Community
Among the lending firms that fall victim to hacker attacks, mid-large ones surprisingly become the primary targets. LexisNexis reports that only last year, 2,000 mid-large financial services firms and over 1,500 loan vendors suffered from hackers each month. For smaller companies, the figures are more modest: 1,000 and 640 monthly attacks, respectively.
Further, we will discuss how it came down to that, following LexisNexis' latest report.
What Factors Condition Fraud?
Move to Mobile
In 2018, 69% of lending firms already used mobile as a service distribution channel. By now, nothing has changed much, with over 71% of those performing online transactions.
However, a shift to mobile carries individual risks with itself, most of which address user experience. Public Wi-Fi connections, SMS, passwords, and ever privacy policy checkboxes are prone to man-in-the-middle attacks.
More Cross-border Transactions
As of now, of all trades conducted by mid-large neobanks, around 21% are international. A significant increase compared to 12% in 2018. The emerging payment methods are “dark horses” for regulators and customers themselves, as both often find it difficult to determine where transactions came from. Consequently, companies lack credible data about customers, and those located in European countries that seek to meet GDPR, feel that absence the most.
Botnets Prevail
Most lenders report the sustainable growth of hacker attacks. Some of these already estimate the likelihood of botnet activities to get ready in advance, and traditional banks do the same.
On average, successful botnet attacks fluctuate between 1% and 5%, with small banks taking the major hit. On smartphones, attacks are even more sophisticated; through secretly installed malware, hackers can access personal financial accounts and make purchases.
Fake Identities
While fraudsters invent new ways to fool the system with false identities, we will dwell on the most popular ones. One of these is a single fake identity with real credentials, like SSN, date of birth, billing and shipping address, and other data, well-suited for quick purchases. Alternatively, hackers may use the “mix” of valid customer’s data and fake information to create “an impression” of good credit history.
Finally, the data may be totally fabricated, yet seem real, like an SSN with the same range as the Social Security Administration uses for random selection of SSNs. Works well for long-time fraud.
Here's a short explanation video: https://youtu.be/dGCr-RVwkGs
This method is, perhaps, the most dangerous as it complicates the validation process for lenders. Both fraudsters and customers access services from any part of the world, sharing sensitive data across devices. Traditional authentication methods are no longer effective here, especially when dealing with professional hackers.
How to Mitigate Risks?
To minimize the threat, you should put the right measures in place. Consider the following most efficient and sophisticated ones.
Transaction Monitoring
Tracking transaction histories of each borrower will help you detect if the card volumes match. The right measure when dealing with quick payments, “artificial” identities, and botnets. Besides that, you could authenticate users with the right BI-based analytics software.
Data Authentication
You can verify personal data (the customer’s name, address, birthdate), or assign an individual CVV code to the customer’s card. Specialized payment verification tools and services that verify a person from a synthetic ID or bot should help you here.
ID Authentication
For ID authentication, you should verify data shared by the customer. Be creative; create a quick quiz with only one right answer or take a more “intelligent” approach with two-factor authentication. A sure way to weed out fakes!
Behavioral Analytics
Automate botnet attacks, specifically those targeting mobile devices, deserve particular consideration. To cope with those, you should analyze how users interact with devices, mainly taps and keystrokes. Even a casual overview helps to detect abnormal behavior. AI-driven tools, like biometric and email authentication and fingerprint validation, can resolve these security issues!
To Sum Up
Financial firms and fintech service providers should put the question of maximum security on top of their agenda. By taking a multi-level approach to safeguarding the data and protecting vulnerable spots, they can ensure the necessary level of security.
Remember that threats are versatile and may come from where you less expect them; false identities and scam transactions may be the least of your concerns, since fraudsters may create even more sophisticated ways to compromise your operation.
Eventually, even a feature-rich software is not a “silver bullet” in your fight against fraud. Web and mobile applications have different security issues and are even susceptible to different types of attacks. Thus, consider implementing a dedicated solution for web and mobile if your financial application is presented on each.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Alex Kreger Founder & CEO at UXDA
27 November
Kathiravan Rajendran Associate Director of Marketing Operations at Macro Global
25 November
Vitaliy Shtyrkin Chief Product Officer at B2BINPAY
22 November
Kunal Jhunjhunwala Founder at airpay payment services
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.