Wednesday, March 31, 2010
According to this month’s figures released by the UK Cards Association, the number of "phishing" attacks on consumers rose by 16% in 2009 and the total amount of online banking losses saw a 14% rise on the previous year. These stats are worrying for consumers and banks alike – increasingly fraudsters are using Trojans that can infect a user’s PC, and then launch man-in-the-browser attacks that can get around the strongest user authentication measures. The consumer may not even be aware that the funds have been moved from their account as the Trojan can alter the page being displayed.
To tackle this problem, banks need to get a better understanding of their customers’ online banking activity so that they can check to see if it fits the established profile of the genuine customer. Alongside other fraud prevention methods such as authentication, a layered approach to online banking fraud monitoring – one that analyses the login, the transactions, and risky sequences of events – gives banks the best chance to minimise online banking fraud. In addition, consumers need to be educated around the dangers of clicking links in unsolicited emails and on social networks. Fraudsters will always look for weaknesses in the system, in this case the user’s PC, and banks must work with their customers to plug the security gaps.
For more information on fraud mitigation strategies to protect customers from man-in-the-browser attacks, please take a look at ACI's recent white paper Securing Online Banking
Risk Solutions Manager