Online Fraud Lessons Learned In 2021
Melissa AU Team | Fraud Prevention |
2021 has undoubtedly been a difficult year. As cities across the world went into lockdown mode, everything shifted online. We worked online from home, shopped online, banked online, and so on. As more and more people adopted a digital lifestyle, fraudsters evolved new ways to target them. They exploited the fear and uncertainty we felt as well as digital channels. In doing so, they brought to light a number of lessons we need to heed.
Fraudsters are constantly finding new ways to circumvent payment security
A large percentage of our online activity is associated with making payments. As banks build systems to protect themselves and their customers, fraudsters find loopholes and adapt their techniques to bypass the security systems. There are two techniques that have been noticed in the past year.
Phishing attacks
Most payment systems employ a one-time password (OTP) to authenticate a transaction. This password is sent to the customer through a text message or an email. To bypass this system, fraudsters call the customer pretending to be the bank or a legitimate brand and fool them into unwittingly sharing this OTP.
Alternatively, there have been instances where cybercriminals have replaced pop-up windows with their own windows disguised to mimic the original. The customer does not recognize the difference and enters the OTP. Phishing attacks like these increased by 220% in 2021 as compared to the yearly average.
SIM Swapping
Another way cyber criminals impersonate an individual is by swapping SIM cards. This involves getting the individual’s phone number switched to a new SIM card that the fraudster controls. Once this is done, the fraudster receives OTPs, etc. directly. They may also impersonate people by calling banks and asking them to change the account password or open new mobile accounts.
Behavioral Biometric Data Can Play A Key Role In Detecting Fraud
When you talk of biometrics, the reference is usually to unique physical attributes like fingerprints, voice patterns, etc. But, there is another type of biometrics – behavioral biometrics. This refers to studying activity patterns. This data is pieced together from different sources and analyzed to make security decisions in real-time.
For example, let’s say an individual usually conducts online banking transactions from their laptop. If he/she were to conduct a transaction from a mobile device, this would be tagged as an anomaly and the transaction may not be allowed to go through as it breaks the typical pattern.
Behavioral biometric data as a tool for fraud detection has gained popularity across industries. It is now seen as an indispensable tool for the financial industry. This type of analysis can help detect and prevent payment and banking fraud.
However, it cannot work in isolation. Behavioral biometrics needs to be used in tandem with other security layers. This also means that data collection agencies need to take responsibility for data security. Else, fraudsters can simply hack the system and bypass these measures.
Mobile Channels Need Protection
Much of our online shopping happens through a phone screen. The mobile environment is not the same as accessing the internet from a laptop or computer and fraudsters take advantage of its vulnerabilities. App creators and banks need to focus on this space and protect their apps by using mobile-in app protection or app shields.
For example, an app shield could monitor the app and shut it down in case any malicious behavior is noted. This creates an extra layer of protection over the protection already provided by the iOS and android platforms.
Designing Responses Is As Important As Detection Systems
The root of today’s problem is that fraudsters are constantly coming up with innovative ways to bypass security systems and continue to commit crimes. Thus, along with looking into fraud detection, we also need to simultaneously work on responding to fraud as soon as it is detected.
The idea is to respond to the attack in such a way that it is blocked from ever happening again. Machine learning and AI are likely to play major roles in this. These systems can automate predefined actions and respond to threats in real-time. They can also remember the route used for fraud and recognize similar attacks in the future.
A Final Word
Security has always been a challenge for banks as they must balance background checks with a smooth customer experience. It may be difficult but it cannot be ignored. 2021 has been proved that even when the world is fighting a pandemic, cybercriminals will continue to find new ways to cheat people.
It is thus imperative to stay vigilant and work on boosting security infrastructure. Vigilance is particularly important when introducing new products or beginning operations in new channels. We also need to look at data management more closely to utilize this resource to its full capacity.
Reflecting on the lessons of 2021 and the role behavioral biometrics has played and will continue to play in fraud prevention, we’re optimistic that 2022 can be the year financial institutions finally get ahead of evolving forms of fraud and maintain this advantage in order to safeguard customers and their hard-earned money.