Today, financial institutions (FIs) offering Internet-based and mobile-banking services face increasing pressure to provide enhanced consumer protection against phishing, sophisticated malware and fraudulent activities.
Malware, phishing and fraud attacks are increasing. According to
In fact, this was the most significant statistical category in both quantity and complexity in the report, indicating that not only are cybercriminals developing more malware targeting mobile platforms, they're also advancing their capabilities and behaviours.
How can FIs protect themselves against online attacks? Our advice is to invest in long-term solutions that enable FIs to adjust their security controls to keep pace with ever-changing and evolving threats.
Here are Entrust's five best-practice recommendations to protect against identity-based online attacks:
1. Drive better risk assessment
Assess online transactions and the level of risk these present by type of transaction or user group in order to develop risk mitigation strategies. Be sure to assess specific attributes such as customer type; volume and capability of your transaction methods; information sensitivity and existing security; ease of use and the customer experience; and how mobile devices are interacting with your environment.
Consider not only financial loss, but also liability, corporate risk and reputational damage. And don't just do this once; review and refresh this assessment at least every 12 months. The risk assessment will help you to map out potential impacts and the security service levels required.
2. Adopt strong authentication standards
Today's threats require stronger methods of authentication than simple usernames and passwords, particularly for high-risk financial transactions such as wire transfers.
Traditional two-factor authentication solutions such as one-time password tokens are no longer effective against, for example, sophisticated man-in-the-browser attacks if used on their own. There are a number of newer techniques that provide the level of protection required either through the use of a separate communication channel with the user or by relying on advanced behaviour-based fraud detection engines that can automatically detect transaction or website navigation anomalies in real-time.
3. Take a layered approach
It is worth noting that no single authentication or traditional fraud-detection solution can stop advanced malware on banks and other FIs. It is the layering of different complimentary security technologies such as strong authentication; behavioural fraud detection; out-of-band transaction verification; mobile authentication; and extended validation SSL digital certificates that provide the best method of protecting customer identities and transactions in a banking environment.
4. Explore advanced authentication techniques
The good news is that today, there are a wide range of strong advanced authentication techniques available. As online fraud attacks increase in sophistication, so does the innovation in authentication technology required to stop these attacks in the consumer space.
FIs should explore these advanced techniques like mobile-based transaction verification and dynamic device authentication, including one-time session cookies and digital fingerprints, rather than broadly using static-device cookie-based approaches.
Remember however, threats are ever-changing and growing. This means FIs must have an ongoing programme of investment to evolve their technology, people and processes. Security in this area should not be a one-time exercise.
5. Enhance customer awareness and education
Finally, we also advise that FIs involve the customer as much as possible to help fight fraud. Ongoing education and training programmes should be in place to ensure that everyone does their best to help protect and mitigate today's threats. For example, some progressive banks are deploying security measures that notify customers when suspicious transactions are in progress and ask the customer to confirm that a given transaction is valid.
It is vital that consumer confidence is maintained. No bank or FI can afford the reputational damage that an online attack can cause. Continuous investment in security systems, processes and people is a must rather than a nice-to have, otherwise banks risk leaving customer data vulnerable to attack.
If you are interested in finding out more, you can download Entrust's latest whitepaper.
Most Popular Stories
- Dmytro Firtash, Ukrainian Billionaire, Arrested in Vienna
- Obama, Ukraine Discuss Russian Incursion in Crimea
- Navarro Celebrates 2 Years of Vida Mia
- Herbalife Puts Off Meeting for Icahn Talks
- Federal Gov't Deficit Continues to Decline
- Venezuela Death Toll Reaches 28
- Calumet Photo Files for Bankruptcy
- Russia Holds Large Military Drills in South
- Ukraine Moves Closer to Joining E.U.
- Ukraine Loan Delayed While Congress Goes on Vacation