Financial fraud losses across payment cards, remote banking and cheques totalled £768.8 million in 2016 alone, according to data from Financial Fraud Action UK. That’s tens of millions a day.
It’s a serious and endemic problem – and it’s made worse by the shame.
Headline
New research from Barclays shows that a third of British people have fallen victim to fraud yet the average person would only report it if they lost £112 or more and that’s partly down to embarrassment.
Those who have actually fallen victim to fraud now say they would only report it if they lost more than £235 and more than half say they kept their experience secret from family and friends.
Victims of fraud reported feeling stupid (31%), victimised (23%), helpless (13%) and gullible (12%).
Whenever a scam is covered online, people say “a fool and his money” or “anyone stupid enough to fall for this gets what they deserve”.
Look on Twitter or Facebook and the message is the same: “I would never have fallen for this so they are getting what they deserve.”
But the sad truth is that most of us would fall for some scams and we all need to remain vigilant. Sharing information without being shamed is essential to that.
Our sneers should be reserved for the criminals that perpetrate this fraud and, on occasion, the institutions that do not do enough to stop them.
“Financial providers should also educate customers on the latest attacks and offer advice on how to safely use online and mobile services”
Headline
There’s a lot of pressure on people to keep themselves and their data safe. We have to create long, strong, complex passwords with capitals, symbols and numbers, but never use that password for more than one website.
There’s a lot of pressure on people to keep themselves and their data safe. We have to create long, strong, complex passwords with capitals, symbols and numbers, but never use that password for more than one website.
There’s a lot of pressure on people to keep themselves and their data safe. We have to create long, strong, complex passwords with capitals, symbols and numbers, but never use that password for more than one website.
There’s a lot of pressure on people to keep themselves and their data safe. We have to create long, strong, complex passwords with capitals, symbols and numbers, but never use that password for more than one website.
Kaspersky Lab has been protecting businesses from cyber-threats for over 20 years. Kaspersky Fraud Prevention is now using that experience to help businesses protect their customers from fraud-related attacks. The company’s fraud prevention division claims a growing presence in Europe, the Middle East and Latin America. Kaspersky Fraud Prevention was recently at Money 20/20 Europe to display their readiness to work with all types of businesses that want to protect their online accounts, from financial institutions and gaming merchants to airlines and other e-commerce sites. About-Fraud.com discusses below Kaspersky’s approach to fraud prevention with company fraud consultant Emma Mohan-Satta following their appearance at Money 20/20 Europe.
RS: What type of products do you offer merchants to protect them from fraud?
EMS: We offer on-device protection as well as a cloud-based solution that gathers intelligence through an SDK [software development kit] for mobile and JavaScript for browsers. Our analysis can be output to a fraud prevention rules engine or a data management tool for further analysis by the merchant and/or customers by logging in directly to our console to gain further information about suspicious incidents. Our fraud prevention intelligence is designed to complement a merchant’s existing fraud prevention screening, offering an additional layer of intelligence.
RS: How does Kaspersky’s fraud solution differ from the machine learning fraud startups getting a lot of buzz in the market?
EMS: Kaspersky Fraud Prevention believes that machine learning is a valuable tool for understanding vast amounts of data for a specific purpose. However, we power our technology through human intelligence to ensure we have a clear picture of the evolving threat landscape and to ensure our solution continues to meet the needs of our customers while understanding the newly-emerging attack vectors. Thanks to our lengthy experience in cybersecurity and our strength in threat-research globally, we are uniquely positioned to offer a truly cutting-edge fraud solution by layering multiple types of analysis (behavioral, biometric, environmental, device and malware) in a user-centric way.
This allows us to detect threats in ahead of time before a fraudster has even had the opportunity to reach the transaction stage. Our technology complements rules engines as an additional layer of intelligence for decision-making. Since we are focused on identifying threats as early as possible, we can also be used in complement to other fraud prevention offerings focused on the later stages of the process such as those with chargeback-guarantee models.
RS: What is your biggest obstacle in dealing with clients? Do you face any issues selling a fraud prevention solution from a company based in Russia?
EMS: Kaspersky Lab is a truly global cybersecurity company with offices in almost 200 countries and territories around the world. We have the ability to hire staff in the location where they are most needed by our customers and where the skill-set best suits the requirements, so our company culture is not focused on one specific region.
