Bank customers do most of their banking online. According to survey 60% of Internet users regularly use online banking services and almost three quarters of respondents would like banks to provide special solutions to protect their financial transactions.
Banks and other financial institutions use risky approaches to protect themselves from online fraud. Most of them fight cyber-fraud with multifactor authentication and transaction approval services. They also make use of encryption technologies when transmitting data between an online service and a user’s device. These approaches have a number of disadvantages. Firstly, the use of additional authentication methods can negatively influence the user experience. Secondly, these measures are not always enough to prevent fraud:cyber criminals have an array of tools that help them to bypass the standard protective barriers used by banks. Fraudsters see a client as a weak link, so they write sophisticated malware, create fake bank web pages and use social engineering tricks in an attempt to reach a customer’s bank account.
Kaspersky Lab provide that individual customers fall victim to malicious activity more often than banks do. In 2014 Kaspersky detected around 22.9 million financial malware attacks targeting 2.7 million users worldwide.
Banks have the responsibility of dealing with online financial fraud; they have to prevent, protect, investigate and take legal action. To make work easier Kaspersky Lab suggests introducing countermeasures as early as possible— before the fraud happens.
Detecting Fraudulent Activity From Within The Bank
Kaspersky Fraud Prevention platform uses a Clientless Engine which enables banks to internally detect a fraudulent activity. The service detects infected user devices and notifies the bank’s fraud prevention team. It employs two different approaches: passive and active.
Clientless Engine also has a feature that monitors user devices. It looks through data about a client’s payment activity, the operating systems and browser they use and, most importantly, any security incidents they have faced, such as malware, vulnerabilities and phishing attempts. It gives banks management capabilities that allow them to remotely change settings if needed. The Clientless Engine can send statistics to internal transaction monitoring systems, increasing the detection rate and decreasing the number of false positives. Information transmitted to a bank from endpoints is exclusively for internal use and storage.