LOS ALTOS, Calif., July 28 /PRNewswire/ -- Guardian Analytics, the innovator in predictive analytics-based fraud prevention software, recently hosted an exclusive industry event in San Francisco, bringing more than twenty executives from local banks and credit unions together with security, cybercrime, online banking and payments experts. Special guest speakers included the FBI, Jerry Silva, former bank executive and Tower Group analyst, and Joseph Menn, Financial Times writer and author of Fatal System Error. The educational and information sharing session focused on the challenges financial institutions face in growing the online channel and protecting it from rapidly advancing cybercrime techniques.
"Cyber criminals have developed the infrastructure to share information with each other, making them a powerful, fast-moving enemy," said Terry Austin, CEO of Guardian Analytics. "Our goal is to help financial institutions better protect their customers from fraud that stems from cyber attacks with our fraud prevention offerings. We are committed to creating information and best practice-sharing forums such as our Industry Roundtable to strengthen the knowledge and effectiveness of our network of leading edge financial institutions."
Roundtable participants shared trends in threats and fraud attacks against the online and mobile channels and discussed trends in the online and mobile channels, the need to balance security with customer convenience, and the use of customer data as they key to defending against new and emerging cyber attacks. They also discussed how they use FraudMAP® for Retail Banking and FraudMAP for Business Banking to proactively detect account takeover, even when complex Man in the Browser attacks are in play.
Trends in Online Business Banking Threats
A key takeaway from the event was that the institutions at the Roundtable continue to see fraudsters aggressively targeting their business accounts. Other observations include:
- Fraudsters are accessing online accounts through a trusted IP address with a significantly higher frequency. This change highlights the need to assume end user machines are compromised and to use online activity data to proactively detect account takeover
- Malware on users' machines that facilitates Man in the Browser attacks (e.g. Zeus) is increasing. In some cases, multiple variations were found on the same machine
- Fraudsters are defeating dual controls regularly by fraudsters adding new users or changing approval limits on existing users
- Fraud alerts are frequently re-routed or deleted by fraudsters, keeping businesses in the dark that new users are being created or money is being moved
- Money mules continue to be a popular method to rapidly move large sums of money in smaller batches
Trends in Online Retail Banking Threats
Fraudsters are also advancing their methods to gain access to and steal money from retail accounts. Common threats and attacks discussed include:
- Using information gained from an online account compromise (personal data, signatures, account numbers) to perform offline wire transfers
- Using the forgotten password feature in online banking to compromise accounts
- Fraudulently opening online access for legitimate accounts that had not previously been using online banking, followed by rapid movement of large sums of money
Common Threads across Retail and Business Banking
While the attack methods are different between retail and business banking, some common themes emerged:
- Almost all attacks included some amount of account reconnaissance, signifying that banks typically have time in between account compromise and attempted money transfer to proactively stop fraudsters in their tracks
- Fraudsters are taking the time to learn each institution's online banking platforms as well as security and payments processes and procedures in order to expedite their efforts.
- Fraudsters often prey on victims just before holiday weekends, hoping bank holidays will provide more time for them to move money unnoticed
"The information shared at the Industry Roundtable demonstrates that conventional wisdom is not enough to stop fraudsters," continued Austin. "Common approaches like end user education, endpoint protection, dual controls, IP and geolocation-specific rules, and advanced authentication are controls that are not enough to prevent losses. Despite seeing such a complex and variable array of attacks, our customers were able to use the behavioral analytics in FraudMAP to protect themselves and their customers from losses."
About Guardian Analytics
Headquartered in Los Altos, Calif., Guardian Analytics is focused on the prevention of online account fraud. The company's real-time risk management approach to fraud detection, forensics and risk monitoring is built on strong analytics and predictive models of individual behavior. Leading financial services institutions rely on Guardian Analytics to protect individual account assets and the integrity of their online channels. Founded in 2005, Guardian Analytics is privately held with venture funding from Foundation Capital and Sutter Hill Ventures. For more information, please visit www.guardiananalytics.com.
SOURCE Guardian Analytics