Bank customers do most of their banking online. According to survey 60% of Internet users regularly use online banking services and almost three quarters of respondents would like banks to provide special solutions to protect their financial transactions.
Banks and other financial institutions use risky approaches to protect themselves from online fraud. Most of them fight cyber-fraud with multifactor authentication and transaction approval services. They also make use of encryption technologies when transmitting data between an online service and a user’s device. These approaches have a number of disadvantages. Firstly, the use of additional authentication methods can negatively influence the user experience. Secondly, these measures are not always enough to prevent fraud:cyber criminals have an array of tools that help them to bypass the standard protective barriers used by banks. Fraudsters see a client as a weak link, so they write sophisticated malware, create fake bank web pages and use social engineering tricks in an attempt to reach a customer’s bank account.
Also read: Most Financial Companies Prefer To Mitigate Rather Than Prevent Online Fraud
Kaspersky Lab provide that individual customers fall victim to malicious activity more often than banks do. In 2014 Kaspersky detected around 22.9 million financial malware attacks targeting 2.7 million users worldwide.
Banks have the responsibility of dealing with online financial fraud; they have to prevent, protect, investigate and take legal action. To make work easier Kaspersky Lab suggests introducing countermeasures as early as possible— before the fraud happens.
Detecting Fraudulent Activity From Within The Bank
Kaspersky Fraud Prevention platform uses a Clientless Engine which enables banks to internally detect a fraudulent activity. The service detects infected user devices and notifies the bank’s fraud prevention team. It employs two different approaches: passive and active.
Passive detection is a fast, signature-based method. It uses a JavaScript code integrated into the bank’s web page. When a client addresses the bank’s page, the code runs in their browser and searches for the signatures of web injections that are known to be dangerous to this exact URL. The active method involves a “honeypot”. This emulates popular online banking scenarios to provoke financial malware that can be hiding on a user device to reveal itself.
Clientless Engine also has a feature that monitors user devices. It looks through data about a client’s payment activity, the operating systems and browser they use and, most importantly, any security incidents they have faced, such as malware, vulnerabilities and phishing attempts. It gives banks management capabilities that allow them to remotely change settings if needed. The Clientless Engine can send statistics to internal transaction monitoring systems, increasing the detection rate and decreasing the number of false positives. Information transmitted to a bank from endpoints is exclusively for internal use and storage.
Also read: Mobile technology boosts profits in East African Banks
Sounds like a fluff piece for Kaspersky more than anything else.