How Financial Institutions Can Stop Account Takeover Attacks

Financial institutions (FIs) can detect and prevent account takeover attacks using continuous monitoring and adaptive multi-factor authentication.

Account Takeover Fraud (ATO) is one of the leading causes of fraud losses for banks and financial institutions. An account takeover occurs when a customer’s bank account is digitally “hacked” and attacked by an attacker.

The methods and techniques used by attackers to fraudulently gain access to a customer’s account credentials are constantly evolving.

These include obtaining data from data breaches, malware, phishing, and other social engineering attacks such as phone scams (learn more about common fraud techniques).

Account takeover is increasing due to lower barriers to entry and high rewards. a lower consequence risk and a rapid movement of companies to try to offer digital services in response to the pandemic.

Additionally, attackers have more tools than ever available in the underground market.

They have more data to use, due to a record 37 billion personal data files compromised in 2020 and more potential victims, businesses and users who discover digital services.

As a result, personal data is available on demand to attackers, who can use it in an account takeover.

Attacks are increasingly advanced and automated, for example a malware emulation attack that was executed in December 2020, resulting in millions of user accounts being attacked within hours, despite the fact that the bank uses one-time SMS passwords.

The attackers were able to emulate the devices perfectly, breaking security by relying on the device’s fingerprints and intercepting the OTP SMS without the victim’s knowledge.

These attacks can result in identity theft, credentials / OTP to attack a login / retrieval process, and / or personal information to increase social engineering success. We cannot ignore the threat this poses.

From the user’s point of view, these attacks can lead to fraudulent payments to new beneficiaries and hence loss of their savings, loss of account access, as the attacker changes the authentication method, such as l ” registering a new device or changing the password.

The attacker can also request a new product using the customer’s personal data.

For financial institutions (FIs), the impact of account hacking attacks can extend far beyond financial losses.

The need for the FI to act quickly to reduce the likelihood of the attack continuing / spreading and recovering from the attack itself. The attack can cause users to lose confidence in the FI and can impact consumer confidence and growth.

How Financial Institutions Can Improve Detection and Prevention of Account Hacking Attacks

The account hacking attacks cost FI billions in payments and compensations to users. To reduce these losses, FIs must find ways to detect and prevent an attacker from trying to access an account, and when an attacker attempts to perform an action or transactions fraudulently inside a user account.

Attack prevention is based on building trust with the user and determining their behavior. For example, other than having the correct credentials / OTP, this is what they typically do for them.

Trust is not static. Trust is fluid, changeable, and can rise or fall based on interactions and outcomes, so it’s crucial that trust is determined in real time.

In short, the need for FI to address the issue of trust: when can they trust a genuine user to access and use their account, how can they determine if a genuine user is socially designed to perform a transfer that they shouldn’t determine when an attack is in progress?

To solve this problem, FIs need a deeply innovative approach – one that enables the collection and analysis of large cross-channel data to detect and respond to attacks in real time.

Continuous monitoring is the real-time collection and behavioral understanding of users and devices.

Provide an understanding of ‘normal’ user behavior, such as the way they interact with the device, the way they type, swipe and drag on a page, and how they generally establish and interact with sessions, types of transfers it makes and many more.

This creates a profile of their normal behavior.

Machine learning uses thousands of features (a user’s intelligence points, their device, and their location) to contrast normal user behavior with suspicious behavior, such as bot behavior or behavior. an attacker.

When suspicious behavior is detected, FIs can react immediately, for example request additional authentication from the user, change the authentication approach if a device is compromised, and / or dispute access or ongoing transactions.

If authentication and user behavior are deemed low risk, they can continue. Otherwise, the process is stopped and the attack is prevented.

The ability to learn from all attacks, indicators of compromise (known malicious data attributes), and fraud enables machine learning models to outperform typical rule sets by optimizing costs and reducing losses.

Why financial institutions should make ATO prevention a priority

Static credentials such as usernames, email addresses, and secret responses are vulnerable to attacks due to massive data breaches and users repeat credentials across multiple websites, network profiles social and registration accounts.

Authenticating users when logging in and using only credentials is no longer an option.

Analyst firm KuppingerCole argues that requiring only a username / password to access online or mobile banking systems is largely insufficient for account security.

Financial institutions should continuously monitor user actions and behavior to detect suspicious actors and challenge configuration security when a risk is detected.

Additionally, the presence of malware on mobile devices makes users vulnerable to SMS attacks and one-time password interception (SMS OTP).

The increasing sophistication of attacks using a mix of technologies such as malware, device emulation, and session simulation increases the scale of attacks, meaning that millions of users can be affected in a day.

IFs that use static credentials and OTP SMS are vulnerable to large-scale, high-impact attacks.

How smart adaptive authentication technology can stop account takeovers

Intelligent Adaptive Authentication (IAA) provides a frictionless secure experience for users to authenticate.

Continuous monitoring with contextual understanding enables real-time decision making and provides the relevant authentication method (s) based on risk and friction.

The technology uses real-time risk analysis to determine the most appropriate authentication method (s) based on the level of risk derived from the context of what a user does and the environment in which they interact. that is, the risk associated with the device.

Tailoring the authentication flow to each unique interaction reduces friction and fraud. As contextual models and specific user circumstances evolve, the technology is smart enough to recognize these changes and adapt.

OneSpan IAA empowers financial institutions to deliver digital experiences people love.

By understanding their behavior and intentions while automating authentication decisions, resulting in a better user experience, lower operational costs and reduced fraud.

Featured Image Credits: Pixabay