Digital Banking Security

Fraud Attacks Increase Amid Rising Digital Banking Adoption

The COVID-19 pandemic and the measures put in place to limit the spread of the virus have drastically accelerated adoption of digital banking and contactless payments. Across Southeast Asia, banks have ramped up their digital efforts to respond to the rapidly changing financial landscape.

In Singapore, Standard Chartered intends to spend US$5 million in the next three years for growth and digitalization. The British bank has 10,000 employees dedicated to growth and digitalization initiatives in the city-state. More than 1,200 job positions focus on online banking-related fields including cloud and data analytics.

United Overseas Bank (UOB)’s digital bank TMRW officially launched in Indonesia in August 2020, a move that followed the digital bank’s first launch in Thailand back in March 2019. With this offering, the Singaporean bank said it is targeting Indonesia’s generation of “enterprising and digitally savvy customers,” providing local customers with a fully digital banking experience and an account opening process that’s intuitive, seamless, fast and secure.

But the shift to digital channels has also led a sharp increase in fraud attacks. According to Tom Kellerman, head of cybersecurity strategy at American software company VMware, cyber-attacks against the financial sector rose by 238% between February and April 2020, the peak period when COVID-19 was spreading across much of the US.

Similarly, fraud prevention platform Arkose Labs said it detected and stopped 1.1 billion attacks in H1 2020. The number represents double the attack volume compared to H2 2019 and a 25% attack rate increase across all transactions.

The finance and fintech sector was amongst the top targets for online fraud, Arkose Labs said, with attacks levels rising significantly in Q2 2020.

Risk analytics for fraud prevention in banking

In a new whitepaper, digital security firm OneSpan explores how real-time risk analysis can help prevent fraud in banking. The paper looks into four areas of fraud where real-time risk analytics can help detect and prevent complex attacks on the digital channel.

The first area of fraud where modern risk-based analysis can provide value is account takeover fraud. This is where criminals gain access to the victim’s personal and financial data in order to steal funds or cause other forms of damage.

Traditional anti-fraud systems are based on rules and historical data. Though these solutions are good at detecting known attack patterns, they fail to identify new fraud scenarios. This ultimately leads to increased fraud, and a high proportion of false positives where non-fraudulent events are identified as fraud.

Modern risk analytics tools that leverage rules sets and machine learning are able to proactively detect signs of a takeover before it affects users.

These solutions continuously collect, analyze and score vast amounts of device, application, context and other significant data from multiple layers in real time to detect suspicious patterns of behavior and spot indicators of compromise.

They are able to provide a more detailed and accurate analysis of each user action, and can effectively spot new and emerging attack scenarios, which a rules-only system cannot achieve.

To detect signs of account takeover, the data analysis needs to assess these several layers

Modern risk analytics solutions can also help financial institutions and fintechs build and maintain trust in the mobile channel. The mobile channel has become increasingly important for customers over the past years, yet a Deloitte survey found that users are demanding greater security – in fact, 52% of the customers surveyed said they would likely bank more on a mobile app if it had stronger data security.

The third type of fraud where risk analytics can provide value is new account fraud. This is where a criminal gets onboarded by a financial institution after making an application using a synthetic identity or a stolen identity. An anti-fraud solution based on risk analysis is able to provide two key layers of protection. The first layer is applied during the onboarding phase where the solution collects and analyzes data from the device to determine whether it has been stolen or previously used in a fraud scheme. The second layer is applied as soon as an account is opened in order to study the behavior of the newly registered user and analyzes elements including his or her spending behavior, payee profile, abnormal and risky locations, and more.

The risk of new account fraud is even higher today as digital banking adoption is on the rise. A survey released earlier this year by OneSpan found that stolen identities and synthetic identities are currently the top two sources of fraud as a result of offering digital account opening.

Finally, the fourth use case of risks analytics in digital banking detailed in the OneSpan paper revolves around removing friction from the customer experience. By enabling financial institutions to obtain and analyze a broad range of data and all user actions that occurred within a session in real time, these solutions allow them to make better informed decisions and more efficiently and accurately detect fraud attempts without compromising user experience.

A rapidly changing fraud landscape

In a few months’ time, the COVID-19 pandemic has brought about years of change in the way companies in all sectors do business. According to McKinsey’s July 2020 Global Survey of executives, businesses have accelerated the digitalization of their customer and supply chain interactions, as well as their internal operations, by three to four years.

Average share of customer interactions that are digital, %, McKinsey

In the banking sector, retail banking distribution could experience up to three years of digital preference acceleration in 2020, McKinsey predicts, and in some markets, this could translate to 25% fewer branches.

Banks’ digital transformation comes on the back of shifting consumer behaviors. In the US, Goldman Sachs reported a 25% increase in the number of active users on the bank’s institutional platform amid the pandemic. A global survey conducted in April by Boston Consulting Group found that one in four people are planning to use branches less or stop visiting altogether when the crisis is over.

But as evidenced by the surge in fraudulent activity, banks are still struggling to mitigate the new risks arising from the shift of banking to digital channels. This shows that their investment in infrastructure security has failed to keep pace with their efforts to provide the digital services that customers now expects.

Digital channels have multiplied and so have the routes that fraudsters can use. In addition to that, improving technology tools are enabling criminal gangs to execute more complex frauds.

This rapidly evolving fraud landscape is forcing financial institutions and fintechs to turn to advanced risk analytics solutions for real-time fraud detection.

OneSpan’s Risk Analytics allows financial institutions to protect themselves against fraudulent activities across multiple digital channels while ensuring the best customer experiences by reducing false positives.

The solution applies multi-layered security to guarantee detection of the most complex attacks. Risk Analytics analyzes the entire consumer journey and allows end-to-end protection.

Once a customer initiates a transaction, Risk Analytics collects data from a variety of different sources. The solution then uses machine learning and data modeling to analyze and score user, device and transaction data points across multiple digital channels in real-time. Based on the risk score, Risk Analytics then automatically takes the appropriate action, whether that’s allowing the transaction, creating an activity case for review, or blocking the transaction.