We identify attackers and threats from all across the world on a daily basis. If all cybercriminals came from one place as the media might like to portray, us fraud prevention professionals would have a much easier job! Our biggest challenge – and the one that makes working in this team exciting – is making sure we’re always improving our knowledge of fraud threats and making sure our technology is consistently at cutting edge when it comes to preventing fraud.
RS: What technology or features beyond machine learning do you think will become popular in fraud prevention in the future?
EMS: Anyone who attended the Money 20/20 European conference, as we did, will know that there is a lot of talk in the industry about deep learning and artificial intelligence. Meanwhile the big data and machine learning trends continue. What’s important for us is to harness those technologies for a particular purpose rather than adding them as the latest buzzwords in a list.
We believe our ability to detect threats before the transaction occurs will become increasingly important in fraud prevention. By detecting threats before they reach transaction or chargeback stage, we can make a real difference to the customer journey – reducing friction for genuine users and reducing the overall business impact of fraud by preventing fraudsters from ever gaining access to customer accounts and data.
RS: What should people in our ecosystem be expecting from Kaspersky’s fraud solution in the next 12-18 months?
EMS: From our latest B2B Financial Threats survey we know that more and more businesses are expecting their customers to go mobile in the next three years. Supporting businesses secure their journey into this space is one of our priorities and so we’re focusing on innovating new ways to protect this channel as well as helping business identify new ways to differentiate between authentic and suspicious behavior.
We’ve also got some exciting research going on into new attack vectors and so we expect to be making some announcements around our discoveries and solutions in the coming months. We believe that is important for businesses to invest in intelligence as well as products and so we can promise that Kaspersky Fraud Prevention solutions will continue to evolve as the threat landscape does.
Kaspersky Lab has been protecting businesses from cyber-threats for over 20 years. Kaspersky Fraud Prevention is now using that experience to help businesses protect their customers from fraud-related attacks. The company’s fraud prevention division claims a growing presence in Europe, the Middle East and Latin America. Kaspersky Fraud Prevention was recently at Money 20/20 Europe to display their readiness to work with all types of businesses that want to protect their online accounts, from financial institutions and gaming merchants to airlines and other e-commerce sites. About-Fraud.com discusses below Kaspersky’s approach to fraud prevention with company fraud consultant Emma Mohan-Satta following their appearance at Money 20/20 Europe.
RS: What type of products do you offer merchants to protect them from fraud?
EMS: We offer on-device protection as well as a cloud-based solution that gathers intelligence through an SDK [software development kit] for mobile and JavaScript for browsers. Our analysis can be output to a fraud prevention rules engine or a data management tool for further analysis by the merchant and/or customers by logging in directly to our console to gain further information about suspicious incidents. Our fraud prevention intelligence is designed to complement a merchant’s existing fraud prevention screening, offering an additional layer of intelligence.
RS: How does Kaspersky’s fraud solution differ from the machine learning fraud startups getting a lot of buzz in the market?
EMS: Kaspersky Fraud Prevention believes that machine learning is a valuable tool for understanding vast amounts of data for a specific purpose. However, we power our technology through human intelligence to ensure we have a clear picture of the evolving threat landscape and to ensure our solution continues to meet the needs of our customers while understanding the newly-emerging attack vectors. Thanks to our lengthy experience in cybersecurity and our strength in threat-research globally, we are uniquely positioned to offer a truly cutting-edge fraud solution by layering multiple types of analysis (behavioral, biometric, environmental, device and malware) in a user-centric way.
This allows us to detect threats in ahead of time before a fraudster has even had the opportunity to reach the transaction stage. Our technology complements rules engines as an additional layer of intelligence for decision-making. Since we are focused on identifying threats as early as possible, we can also be used in complement to other fraud prevention offerings focused on the later stages of the process such as those with chargeback-guarantee models.
RS: What is your biggest obstacle in dealing with clients? Do you face any issues selling a fraud prevention solution from a company based in Russia?
EMS: Kaspersky Lab is a truly global cybersecurity company with offices in almost 200 countries and territories around the world. We have the ability to hire staff in the location where they are most needed by our customers and where the skill-set best suits the requirements, so our company culture is not focused on one specific region.
We identify attackers and threats from all across the world on a daily basis. If all cybercriminals came from one place as the media might like to portray, us fraud prevention professionals would have a much easier job! Our biggest challenge – and the one that makes working in this team exciting – is making sure we’re always improving our knowledge of fraud threats and making sure our technology is consistently at cutting edge when it comes to preventing fraud.
