For banks and credit unions of all sizes, fraud will always be a major concern. As a higher percentage of payments move to real time in the wake of current events, fraud schemes are becoming more sophisticated. Financial institutions (FIs) are in need of holistic security strategies to defend against both existing and emerging threats.
Digital banking platforms provide several security layers, serving as an effective solution banks and credit unions can use to mitigate potential impacts of fraud events.
Addressing fraud
Combating fraud is a priority for most financial institutions. According to Aite Group, 76% of executives cite first-party fraud as their biggest pain point (“Application Fraud: Fighting an Uphill Battle”), and across banking, fintech, and merchant professionals, 68% percent are concerned about mobile banking fraud.
Whatever shape fraud takes, its economic impact can’t be denied. In 2018, fraud losses reached $14.7 billion. This cost is too high for financial institutions to downplay the need for security in their digital banking platform.
Phishing also plays a significant role in acts of fraud, with 36% of phishing targeting payments, and 16% targeting entire financial institutions (Aite Group). Phishing makes up a portion of the attack strategy in 32% of data breaches according to the most recent Verizon Data Breach Investigation Report.
Defending against mobile insecurity
The widespread adoption of two-factor authentication (2FA) via text messages has only increased fraud issues. The 2019 DataVisor Fraud Index Report found that mobile phone account takeovers rose almost 180% between 2017 and 2018, reflecting nearly 700,000 compromised accounts.
To defend against fraud via mobile phones and devices, digital banking platforms can employ integrations with partners like AppGate to prohibit access to online banking from devices that are rooted/jailbroken, placed face down, or where debug mode is enabled. AppGateDetect Safe Browsing also checks for other device insecurities to limit access to online banking from devices that may not be secure.
AppGateDetectTA offers risk-based multi-factor authentication to score each transaction based on individual user profiles and identify fraud. Reducing risk and providing real-time alerts with the ability to block transactions before they are scheduled matters since 72% of financial accounts made fraudulent transactions within one hour of compromise (Q2 2019 DataVisor Fraud Index Report).
A digital banking platform with built-in security capabilities adds an additional layer of protection for users. For instance, time-based passcodes for multi-factor authentication that are active for a short period of time (hard and soft security tokens) decrease reliance on authentication solely via text message, raising the level of security and user confidence.
Combating malware with digital banking
Malware is far from being a new threat. It’s been around since the early days of the Internet, and is present on mobile, which is increasingly vulnerable to cyberthreats. Malware can be delivered through compromised storage devices or malicious websites and emails. More than half of all malicious emails contain banking trojans (Q2 2019 DataVisor Fraud Index Report), which obtain a user’s financial credentials to empty accounts. It’s not just an FI’s end user who is susceptible to attacks via malware. FI employees can also let malware into the enterprise.
A secure digital banking platform should be able to host enterprise administration authentication, allowing an FI to use their existing active directory or Security Assertion Markup Language (SAML) single sign-on application to log into their digital banking platform portal. This automatically syncs admin roles based on predetermined groups. With this kind of tool, password expiration and requirements can be controlled through the platform’s admin dashboard, making security management simple and accessible.
The number of ways fraudsters can compromise accounts are always increasing, and they continue to vary in their methods and effectiveness. To prevent suspicious traffic from reaching FIs, a digital banking platform should be able to provide solutions that stop or limit attackers’ ability to attempt anything from trojans to mobile device hijacking, and more, like phishing and brute-force attacks. With a security-focused digital banking platform, FIs can quickly identify fraudulent actions and perform real-time threat assessments to reduce overall risk.