Banks battling a barrage of cyber attacks

A new study reveals that the use of 'black box' physical malware attacks is on the rise at European ATMs

Banks are under cyber attack every day and although this sector has made great strides, their ability to detect a breach and take immediate action is still a work in progress. According to an Accenture survey, senior bank staff who participated believe their cyber security defenses are secure even though one-third of attempts by cybercriminals to breach banks are successful.

Online fraud is one of the biggest challenges for the financial community. Just this past year, NuData scientists discovered a 400% year-over-year increase in sophisticated automation that created a spike in application fraud and account takeover attacks.

Varied Cyber Attacks

There are so many different types of cyber attacks and they are dynamically changing every day. Up to $1 billion has been stolen over the last two years from financial institutions worldwide due to cybercrime. The Aite Group projects that card-not-present fraud alone is estimated to jump to $7.2.billion by 2020. Identity fraud has resulted in cybercriminals stealing $112 billion in the past six years, which equals on average about $35,600 stolen per minute according to the Javelin Group.

Cybercriminals employ a variety of techniques while leveraging outdated security technologies to steal money and financial data from banks, credit unions, financial institutions and consumers. Cybercriminals keep up the pressure by utilizing social media to launch sophisticated phishing schemes to snag an unwitting consumer and steal their banking credentials. Those banking credentials are then used to take over accounts, to grab money, set up new fraudulent accounts, apply for credit or to apply for loans.

Services Expanding the Threat Landscape

Automated banking will be the next big evolution for the banking sector as traditional in-bank transactions will become very much like online transactions.  Alternative payment systems, virtual currencies and crowdfunding are pushing financial institutions to innovate at a rapid pace. Cardless ATM transactions are one example.

However, while all these new innovations are meant to service the customer, it also serves to expand the threat landscape. The challenge comes down to rapidly identifying real customers from cybercriminals, with the fewest barriers to the actual customer.

Identifying the Forest for the Trees

Cutting down on fraud will all come down to authentication, which has become much more complicated since just showing a driver’s license was originally needed. Now banks will have to implement layered security incorporating a multi-modal approach including passive and active biometrics and behavioral analytics to identify real customers online or for automated banking.

Passive biometrics and behavioral analytics is a premier technology solution that banks are employing to identify customers by their natural behaviors instead of just a password, token or a question.  This combination focuses on observed characteristics combined with specific behaviors to identify true customers. For example repeated behavior that occurs every time a specific customer interacts with bank technologies is similar to what the customer normally does; it would be considered a good user. However, if the exact same behavior occurs with 1,000 users and keeps repeating, it could indicate that this behaviour is part of a potentially distributed, low velocity cyber attack – the kind of attack that exposes banks to large losses. Observing user behavior in detail enables banks to beat fraud while not inconveniencing their customers. The additional benefit is that this technology can also help banks close the gap if there is a shortage of IT talent.


Image: iStock/hh5800

Written by Robert Capps

Robert Capps is the vice president of Business Development for NuData Security. He is a recognized technologist, thought leader and advisor with more than 20 years of experience in the design, management and protection of complex information systems – leveraging people, process and technology to counter cyber risks.