Banking

THREE ONLINE BANKING FRAUD PREDICTIONS FOR 2021

By Mateusz Chrobok, VP of Innovation at buguroo

Every industry where business can be done online has seen the speed of digitalisation increase exponentially as Covid restrictions forced people to lead predominantly digital lives – none more so perhaps than the financial services sector. The pandemic has turned more people to online banking than ever before, and fraudsters have quickly exploited this. Indeed, just in the first half of 2020, losses from internet banking fraud were up by 32 per cent compared to the previous year. As we look at 2021, financial institutions need to draw conclusions and focus fraud prevention efforts on the three key trends that will dominate the industry this year.

Social engineering attacks to target digital novices

The closing of physical bank branches, the limited face-to-face time and the convenience of digital channels have all led to a rapid shift to online banking services. While generally seen as a positive outcome, this can cause particular security problems for customers who have never had to use their computers or smartphones before in order to manage their money. Often these people can be older or simply not technologically savvy enough to recognise social engineering patterns, which aim to persuade a person to perform an action that they otherwise wouldn’t do. Fraudsters feed on inexperience and insecurity. As the pandemic continues to necessitate the use of digital banking services, we will likely see a rise in social engineering attacks targeting these kinds of individuals.

Mateusz Chrobok

There is another reason why banks should pay attention to their digital novices in 2021. Those who are unsure about their abilities to avoid scams or use online banking tend to look for help from their friends and families often entrusting them with sensitive information such as passwords and logins. Not only does this automatically diminish the security of their bank accounts, but it can also result in them not being able to access their own account, as more and more banks are leveraging behavioural biometrics to detect fraud effectively. Since these systems are usually trained to recognise users based on their unique behaviour and flag anomalous sessions, only the legitimate user should be using the account. This means there is a continued need for banks to build trust, educate their customers about cybersecurity best practices and adapt to ever-changing types of attacks to avoid false positives.

New account fraud to increase

Another change in the financial ecosystem brought on by the pandemic is around authenticating new customers. With physical branches shut, banks have had to adapt to verifying customer identities solely online. But, as it’s much harder to accurately authenticate a customer you’ve never met, fraudsters are finding a higher rate of success in submitting fake documentation or stolen personal information.

Opening seemingly legitimate bank accounts in order to commit fraud with the help of stolen or synthetic identities is called new account fraud (NAF) – a trend we can expect to hear a lot about this year, as more and more personal data is entering digital spheres. Luckily for banks, impersonating a legitimate person through stolen personal information is becoming a losing game with the proliferation of continuous authentication technologies and behavioural biometrics. As banks can reveal and block fraud attempts automatically, fraud response is gradually moving to proactive prevention.

New tactics come to the fore to circumvent two-factor authentication

With record numbers of people shopping online, we’ve seen a development in the sophistication of fraudster techniques targeting card-not-present (CNP) e-commerce transactions. SIM swapping scams and phishing attacks are prevalent techniques that attempt to steal one-time passwords (OTP), sent to customers during two-factor authentication. For example, during SIM swapping, cybercriminals get their victim’s phone number switched onto a SIM card that they own instead, which enables them to intercept OTPs in the cardholder’s place. Modern malware such as Cerberus can also forward the OTP through SMS and obtain time-based one-time passwords (TOTP) from applications that keep them secret such as Google Authenticator.

Hijacking OTPs is dangerous, as two-factor authentication is a cornerstone of stringent regulations such as the EU’s Strong Customer Authentication rules as well as the 3D Secure payment protocol in the case of risky transactions. 3D Secure has seen growing adoption in recent times and can be a highly effective method of stopping CNP fraud. Still, as tactics aiming to bypass two-factor authentication continue to evolve and increase, card issuers will need to take extra steps to ensure the people behind the transactions are who they say they are.

As we look at the year ahead, it’s clear that the pandemic has created a plethora of new opportunities for financial fraud. Fighting these will be one of the key challenges that banks will face this year, as well as the most important. With every attack, fraudsters are not only cheating people out of their money, they are also undermining the trust in the entire system. To gain an elevated foothold against maturing fraud, banks will need to step up their authentication strategies to provide automatic fraud response – based on real-time systems – and proactively block attacks. Coupled with the ability to reveal the true identities of fraudsters and the use of relation analysis to catch them before the crime takes place, banks will avoid losses and foster customer loyalty and trust.

Banking

WHAT BANKS NEED TO KNOW ABOUT OBSERVABILITY

By Abdi Essa, Regional Vice President, UK&I, Dynatrace

More aspects of our everyday lives are taking place online – from how we work, to how we socialise and, crucially, how we bank. To keep pace, financial organisations have stepped up their digital transformation efforts, supported by a shift to dynamic multicloud environments and cloud-native architectures. However, traditional monitoring solutions and manual approaches cannot keep up with these vast, highly complex environments. As a result, many banks are turning to new, observability-based approaches to understand what is happening in their digital ecosystems. These approaches, however, bring new challenges to overcome.

Here are six things banks need to know about observability to ensure they can gain true value, combat the complexities of their modern multicloud environments, and drive digital success in 2021 and beyond.

Most banks have very limited observability

The scale, complexity, and constant change that characterises hybrid, multicloud environments presents a real challenge to banks’ IT teams. Our research found that, on average, banking digital teams have full observability into just 11 percent of their application and infrastructure environments – not nearly enough to understand what is happening, and why, across the digital ecosystem. Additionally, 87 percent said there are barriers preventing them from monitoring a greater proportion of their applications – including limited time and resources. Without improving observability across the entire cloud environment – by drawing in metrics, logs, and traces from every application – banks’ IT teams are limited in the success they can have driving initiatives to deliver the new banking products and quality user experience customers want.