RS: What technology or features beyond machine learning do you think will become popular in fraud prevention in the future?
EMS: Anyone who attended the Money 20/20 European conference, as we did, will know that there is a lot of talk in the industry about deep learning and artificial intelligence. Meanwhile the big data and machine learning trends continue. What’s important for us is to harness those technologies for a particular purpose rather than adding them as the latest buzzwords in a list.
We believe our ability to detect threats before the transaction occurs will become increasingly important in fraud prevention. By detecting threats before they reach transaction or chargeback stage, we can make a real difference to the customer journey – reducing friction for genuine users and reducing the overall business impact of fraud by preventing fraudsters from ever gaining access to customer accounts and data.
RS: What should people in our ecosystem be expecting from Kaspersky’s fraud solution in the next 12-18 months?
EMS: From our latest B2B Financial Threats survey we know that more and more businesses are expecting their customers to go mobile in the next three years. Supporting businesses secure their journey into this space is one of our priorities and so we’re focusing on innovating new ways to protect this channel as well as helping business identify new ways to differentiate between authentic and suspicious behavior.
We’ve also got some exciting research going on into new attack vectors and so we expect to be making some announcements around our discoveries and solutions in the coming months. We believe that is important for businesses to invest in intelligence as well as products and so we can promise that Kaspersky Fraud Prevention solutions will continue to evolve as the threat landscape does.
If you haven’t experienced SIM swap fraud, count yourself lucky. It’s a relatively new, sophisticated form of fraud that allows hackers to gain access to bank accounts, credit card numbers, and other personal data. It’s tough to spot, and even tougher to undo the resulting damage.
It’s a growing trend. According to the U.S. Fair Trade Commission, there were 1,038 reported incidents of SIM swap identity theft in January 2013, representing 3.2 percent of identity theft cases that month. By January 2016, that number had ballooned to 2,658.
But there’s hope. Knowing SIM card fraud’s basics can help protect you against the most common forms, and recognizing an attack in progress can help you head off the worst of its effects.
What is a SIM swap scam?
A cellphone SIM card stores user data in GSM (Global System for Mobile) phones. They’re principally used to authenticate cellphone subscriptions — without a SIM card, GSM phones aren’t able to tap into any mobile network.
SIM swap fraud is a type of identity theft that exploits the SIM system’s biggest vulnerability: Platform agnosticism.
“Unlike mobile malware, SIM fraud attacks are usually aimed at profitable victims that have been specifically targeted through social engineering.”
“It’s a way attackers are attempting to gain access to their target’s cell phone communications,” Andrew Blaich, a security researcher at Lookout, told Digital Trends. “There are many public cases of attackers social engineering their way through a cellular company’s representative to get a SIM card issued for an account the attacker doesn’t own or have access to. It appears to be easy to do as all you need is a willing/susceptible representative at any cellular phone store.”
Emma Mohan-Satta, a fraud prevention consultant at Kaspersky Labs, told Digital Trends that a growing reliance on phone-based authentication has made SIM swapping an increasingly lucrative enterprise.
“A high proportion of banking customers now have mobile phone numbers linked with their accounts, and so this attack is becoming common in some regions where this attack was not previously so common,” Mohan-Satta said. “Unlike mobile malware, SIM fraud attacks are usually aimed at profitable victims that have been specifically targeted through successful social engineering.”
Laying the groundwork for a SIM swap scheme involves collecting as much information about the victim as possible. Fraudsters might send phishing mail — messages that impersonate legitimate businesses like credit card companies and health insurers — intended to fool victims into forking over their legal names, dates of birth, addresses, and phone numbers. Unfortunately, many people can’t tell the difference between real emails and phishing emails. Alternatively, they might scrape public websites, social media, and data dumps from criminals who specialize in collecting personal data.
Once SIM criminals have gathered enough information on a target, they create a false identity. First, they call the victim’s cellphone provider and claim that his or her SIM card has been lost or damaged. Then, they ask the customer service representative activate a SIM card or number in their possession.
Most cellphone service providers won’t acquiesce to those requests unless callers answers security questions, but SIM fraudsters come prepared, using the personal data they’ve collected from across the web to defeat the carrier’s security checks without raising any alarms.
Once they’ve gained unfettered access to a victim’s phone number, criminals target bank accounts.
