As for many other industries, 2020 was a turbulent year for the world of online banking fraud and behavioral biometrics.
Hindsight is a useful thing, and in a previous blog, we used it to evaluate the biggest lessons learnt in the year of COVID scams and maturing behavioral biometrics cybersecurity tactics.
Now, we look to the new year ahead and prepare for what we see as the top three trends in the online banking fraud industry for 2021.
The Now: Rise of digital banking to cause further online banking fraud
The pandemic has meant that social interaction – whether seeing friends, going shopping, or working with colleagues – has seen a notable shift to online channels. The same is true of banking, as banks have closed down the physical branches, and banking has to be carried out through digital channels. People who had never used online banking before had to figure it out for the first time in order to stay in control of their money.
This will lead to the following security issues in 2021:
- The influx of new online customers presents a unique opportunity for fraudsters, who will look to exploit their inexperience. While many consumers are becoming well-versed in identifying and avoiding potential social engineering techniques, those who are unused to technology have become prime targets. As the pandemic continues to necessitate online banking, we expect the upward trend of targeted social engineering attacks to continue to increase this year.
- Those who are unsure about online banking will look for help from their friends and families. But entrusting others with sensitive information such as passwords that shall always be kept secret diminishes their bank accounts' security.
- Another issue with more than one person accessing the same account is that it can trigger false positives in the bank's fraud detection. This happens more and more as the inexperienced users ask their relatives to manage their accounts on their behalf. With that phenomena, legitimate customers are likely to end up being hindered or entirely blocked from accessing their own funds.
The New: Increase in new account fraud
As well as a broader shift to digital services, the current upward surge in virus cases is continuing to push the e-commerce drive after the holiday period. The increase in remote activity – along with the inability to authenticate customers in-person in local banking branches – inevitably coincides with an increase in new account fraud (NAF).
NAF is where fraudsters use stolen or synthetic identities to open accounts that appear legitimate but are used to commit fraud. Banks have been faced with no choice but to verify customer identity solely online. But, as it is much harder to accurately authenticate a customer that you've never met, fraudsters are finding a higher success rate in submitting fake documentation or manipulated personal information.
Meanwhile, credit card companies are continuing to attract new customers amid this online shopping drive with discounts and promotions – tactics that will also continue to entice fraudsters. Aite Group estimates that losses from false credit card applications in 2020 will come to approximately $2.1 billion in the U.S. alone, and this shows little sign of slowing down.
The Revealed: The Cerberus source code
Cerberus is a mobile banking Trojan designed for Google Android that, amongst other things, can intercept communications, carry out covert surveillance of devices and steal data including online banking credentials. Cerberus specifically targeted the customers of hundreds of banks around the world.
Then, during 2020, Cerberus's source code was revealed online for free. The increased availability of malicious code has, in turn, increased the surface area of these types of attacks, including reading text messages that contain one-time passwords (OTPs) and two-factor authentication (2FA) codes. If that wasn't scary enough, new samples of the malware that have been detected since the release show a new remote access trojan (RAT) functionality that can enable total control of an infected device.
All of this means that now fraudsters can manipulate the malware and continue to reuse new versions of it this year to perpetrate online banking fraud.
How can we stop these types of attack as we enter 2021?
Blocking fraud involving social engineering
By analyzing users' behavioral biometrics as they use online banking services, it is possible to distinguish between legitimate customers attempting to access their own bank accounts and fraudsters who have stolen a customer's information. Even a fraudster who has entered a customer's legitimate username and password will be denied explicitly or quietly access to the account, while false positives of fraud will be reduced.
Using behavioral biometrics to analyze user behavior during the account opening process can prevent new account fraud by identifying fraudster behavioral patterns. This means financial services can block fraudsters and prevent fraud without introducing extra hurdles for genuine customers to overcome.
Read more on this in our whitepaper here.
Blocking malware and RATs
Banks need a multi-layered approach to their security here. Smart and frictionless advanced malware detection combined with behavioral biometrics is the only way to block new variations of the Cerberus malware and new variations of it.
RATs are particularly tricky, as they have already infiltrated a user's legitimate device and can circumvent other authentication attempts through the methods described above. Financial services organizations can use advanced behavioral biometrics analysis to dynamically profile users, flagging any unexpected changes that might occur during the entire online session, however small or temporary these anomalies might be.
Read more on stopping RATs in our whitepaper.
From the trends that emerged last year, it seems that the effects of 2020 only served to expand the negative implications of online fraud and increased the attack surface. With more banking now taking place online, we need to find a way to block the tempting opportunities this has created for fraudsters.
An anti-fraud solution that incorporates behavioral biometrics analytics combined with advanced malware detection is technology is fast-becoming truly crucial in any comprehensive online banking fraud strategy.
If you want to know futher information about Malware and Online Fraud Trends in 2021 take a look our webinar: Top three online fraud trends 2021.