Banks need to know more about customers to fight cross-channel fraud - ThreatMetrix

According to data from US provider of integrated cybercrime prevention solutions ThreatMetrix, cross-channel attacks are continuing to be effective because many banks are offering a broader range of customer self-service capabilities but have still failed to integrate the different systems supporting the various customer contact channels they offer. This means that there is no way to detect and correlate suspicious behaviour across these channels.

Research highlights that in an effort to accommodate customer demands for speed and convenience, banks rely heavily on information technology capabilities where automated processes use rules to validate a persons identity and approve a transaction.

ThreatMetrix outlines a scenario in which a cyber-criminal plants a Trojan using a targeted spearphishing attack, planting malware that steals the users email ID and password. This information is then used to log in and check on the users activity, with social-media research used to collect personal information about the victim.

Phone calls to the bank allow the perpetrator to offer correct responses to the banks challenge/response questions paving the way for full online access to be granted, a new account to be created online and money transferred from the victims account into the new account.

Because many of these steps have been automated in the name of efficiency, gaps in the banks security profile leave many institutions exposed to cross-channel attacks.

According to the survey, such risks point out that the importance of developing security analytics capabilities that span all customer-facing channels rather than treating web, mobile, contact centre and branch processes as completely separate entities. The study also unveils that the key to preventing this is for a bank to have a more complete profile of their customer than a cybercrook could possibly obtain. This involves the use of analytics to understand each customers online behaviour over time, where they are likely to be located, what devices they use, and what activities they normally execute.