“The attacker can read your SMS messages and see who you’re chatting with and what about,” Blaich said. “Many banks will send you a code to log into an account or reset a password to a mobile phone via SMS, which means an attacker committing SIM fraud can request and receive the code and access your bank.”
Next, SIM fraudsters mask money withdrawals using a parallel system. They create a second bank account under the victim’s name (banks where the victim is already a customer have fewer security checks). When the criminals execute a transfer between the two accounts, it appears to the bank’s computer system as though the victim is transferring funds between two parallel accounts.
Signs of SIM swap fraud
It’s tough to detect SIM card fraud before it happens. Most victims discover they’ve been compromised when they try to place a call or text. Once the perpetrators deactivate a SIM, messages and calls won’t go through. But some banks and carriers have instituted protections that prevent SIM swap fraud before it happens.
“There are multiple organizational and technical ways to combat SIM fraud — from introducing user alerting and additional checks for SIM reissuing to sharing knowledge of SIM swap activity between banks and phone companies,” Mohan-Satta said. “Banks can also consider looking for behavioral changes through behavioral analysis technology that can indicate a compromised device. This information may then be used by a bank to avoid sending SMS passwords to compromised devices and as an early way to alert the genuine customer.”
Some institutions call customers to determine whether they got a new SIM card or alert them that someone is potentially impersonating them.
Martin Warwick, FICO’s fraud chief in Europe, the Middle East, and Africa, told CreditCards.com that an increasing number of banks use the IMSI (International Mobile Subscriber Identity) — a unique number associated with a specific GSM phone — to ensure one-time use codes are sent only to legitimate subscribers.
“It is possible to check whether your SIM card number and your international mobile subscriber identity (IMSI) are the same,” Warwick said. “If there is a discrepancy, your bank could contact you by email or landline to check.”
Banks in the U.K., including the Lloyds Banking Group and Santander, say they’re working with network providers on the issue. Groups like the Financial Fraud Action UK actively partner with telecommunications companies to educate subscribers about SIM swapping.
How to prevent SIM swap fraud
Major carriers in the U.S. offer security that can help protect against SIM card swapping.
AT&T has “extra security,” a feature that requires you provide a passcode for any online or phone interactions with an AT&T customer representative. You can turn it on by logging into AT&T’s web dashboard or the myAT&T app.
Sprint asks customers to set a PIN and security questions when they establish service.
T-Mobile lets subscribers create a “care password,” which it’ll require when they contact T-Mobile customer service by phone. You can set one up by visiting a T-Mobile store or by calling customer care.
Verizon allows customers to set an account PIN, which they can do by editing their profile in their online account, calling customer service, or visiting a Verizon store.
The easiest way to prevent SIM card fraud is by exercising a few common-sense rules, Mohan-Satta said.
“Users should avoid revealing too much personal data online, and check on what alerts can be set up with their bank or phone company to identify any attempts to access their account,” she said.
“Avoid using SMS as a primary method of communication because the data is not encrypted.”
Another good practice is using encrypted messaging apps that aren’t as prone to snooping as SMS. Blaich suggests enabling two-factor authentication, which requires a randomly generated passcode in addition to a username and password, on sensitive social media, credit card, and bank accounts.
“Users can best protect themselves by using services that don’t use SMS for their codes and use authenticator apps like Google Authenticator or any number of other apps that provide a similar service,” he said. “You should also avoid using SMS as a primary method of communication because the data in an SMS is not encrypted and is capable of being snooped on easily. Users should switch to messaging apps or services like iMessage, WhatsApp, Signal, etc. for any messages you wish to be private.”
It never hurts to exercise due diligence. Blaich recommends checking with your cellphone company every couple of weeks to see if any SIM cards have been issued without your knowledge.
If you’re the victim of a SIM swap scam, it’s not the end of the world. Mohan-Satta says that acting quickly can minimize the amount of damage inflicted by fraudsters.
“Inform the bank or phone company as soon as you have any suspicions to reduce the impact of the attack,” she said.
Earlier this year, hackers exploited vulnerabilities in the Signaling System No. 7 (SS7) protocols to sidestep two-factor authentication and steal funds from German victims’ bank accounts, according to Germany’s Suddeutsche Zeitung.The hackers stole bank login credentials via phishing emails that appeared to come from the victims’ banks, then leveraged flaws in SS7 to redirect the SMS messages required to confirm funds transfers.
“Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January,” a representative of Germany’s O2 Telefonica said, according to Ars Technica. “The attack redirected incoming SMS messages for selected German customers to the attackers.”