You can’t bank on manual approaches

With many banks beginning to rely on more dynamic, distributed multicloud architectures to deliver new services, IT teams are stretched further than ever. More than a third of financial services organisations say their IT environment changes at least once per second, and 65 percent say it changes every minute or less. This rate of change creates a volume, velocity, and variety of data that has gone beyond banks’ IT teams’ ability to handle with traditional approaches – there’s no time to manually script, configure, and instrument observability and set up monitoring capabilities. The need for automation is therefore critical. By harnessing continuous automation assisted by AI in place of manual processes, teams can drastically improve observability to automatically discover, instrument, and baseline every component in their bank’s cloud ecosystem as it changes, in real-time.

Cloud native adoption is obfuscating observability

To remain agile and keep up with the rapid pace of digital transformation, banks are increasingly turning to cloud-native architectures. Our research found 81 percent of them are using cloud-native technologies and platforms such as Kubernetes, microservices and containers. However, the complexity of managing these ecosystems has made it even harder for banks’ IT teams to maintain observability across their environments. Nearly three-quarters of banking CIOs say the rise of Kubernetes has resulted in too many moving parts for IT to manage, and that a radically different approach to IT and cloud operations management is needed. Such an approach should be based on a solution that is purpose-built to auto-discover and scale with cloud-native architectures.

Data silos result in tunnel vision

To boost observability, many banks have simply thrown more tools at the problem. Our research found that most organisations use an average of 11 monitoring solutions across the technology stack. However, more isn’t always better, and multiple sources of monitoring data can result in fragmented insights. This fragmentation makes it harder to understand the full context of the impact that digital service performance has on user experience and unravel the nearly infinite web of interdependencies between banks’ applications, clouds, and infrastructure. Instead, financial organisations should seek a single platform with a unified data model to unlock a single source of truth. This will be integral to ensuring that all digital teams are on the same page, speaking the same language, and collaborating effectively across silos to achieve business goals.

Observability alone is not enough

Simply having observability doesn’t help banks achieve tangible benefits or reach their business goals. To get true value, the data processed must be actionable in real-time. As such, observability is most effective when paired with AI and automation. This observability enables teams to instantly eliminate false positives, prioritise problems based on the impact it will have on the wider organisation, and understand the root cause of any problems or anomalies so they can resolve them quickly. The alternative is to manually trawl through dashboards and data to find insights, which is incredibly time-consuming and makes it almost impossible to act in real-time. Our research found that 94 percent of CIOs think AI-assistance will be critical to IT’s ability to cope with increasing workloads and deliver maximum value to the organisation. AI is clearly no longer just a ‘nice to have,’ but a business imperative.

Observability isn’t just for the back end

Far from just having observability of their multicloud environments, banking IT teams also need to be able to see how the code they push into production impacts the end-user experience, and how that in turn affects outcomes for the business. This is a major goal for many CIOs, with 58 percent citing the ability to be more proactive and continuously optimise user experience as a benefit they hoped to achieve from increased use of automation in cloud and IT operations. By harnessing automatic and intelligent observability, banks’ digital teams can unlock code-level insights and precise answers to their questions about user experience and behaviour, so they can continuously optimise their banking services.

Observability is key for modern financial organisations looking to accelerate their digital transformation. By understanding these six key things about observability, IT teams will be better placed to master dynamic, multicloud ecosystems, and drive better digital banking services for the business and its customers.

Banking

NEARLY HALF OF BUSINESSES NEED MORE ASSURANCE ON DATA SECURITY TO ADOPT OPEN BANKING

Financial services businesses in the UK and Netherlands call for better education, training and increased guidance on data security issues to propel adoption
Study of 800 senior professionals from banks, lenders, personal finance management tools (PFMs) and retailers, in the UK and Netherlands

42% of financial services businesses want better support and guidance on data security in relation to open banking, according to the latest research by open banking provider YTS.

The survey of financial professionals including banks, lenders and retailers, revealed businesses want better education and training, alongside increased guidance, to help reduce fears around the security risks of open banking adoption. Respondents also stated that they wanted this support to come primarily from regulators.

This ranked higher than taking a ‘wait and see’ approach by allowing more time for open banking technology to develop (39%), which has often been cited as a way to assuage data security concerns, but as YTS’ data demonstrates, won’t solve the issues businesses are facing.

Lack of customer and business willingness to accept risks around data security were the second and third most cited factors threatening the progress of widespread open banking adoption, on 27% and 25% respectively. Over a third of respondents (35%) also believe that an ‘unfriendly’ regulatory environment is threatening the progress of widespread open banking adoption.

YTS is calling for the entire open banking and financial services industry to do more to empower businesses to adopt open banking technology, creating a more nurturing environment for the technology to thrive. This can primarily be achieved by introducing better education and accessible, transparent support for businesses looking to adopt the technology. This must be the spearhead of an industry-wide effort to banish myths and create more solid foundations for growth.

Roderick Simons, Chief Technology Officer at Yolt Technology Services comments:

“To fully maximise open banking’s potential, we must all do more to educate businesses and consumers about its security foundation . Open banking means their financial data is more protected than ever, with the individual in charge of whether their data is shared or not and secure APIs preventing risks from unwanted third-party access. We want to work with regulators, financial services institutions, and businesses themselves to lead the way in educating, training, and supporting businesses to overcome misperceptions of open banking. Doing so will unleash the power of open banking and create huge opportunities for both consumers and businesses.

“Once there is widespread adoption and trust in open banking technology, stakeholders across the open banking ecosystem can then turn their attentions to creating an open finance framework that gives consumers the ability to access their entire financial footprint in one place.”