Banks must learn more about customers than cyber-crims can: ThreatMetrix

Financial institutions must get more proactive about collecting data on customers' digital behaviour to fight financial losses through criminals' growing use of cross-channel fraud, ThreatMetrix has warned.

Citing the increasing use of man-in-the-middle, Web-injection attacks like Ramnit to inject fraudulent messages and fields into online Web forms, ThreatMetrix warned that such compromises were facilitating the theft of funds from online banking accounts using a range of cross-channel compromises.

Cross-channel attacks are continuing to be effective because many banks are offering a broader range of customer self-service capabilities but have still failed to integrate the different systems supporting the various customer contact channels they offer – meaning that there is no way to detect and correlate suspicious behaviour across these channels.

“In an effort to accommodate customer demands for speed and convenience, banks rely heavily on information technology capabilities where automated processes use rules to validate a person's identity and approve a transaction,” the company warns in research highlighting the company's analysis of customers' transactional information.

ThreatMetrix outlines a scenario in which a cyber-criminal plants a Trojan using a targeted spearphishing attack, planting malware that steals the user's email ID and password. This information is then used to log in and check on the user's activity, with social-media research used to collect personal information about the victim.

Phone calls to the bank allow the perpetrator to offer correct responses to the bank's challenge/response questions – paving the way for full online access to be granted, a new account to be created online, and money transferred from the victim's account into the new account.

Because many of these steps have been automated in the name of efficiency, gaps in the bank's security profile leave many institutions exposed to cross-channel attacks.

“If a security breach occurs, forensic research focuses only on the point of failure, not the interactions leading up to it,” the report warns. “If a cybercriminal successfully penetrates one channel, the smart thief can then navigate through other channels without setting off any security alarms.”

Such risks, ThreatMetrix warns, highlight the importance of developing security analytics capabilities that span all customer-facing channels rather than treating Web, mobile, contact centre and branch processes as completely separate entities.

The key to preventing this, the report advises, is for banks to leverage analytics capabilities to “One key way to stop cross-channel fraud is for a bank to have a more complete profile of their customer than a cybercrook could possibly obtain,” it continues.

This involves the use of analytics to understand each customer's online behaviour over time, where they are likely to be located, what devices they use, and what activities they normally execute.

“As fraud patterns get more sophisticated and cross more organisational silos,” says CTO Andreas Baumhof, “banks need to invest in integrated analytics as well as traditional channel security.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.