Ars Technica notes that security researcher Karsten Nohl demonstrated the potential impact of the flaws in SS7 last year by recording calls and tracking the location of U.S. Rep. Ted Lieu.
Earlier this week, Lieu tweeted, “I’ve been screaming for FCC & telecom industry to fix #SS7 security flaw. Perhaps bank losses will get them to act.”
“EVERYONE’S BANK ACCOUNT IS AT RISK until FCC and telecom industry fix the devastating #SS7 flaw,” he added.
A Warning to Mobile Operators
Mark Windle, strategy and marketing director for security at Mavenir, told eSecurity Planet by email that the news should serve as a warning to the mobile community. “Operators are already collaborating to better understand the ways in which vulnerabilities can be exploited, and mitigate them,” he said.
“Legacy SS7 technology may eventually be replaced by Diameter or SIP, but SS7 will be around for at least the next 10 years, and simply closing a protocol isn’t the solution,” Windle added. “As long as there is national and international interconnect access, the window will still be there.”
“In the meantime, by continuing to address security flaws in signaling protocols by using an optimal, multi-layer solution, operators can increase subscriber trust levels, decrease churn rates and, most importantly, protect mobile devices,” he said.
Balancing Security and Convenience
A recent survey of more than 800 representatives from financial institutions worldwide found that 24 percent of banks struggle with the identification of their customers when delivering digital and online banking services.
The survey, sponsored by Kaspersky Lab and conducted by B2B International, also found that 30 percent of banks have had security incidents affecting banking services delivered via the Internet, and 59 percent anticipate an increase in financial losses due to fraud in the next three years.
Thirty-eight percent of respondents said balancing prevention techniques with customer convenience is one of their specific concerns.
“While thinking of different approaches to secure digital and mobile channels, banks naturally avoid putting too much pressure on customers,” Kaspersky Lab head of fraud prevention Alexander Ermakovich said in a statement.
Earlier this year, hackers exploited vulnerabilities in the Signaling System No. 7 (SS7) protocols to sidestep two-factor authentication and steal funds from German victims’ bank accounts, according to Germany’s Suddeutsche Zeitung.The hackers stole bank login credentials via phishing emails that appeared to come from the victims’ banks, then leveraged flaws in SS7 to redirect the SMS messages required to confirm funds transfers.
“Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January,” a representative of Germany’s O2 Telefonica said, according to Ars Technica. “The attack redirected incoming SMS messages for selected German customers to the attackers.”
Ars Technica notes that security researcher Karsten Nohl demonstrated the potential impact of the flaws in SS7 last year by recording calls and tracking the location of U.S. Rep. Ted Lieu.
Earlier this week, Lieu tweeted, “I’ve been screaming for FCC & telecom industry to fix #SS7 security flaw. Perhaps bank losses will get them to act.”
“EVERYONE’S BANK ACCOUNT IS AT RISK until FCC and telecom industry fix the devastating #SS7 flaw,” he added.
A Warning to Mobile Operators
Mark Windle, strategy and marketing director for security at Mavenir, told eSecurity Planet by email that the news should serve as a warning to the mobile community. “Operators are already collaborating to better understand the ways in which vulnerabilities can be exploited, and mitigate them,” he said.
“Legacy SS7 technology may eventually be replaced by Diameter or SIP, but SS7 will be around for at least the next 10 years, and simply closing a protocol isn’t the solution,” Windle added. “As long as there is national and international interconnect access, the window will still be there.”
“In the meantime, by continuing to address security flaws in signaling protocols by using an optimal, multi-layer solution, operators can increase subscriber trust levels, decrease churn rates and, most importantly, protect mobile devices,” he said.
Balancing Security and Convenience
A recent survey of more than 800 representatives from financial institutions worldwide found that 24 percent of banks struggle with the identification of their customers when delivering digital and online banking services.
The survey, sponsored by Kaspersky Lab and conducted by B2B International, also found that 30 percent of banks have had security incidents affecting banking services delivered via the Internet, and 59 percent anticipate an increase in financial losses due to fraud in the next three years.
Thirty-eight percent of respondents said balancing prevention techniques with customer convenience is one of their specific concerns.
“While thinking of different approaches to secure digital and mobile channels, banks naturally avoid putting too much pressure on customers,” Kaspersky Lab head of fraud prevention Alexander Ermakovich said in a statement.
