its latest webinar, OneSpan outlines these forms of attack in more detail, as well as explaining how a typical attack works. 

Phishing largely revolves around one core individual that OneSpan says is the weakest link: the customer. 

Once a typical attack has been completed, an attacker can access a customer’s user name, credentials, recovery email address and credentials. This is, says OneSpan, effectively “game over”. 

Second factor authentication proves successful against phishing attacks, says the webinar. However, there are also advanced attacks that are able to overcome this defence method. 


Threat landscape

As much as 80% of hacks currently come from organised crime-related groups, says OneSpan. 

The webinar also discusses the dark web and its associated threats, as well as crime as a service (CaaS). The latter, says OneSpan, includes fraud as a service, malware as a service, ransomware as a service and attacks as a service. 

In this instance, user identity is sold for a price, says OneSpan, listing those mostly commonly sold components. This can range from social security number ($1) to passports ($2,000).

The OneSpan approach

OneSpan recommends an approach based around continuous monitoring and intelligent risk analysis. 

The former revolves around considering different types of events that may occur, and those steps that can be taken to protect against those events.

In the approach of continuous monitoring several steps can be taken, including a decision event, authentication event, establishing of the context around that authentication and then applying it. 

This covers many types of attack, including onboarding, user and behaviour profiling, malware, phishing and man-in-the-middle attacks, and more.

The full benefits of the continuous monitoring approach as advocated by OneSpan are available to find within its webinar. They include, but are not limited to, reduced fraud, improved user experience, identifying and reacting to a session hijack, identifying when new devices are introduced to a session, increased real-time intelligence and more. 

Find out more, and register for OneSpan's How to Address Fraud Through Risk Analysis webinar, here.

Read how to protect from account takeover fraud according to OneSpan here

For more information on all topics for FinTech, please take a look at the latest edition of FinTech magazine.

Follow us on LinkedIn and Twitter.


Featured Articles

FinTech LIVE New York – Reasons to Attend

Returning June 2024, FinTech LIVE New York will be the ultimate event to connect the world’s influential fintech leaders in North America

FinTech LIVE New York – One Month to Go!

Just one more month to go until FinTech LIVE New York, don’t miss out on attending the ultimate virtual event for fintech leaders in North America

The Global FinTech Awards: The Categories – Part 3

Discover the awards that your company, executive or project could be honoured with at The Global FinTech Awards 2024

SUBMISSIONS EXTENSION: The Global FinTech Awards 2024

Tech & AI

Joel Perlman, Co-founder, OakNorth joins FinTech LIVE London

Financial Services (FinServ)

The Global FinTech Awards: The Categories – Part 2

Financial Services (FinServ)