Using Account Holder Behavior to Prevent Banking Fraud
Guardian Analytics is focused solely on preventing banking fraud. Their patented Dynamic Account Modeling® features behavior-based anomaly detection that automatically monitors every account holder’s behavior looking for unexpected or unusual activity that could be indicative of fraud. Their fraud intelligence efforts uncover emerging threats and trends that they use to continually improve their solutions and educate customers on the threats that they face. Their current FraudMAP® solutions include purpose-built anomaly detection products for preventing fraud in the online, ACH, wire, and mobile banking channels. Guardian Analytics' 250 customers are conforming to the FFIEC Guidance while improving customer trust.
Rake Narang: What are the common threats to online banking? How has access and authentication evolved over the years?
Terry Austin: The challenge here is that there is no one scheme that poses the greatest threat to financial institutions. Cyber criminals are using multiple schemes and technologies that force bankers and account holders to defend against a broad spectrum of constantly changing attacks.
For example, some attacks use malware while others use social engineering; some are initiated and launched through online banking while others gather personal information and set up the attack online but then carry out the scheme through the call center, branch, or email; some are completely manual while others are totally automated.
The most significant change we’ve seen over the past few years is fraudsters’ demonstrated ability to defeat all forms of authentication. Indeed, this is what led the FFIEC to release the guidance supplement in June 2011. Using stolen credentials, breached email systems, malware, social engineering, phishing, vishing and smishing, criminals gain access to accounts, correctly answer challenge questions, and defeat out-of-band authentication and tokens, leaving financial institutions and accounts exposed to fraudulent transfers that total billions of dollars.
About Terry Austin
Terry Austin is the CEO of Guardian Analytics, a provider of real-time fraud prevention solutions for financial institutions. Terry is a regular speaker and contributor at security, payments and financial industry events, sharing best practices for protecting Internet banking from current and emerging cyber threats. Prior to joining Guardian Analytics, Terry held CEO and executive leadership roles at companies such as MarketLive, Good Technology, Manugistics and Accenture.
Rake Narang: How is behavior-based fraud detection different from other solutions?
Terry Austin: The reason why behavior-based anomaly detection is so effective against current and emerging attacks is that it does not require any prior knowledge of the malware, virus, or fraud scheme that’s in play, and there are no rules to maintain or algorithms to train.
Behavioral analytics is a proven anomaly detection methodology based on the fact that every individual behaves uniquely. Rather than look for specific malware or fraud indicators, which are too numerous and changing too rapidly for institutions to keep up, behavioral analytics monitors individual banking sessions and compares activity with known legitimate account holder behavior to determine if this behavior during this session is legitimate behavior or suspicious. During an online fraud attack a criminal will do something unexpected or unusual, something that makes it clear that this is not the legitimate account holder.
By monitoring all activity, from login to logout, financial institutions can detect the early stages of fraud, before a transaction has been initiated, when it is easier to intervene. Fraud attacks typically take some time to unfold while the fraudster compromises the account, does some reconnaissance (e.g. watching to see when the account balance is highest), and sets up the attack (e.g. adding a new user or modifying a wire submission form).
Behavior-based anomaly detection will alert on these activities even though there was no transaction, and increasingly we’re seeing that the fraudulent transaction can take place elsewhere such as through customer service or in the branch.
Rake Narang: Tell us more about the "chat scheme" Guardian analytics recently discovered and how can consumers remain safe?
Terry Austin: This is an excellent example of the benefits of monitoring all online banking activity.
In this scheme, fraudsters successfully logged into compromised accounts using stolen credentials and then used the financial institution’s available online Live Chat feature. They chatted to the customer service agent that they were having trouble sending a wire transfer and asked for help. Having already logged into the account, the agent believed it was the legitimate account holder and was very happy to place the wire request on behalf of the fraudster.
Anomaly detection would have detected unexpected activity such as logging in from a different computer, using a different ISP, maybe a different location, and the fact that this was the first time the client ever used the online chat feature, all of which are unusual therefore suspicious.
What behavior-based anomaly detection solutions also may have noticed are the activities that the victim typically does during each session that were not part of this session. Perhaps the victim always checks account balances, or reviews recent transactions at the beginning of each session. The fact that these activities were skipped is a clue that something odd is happening and could be cause for closer monitoring of the account or escalated approval for transactions.
Rake Narang: Meanwhile what online safety tips would you give to consumers who are relying more on online banking using their tablets and smartphone apps?
Terry Austin: We are strong proponents of the use of layered security. An important first line of defense is the account holder’s device. We encourage online banking users to have security software in place that will decrease the risk of their device being compromised, and be sure to keep the software up to date.
Having said that, fraudsters have demonstrated their ability to breach this initial line of defense, and financial institutions must design their security strategy with the assumption that the device has been compromised.
Fraudsters are continually developing new malware and viruses that anti-malware and anti-virus solutions don’t recognize and therefore can’t block. A recent New York Times article reported that antivirus solutions detect only 5 percent of viruses.
In addition, Guardian Analytics research found that account holders primarily look to their financial institution to be primarily responsible for ensuring the security of their accounts. Pushing the responsibility for preventing fraud onto account holders not only won’t be effective, it will result in broken trust and tarnished brand image for the financial institution.
Bottom line for account holders is to do what you can to protect your device, absolutely, but also ask your bank or credit union what additional layers of security they have in place. For attacks that start with a compromised device, despite the user’s best efforts, financial institutions that are using behavior-based anomaly detection solutions such as FraudMAP stand a far better chance of detecting the attack and intervening well before the money is gone.
Founded in: 2005 CEO: Terry Austin Public or Private: Private Head Office in Country: United States Products: FraudMAP Online for Retail Banking
FraudMAP Online for Business Banking
FraudDESK Managed Service Company's Goals: The company's goal is to protect the integrity of our customers' brands and individual account assets, recognizing the importance of a safe banking environment to build and maintain confidence with their account holders and gain competitive advantage.
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN