Online fraud lessons learned in 2020


This year a series of difficult challenges have been faced across the globe. And in terms of online fraud, levels have been grave and unprecedented, as fraudsters sought to exploit the increased use of digital channels such as online shopping as well as the fear and uncertainty everyday life has been shrouded in due to the pandemic.

As we look to the new year ahead, we do so with an optimistic eye, as we finally make breakthroughs in the fight against Covid-19. However, in the world of online banking fraud there’s a huge amount to be done in order to compete with the fraudsters and comprehensively fight online fraud.

Here are the three main ways we think Covid-19 has changed the world of online fraud, and what this means for the fraud prevention industry as we enter the new year:

 2020-2021-cybercrime-report-online-fraud-03

There has been an increase in fraud seeking to circumvent payments security

Sophisticated fraudsters are renowned for their innovative techniques and the reason online fraud continues to increase year-on-year is that fraudsters are constantly adapting their techniques. As banks catch up and plug the holes in their systems created by Covid-based scams, fraudsters are turning their attention to thwarting the very defenses put in place to stop them.

With record numbers of people performing processes like shopping online, we’ve seen a development in the sophistication of fraudster techniques, and in the use of these techniques in combinations seeking to circumvent specific payments security, such as SIM swap scams, as well as social engineering techniques specifically aimed at stealing sensitive information.

Fraudsters have started to focus efforts on phishing attacks that attempt to steal one-time passwords (OTP) such as those sent to customers during the step-up authentication phase that can be requested through payments security protocols, such as 3D Secure, in the case of a risky transaction.

For example, fraudsters may pretend to be legitimate brands and even banks themselves in order to fool customers into unwittingly handing over their OTP to the fraudster. Cybercriminals have even worked out a way to replace pop-up windows with their own – disguised as the bank’s – that appear to genuine customers during this verification step. In entering their OTP, the legitimate password goes straight to the fraudster.

Another particularly sneaky way in which fraudsters intercept this information is through SIM swapping. This technique allows a criminal to impersonate a genuine user by managing to get their phone number switched onto a different SIM card that they own instead, again thereby receiving the genuine OTP in the cardholder’s place. Additional means of impersonation can be executed by using the spoofed phone to call a banks call center to change access password and contact information or open new mobile accounts.

2020-2021-cybercrime-report-online-fraud-01

Behavioral biometrics took steps towards becoming a foundational cybersecurity technology

As mentioned before, the global pandemic has seen a huge spike in fraud; in February in the UK alone, Coronavirus-themed scams targeting both individuals and companies caused losses of over £800,000 (the equivalent of nearly 1million).

Between January and March this year, buguroo saw a 75 percent jump in the number of online banking sessions that included anomalous and suspicious user behavior and subsequently, the increased need for a technology that can accurately detect and prevent online banking fraud and payments fraud. This has accelerated the rate at which behavioral biometrics-based authentication technologies reached maturity. This is mainly why 2020 has seen behavioral biometrics as a method of detecting online fraud become indispensable to the financial services industry.

As we move into 2021, we expect this trend to continue, as behavioral biometrics cements its position in the online fraud detection industry as the essential foundational technology for any anti-fraud strategy, due to its ability to scale as well as work in unison with other layers of security, where it is highly effective at catching those fraudsters who might have found a way to slip through a ‘gap’ in the net.

 2020-2021-cybercrime-report-online-fraud-02

Fraud prevention in 2021 will become as much about response as detection

As illustrated by our first two observations regarding online fraud this year, the root of the problem lies in fraudsters’ ability to adapt and develop new methods of committing their crimes. The overwhelming levels of fraud seen this year mean that organizations – even beyond the financial services sector – are searching for more granular ways in which to not just detect fraud, but once detected, respond to the fraud and block it from ever happening again.

This likely means that artificial intelligence and deep learning will continue to play critical roles in fighting online fraud, as companies implement systems capable of not only pinpointing fraud, but then automating predefined actions to respond to them in real-time, and ‘remembering’ the fraud or fraudster in order to block similar attacks in the future. Only in this way can we cut fraud off at its root and have a chance of comprehensively preventing it.  

Reflecting on the lessons of 2020 and the role behavioral biometrics has played and will continue to play in fraud prevention, we’re optimistic that 2021 can be the year financial institutions finally get ahead of evolving forms of fraud and maintain this advantage in order to safeguard customers and their hard-earnt money.

Posted by Tim Ayling

Tim Ayling is currently the Vice-President EMEA at buguroo. With over 20 years' experience in the cybersecurity and anti-fraud industry, Ayling began his career in technical support, and moved on to System Engineering. He began his leadership career when he established Entrust Inc. in Australia in 2003 and was made Vice-President Asia Pacific in 2006. Ayling has held numerous leadership roles in large cybersecurity vendors, including serving as the Global Head of Fraud Prevention Solutions at Kaspersky Labs, as EMEA Director of Fraud & Risk Intelligence at RSA Security, as well as spending time in the cyber-security practice of KPMG.

PREVENTING ONLINE BANKING FRAUD USING BEHAVIORAL BIOMETRICS

PREVENTING ONLINE BANKING FRAUD USING BEHAVIORAL BIOMETRICS

We guarantee that the user is who they say they are and are not being manipulated through unique BionicIDs during the entire session.

Download WHITEPAPER

Solicita una demo

Would you like to know how our solution protects your bank?

Check how our solution can help you to resolve your company's online fraud issues by requesting a free DEMO and we explain it to you in detail.

Watch video

Did you like it? Share in your social communities