According to the latest Financial Institutions Security Risks survey, 24 per cent of banks worldwide struggle with the identification of their customers when delivering digital and online banking services. As more than half of banks (59 per cent) anticipate growing financial losses due to fraud in the next three years, the verification of a user’s identity should be taking central stage in the cybersecurity strategies of financial institutions, Kaspersky Lab warns.
With the rise of online and mobile banking, customers are not only becoming victims of financial fraud, but also a major entry point for attacks on banks’ digital channels. According to the research, in 2016, 30 per cent of banks have had security incidents affecting banking services delivered via the Internet — with phishing against customers, and using customer credentials for fraudulent activities, as the top contributing factor leading to the attacks.
Banks find themselves in need of security technologies that do not undermine the customer experience: 38 per cent of the organisations surveyed confirm that balancing prevention techniques and customer convenience is one of their specific concerns.
“While thinking of different approaches to secure digital and mobile channels, banks naturally avoid putting too much pressure on customers. Online banking should preserve its main benefits: as a convenient way of making financial transactions in seconds. That is why we are working on technologies that help to protect both banks and their customers without adding an extra security routine to the user’s experience,”said Alexander Ermakovich, Head of Fraud Prevention at Kaspersky Lab.
In addition to two-factor authentication and other security procedures used by banks, Kaspersky Lab recommends implementing dedicated solutions that can help to identify whether a person is authorised, without requiring additional actions from the user. The Kaspersky Fraud Prevention platform accumulates and analyses user behaviour, device, environment and session information as anonymised and depersonalised big data in the cloud. Risk Based Authentication (RBA) assesses possible risks before a user’s login, while Continuous Session Anomaly Detection identifies account takeover, money laundering, automated tools or any suspicious processes during the session.
As a result, the platform provides protection not only at the stage of login, but also during the session itself, while customers do not have extra authorisation stages to pass through.
To learn more about the Kaspersky Fraud Prevention platform please visit the website.
According to the latest Financial Institutions Security Risks survey, 24 per cent of banks worldwide struggle with the identification of their customers when delivering digital and online banking services. As more than half of banks (59 per cent) anticipate growing financial losses due to fraud in the next three years, the verification of a user’s identity should be taking central stage in the cybersecurity strategies of financial institutions, Kaspersky Lab warns.With the rise of online and mobile banking, customers are not only becoming victims of financial fraud, but also a major entry point for attacks on banks’ digital channels. According to the research, in 2016, 30 per cent of banks have had security incidents affecting banking services delivered via the Internet — with phishing against customers, and using customer credentials for fraudulent activities, as the top contributing factor leading to the attacks.
Banks find themselves in need of security technologies that do not undermine the customer experience: 38 per cent of the organisations surveyed confirm that balancing prevention techniques and customer convenience is one of their specific concerns.
“While thinking of different approaches to secure digital and mobile channels, banks naturally avoid putting too much pressure on customers. Online banking should preserve its main benefits: as a convenient way of making financial transactions in seconds. That is why we are working on technologies that help to protect both banks and their customers without adding an extra security routine to the user’s experience,”said Alexander Ermakovich, Head of Fraud Prevention at Kaspersky Lab.
In addition to two-factor authentication and other security procedures used by banks, Kaspersky Lab recommends implementing dedicated solutions that can help to identify whether a person is authorised, without requiring additional actions from the user. The Kaspersky Fraud Prevention platform accumulates and analyses user behaviour, device, environment and session information as anonymised and depersonalised big data in the cloud. Risk Based Authentication (RBA) assesses possible risks before a user’s login, while Continuous Session Anomaly Detection identifies account takeover, money laundering, automated tools or any suspicious processes during the session.
As a result, the platform provides protection not only at the stage of login, but also during the session itself, while customers do not have extra authorisation stages to pass through.
To learn more about the Kaspersky Fraud Prevention platform please visitthe website.
Banks and other financial institutions spend three times the amount non-financial organisations are spending on cyber security, a new report by Kaspersky Lab has shown.
According to the Financial Institutions Security Risks research from Kaspersky Lab and B2B International, cyber security is a high priority for financial institutions, as they’re coming under increased pressure from the government, top management and customers.
It was said that almost two thirds (64 per cent) of all financial institutions will improve their IT security, regarding of the RoI.
Banks are mostly getting ready for the full takeover of mobile. More than four in ten (42 per cent) of banks predict the overwhelming majority of their customers will be using mobile banking in three years.
