New payment methods fuel cyberattacks
Law enforcement and financial institutions discuss balancing risk and consumer experience
By Ellen Joyner-Roberson, Fraud, Financial Crimes, SAS
New payment methods (NPMs) are fueling a rush of cyber-attacks across the world, so collaboration between law enforcement and financial institutions is critical to protecting consumers’ money. Discussions about collaboration between the private and public sector are not new, but the importance is increasing and expanding to include Internet service providers (ISP), communication companies and regulators are joining the team.
M-payments, the umbrella term for electronic and digital payments, change the way traditional banks and money service businesses operate. Mobile banking is on the rise for conveniences such as accessing bank accounts; receiving debit and credit alerts and statements via SMS; checking balances and recent transactions by browsing a mobile-enabled website; conducting basis operations via a menu; or transferring funds and paying bills using a smart phone application. Even though mobile banking poses many challenges for increased fraud attacks, it can also fundamentally change the banking experience and strengthen customer-bank relationships.
Banks can seize mobile payments as a new revenue opportunity, provided they define a clear strategy, weigh the risks and invest accordingly.
Juniper Research projects mobile payments to reach $1.3 trillion globally in five years. With this projected growth in M-payments, cybercrime, identity theft and intrusion detection are the top three targets for fraud attacks. Javelin Strategy & Research consumer data shows that more than 10 percent of identity fraud victims – who were aware of the breach – knew their information was stolen while making online purchases. Another 9 percent reported that leaked information was due to stolen password or keystroke capture. The report shows that mobile devices are more prone to severe threats than personal computers due to lack of security measures such as anti-malware software, personal firewalls and built-in web browsers security tools, which are common to personal computers.
Account takeover is one of the first steps in a cybercrime and identity theft process. With the current lack of security for the new mobile channel, this becomes one of the biggest vulnerabilities for financial institutions. Phishing or smishing (using a mobile device) is a type of attack that is often used with account takeover and has evolved. It not only looks to steal customers’ credentials but also infects their machines with malware. This scenario is a growing threat for mobile and e-channel fraud.
Best practices for arming your organization
- Cross sector communication and education. Understand new technologies, share topologies, so you can understand the latest threats and build out fraud monitoring systems to look for these new attacks. Seek to build out joint relationships with mobile network providers and law enforcement.
- Link information across channels, products, and businesses. Investigators need to more easily link information so they can see a holistic picture of how fraud might be occurring. Is it starting in the call center, and then moving to the online channel and possibly the mobile payment channel?
- Increased security measures. New payment companies and apps are constantly entering the market. Understand the security threats they pose. For example, some of these new payments systems do not encrypt the data.
Keep in mind that ultimately the consumer wants their money to be safe and protected, so banks need to balance risk with client appeal. These new mobile payment channels are very appealing to fraudsters, so they will continue to lure consumers for quick and convenient transactions. Banks can seize mobile payments as a new revenue opportunity, provided they define a clear strategy, weigh the risks and invest accordingly.
Challenges of combatting cybercrime
- Keeping up with the arms race for equipment and technology.
- Managing massive amounts of data.
- Making sense of what's occurring - fast.
- Getting too many alerts.
- Handling emerging threats.