Stealing millions of dollars in an elaborate bank heist makes for a great Hollywood movie – just throw in the hottest Hollywood stars, exotic locations, flashy cars, a computer whiz and obscure cyber jargon that’d impress any moviegoer. But in reality, bank fraud and cybercrimes are not entertaining matters, and are often poorly understood or addressed.
Fraud, outpacing the industry’s security efforts
As news of cyber attacks and large-scale fraud breaks in the media consumers can be lost in nuances of the threat/technology described, believing they would never be similarly impacted. Financial institutions, on the other hand, likely break into a cold sweat knowing they could be next. Though depth of cyber security knowledge varies everyone agrees security is important – and increasingly so. In fact, as much as 60% of survey respondents identified fraud detection as a competitive advantage for a transaction bank offering.
For years innovative banks, payment gateways and e-wallet providers have invested in solutions utilizing big data and analytics to counter cyber attacks and fraud. User information, such as mobile device ID/configuration, browser settings, location and movement across time can be leveraged to mitigate payment transaction fraud. Despite these efforts, fraud continues to be a very real and active threat. Cybercriminals constantly evolve their tactics and often spoof user data to fool security measures.
Breaking the cycle requires a re-evaluation of trust
Big data, analytics and risk profiling of transactions have clear value and will continue to expand in mainstream banking and payments. However, considering the evolution of cyber threats and the sophistication of attackers, banks and payment service providers(PSPs) must look at a multi-layered approach that gets security deeper into their ecosystem. This means deploying robust solutions residing at a deeper application, browser or API level. Making security inseparable from the software application itself, such that code or data tampering, data monitoring, and attempts to debug the code are intercepted and prevented early, in real time. This achieves a level of fraud prevention far beyond big data/trending and analytics – which may not arrive from a trusted source.
Restoring trust with cohesive security across threat boundaries
Banks and PSPs can start by integrating these security elements into their ecosystem:
- Deeper monitoring tools that can detect application/browser tampering at a very early stage
- Policies that can ensure the integrity of the user’s application and secure exchange with the back-office servers that house sensitive data
- Whitebox cryptography solutions to establish a secure, trusted connection from the browser or mobile application to digital commerce and banking
- Diversified and renewable security to greatly reduce the attack window and attackers’ business model
By deploying robust, future-proof security solutions grounded on the reality that no client can be trusted, we can begin to restore trust in the banking and payment services. This is the foundation banks and PSPs need to innovate their business models and services.