At the same time, an average firm is handling almost ten thousand devices.
Phishing seems to be the biggest security threat, with almost half (46 per cent) of banks saying their customers are being attacked on an everyday basis, and 70 per cent of banks reported financial fraud incidents that led to loss of money.
“Combatting the constantly changing threats targeting their own IT infrastructure and customer accounts is an everyday challenge for financial institutions,” commented Veniamin Levtsov, Vice President, Enterprise Business at Kaspersky Lab.
“To put an effective response in place – that protects all points of vulnerability – requires the financial services industry to have several key components: build a highly integrated anti-targeted attacks protection, embrace multi-channel anti-fraud security and get actionable intelligence on evolving threats.”
Banks and other financial institutions spend three times the amount non-financial organisations are spending on cyber security, a new report by Kaspersky Lab has shown.
According to the Financial Institutions Security Risks research from Kaspersky Lab and B2B International, cyber security is a high priority for financial institutions, as they’re coming under increased pressure from the government, top management and customers.
It was said that almost two thirds (64 per cent) of all financial institutions will improve their IT security, regarding of the RoI.
Banks are mostly getting ready for the full takeover of mobile. More than four in ten (42 per cent) of banks predict the overwhelming majority of their customers will be using mobile banking in three years.
At the same time, an average firm is handling almost ten thousand devices.
Phishing seems to be the biggest security threat, with almost half (46 per cent) of banks saying their customers are being attacked on an everyday basis, and 70 per cent of banks reported financial fraud incidents that led to loss of money.
“Combatting the constantly changing threats targeting their own IT infrastructure and customer accounts is an everyday challenge for financial institutions,” commented Veniamin Levtsov, Vice President, Enterprise Business at Kaspersky Lab.
“To put an effective response in place – that protects all points of vulnerability – requires the financial services industry to have several key components: build a highly integrated anti-targeted attacks protection, embrace multi-channel anti-fraud security and get actionable intelligence on evolving threats.”
Kaspersky Lab has released Kaspersky Fraud Prevention Cloud, a new solution for organizations facing risks from fraudulent activity via fast-growing online services. In addition to fraud prevention solutions for endpoints and mobile devices within Kaspersky Fraud Prevention platform, the new product features a set of cloud-based technologies designed to give banks, financial institutions, loyalty schemes providers and government agencies protection against fraudsters. These include a global device reputation database, device and environmental analysis, behavioral analysis and biometrics, and clientless malware detection.
With the rise of online and mobile banking, organizations need to fight fraud and money laundering while also ensuring protection for their users. For example, one in four customers of banks have been a victim of financial fraud in the last year[1]. The new fraud prevention offering from Kaspersky Lab delivers multi-channel protection for both organizations and users, resulting in reduced losses from fraud and controlled prevention costs.
The solution incorporates advanced technologies to improve the visibility and detection of suspicious activity without undermining the user experience. Behavioral analysis and biometrics help to identify whether a person is real, without any additional actions or procedures required by the user. Behavior is analyzed through mouse movements, clicks, scrolls, keystrokes on PCs, and accelerometer/gyroscope position and gestures (touch, swipes and etc.) on mobile devices.
Kaspersky Fraud Prevention Cloud accumulates and analyzes user behavior, device, environment and session information as anonymized and depersonalized big data in the cloud, making it available to expert forensics and automatic offline analysis. This new information feeds into an organizations internal Enterprise Fraud Management system, which enables proactive fraud detection in real time, even before a transaction occurs. This approach is based on Humachine intelligence by Kaspersky Lab — a combination of big data and threat research analysis with machine learning algorithms and the expertise of the company’s best security teams.
Risk Based Authentication (RBA) assesses the risks before a user is logged into a digital channel, providing decisions to internal back-end systems on whether to proceed, request additional authentication information or block access until further verification. This feature improves usability for ‘legitimate users’ by decreasing the number of authentication stages, while the ‘unauthorized users’ are detected before they commit any fraudulent activity.
Continuous Session Anomaly Detection also helps to maximize fraudulent detection by identifying account takeover, new account fraud, money laundering, automated tools or any suspicious processes that occur during the session. As such, Kaspersky Fraud Prevention Cloud acts not only during the login process, but also during the whole session, building statistical models of various behavioral patterns with the help of machine learning technologies.
Clientless malware detection as part of Kaspersky Fraud Prevention Cloud combines direct and proactive detection techniques. The first identifies whether a customer’s device is used to directly attack a particular organization’s digital services. The second helps to identify malware that is not affecting the organization directly but may potentially be adapted for this purpose in the future. This helps a company to minimize risks and avoid losses of an actual attack when one occurs.
“Within our Fraud Prevention team, we have a dedicated group of experts — our Fraud Research and Analysis Group — that provides support to clients in mitigating fraud risks, conducting forensics of fraud incidents, and controlling fraud prevention costs. Relying on our expertise, we offer consulting and incident response services for highly complicated fraud attacks. This expertise feeds into our cloud solution, improving it and ensuring it is ready to help our clients fight the constantly evolving threats and fraud tactics.” said Alexander Ermakovich, Head of Fraud Prevention, Kaspersky Lab.
Kaspersky Fraud Prevention Cloud is available around the world. More information about the solution, pricing and contact information for potential customers is available on the website.
Kaspersky Lab has released Kaspersky Fraud Prevention Cloud, a new solution for organizations facing risks from fraudulent activity via fast-growing online services. In addition to fraud prevention solutions for endpoints and mobile devices within Kaspersky Fraud Prevention platform, the new product features a set of cloud-based technologies designed to give banks, financial institutions, loyalty schemes providers and government agencies protection against fraudsters. These include a global device reputation database, device and environmental analysis, behavioral analysis and biometrics, and clientless malware detection.
With the rise of online and mobile banking, organizations need to fight fraud and money laundering while also ensuring protection for their users. For example, one in four customers of banks have been a victim of financial fraud in the last year[1]. The new fraud prevention offering from Kaspersky Lab delivers multi-channel protection for both organizations and users, resulting in reduced losses from fraud and controlled prevention costs.
The solution incorporates advanced technologies to improve the visibility and detection of suspicious activity without undermining the user experience. Behavioral analysis and biometrics help to identify whether a person is real, without any additional actions or procedures required by the user. Behavior is analyzed through mouse movements, clicks, scrolls, keystrokes on PCs, and accelerometer/gyroscope position and gestures (touch, swipes and etc.) on mobile devices.
Kaspersky Fraud Prevention Cloud accumulates and analyzes user behavior, device, environment and session information as anonymized and depersonalized big data in the cloud, making it available to expert forensics and automatic offline analysis. This new information feeds into an organizations internal Enterprise Fraud Management system, which enables proactive fraud detection in real time, even before a transaction occurs. This approach is based on Humachine intelligence by Kaspersky Lab — a combination of big data and threat research analysis with machine learning algorithms and the expertise of the company’s best security teams.
Risk Based Authentication (RBA) assesses the risks before a user is logged into a digital channel, providing decisions to internal back-end systems on whether to proceed, request additional authentication information or block access until further verification. This feature improves usability for ‘legitimate users’ by decreasing the number of authentication stages, while the ‘unauthorized users’ are detected before they commit any fraudulent activity.
Continuous Session Anomaly Detection also helps to maximize fraudulent detection by identifying account takeover, new account fraud, money laundering, automated tools or any suspicious processes that occur during the session. As such, Kaspersky Fraud Prevention Cloud acts not only during the login process, but also during the whole session, building statistical models of various behavioral patterns with the help of machine learning technologies.
Clientless malware detection as part of Kaspersky Fraud Prevention Cloud combines direct and proactive detection techniques. The first identifies whether a customer’s device is used to directly attack a particular organization’s digital services. The second helps to identify malware that is not affecting the organization directly but may potentially be adapted for this purpose in the future. This helps a company to minimize risks and avoid losses of an actual attack when one occurs.
“Within our Fraud Prevention team, we have a dedicated group of experts — our Fraud Research and Analysis Group — that provides support to clients in mitigating fraud risks, conducting forensics of fraud incidents, and controlling fraud prevention costs. Relying on our expertise, we offer consulting and incident response services for highly complicated fraud attacks. This expertise feeds into our cloud solution, improving it and ensuring it is ready to help our clients fight the constantly evolving threats and fraud tactics.” said Alexander Ermakovich, Head of Fraud Prevention, Kaspersky Lab.
Kaspersky Fraud Prevention Cloud is available around the world. More information about the solution, pricing and contact information for potential customers is available on the website.
Some institutions call customers to determine whether they got a new SIM card or alert them that someone is potentially impersonating them.