The battle for our bank accounts – How machine learning and continuous monitoring can prevent fraud attacks

The ultimate prize for cybercriminals is to obtain access to other people’s money – so it’s no wonder that account takeover attacks are on the rise. In this article, originally published by Fraud Intelligence, Greg Hancell, Manager of Global Fraud Consulting at OneSpan, explains how banks can apply continuous monitoring and machine learning to defend against account takeover attacks.  

The battle for our bank accounts – continuous monitoring

Account takeover fraud (ATO) is one of the top threats to financial institutions and their customers. In an industry survey by the Aite Group, 89 per cent of financial institution executives pointed to account takeover fraud as the most common cause of losses in the digital channel. Today, cybercriminals remain focused on ATO, new account fraud, and card-not-present fraud. The 2020 Identity Fraud report by Javelin Strategy & Research found account takeovers trending at the highest loss rate to date, up a staggering 72 per cent on 2019 [1], to $5.1 billion, and a 120 per cent increase on 2016. [2] As fraudsters get more aggressive, they continue to leverage phishing, spear phishing and identity theft to perpetrate further new account fraud. In fact, 1.5 million victims of existing account fraud had an intermediary account opened in their name – a 200 per cent increase on the previous year.

Our digital identities are no longer private. In 2018, roughly 3.2 billion personal data records were compromised; that’s nearly half of the world’s population. Today’s data breaches are being published online in dark web marketplaces, where there’s a lot of profit being made.

Like street crime, which historically grew in relation to population growth, we are witnessing a similar evolution of cybercrime with account takeover. In the past, for criminals to steal money they would need to observe a person’s behaviour or daily habits, take someone’s wallet, shoulder surf (ie, spy on a user to obtain a PIN or password), or perhaps apply a card-skimming tactic (where a fraudulent device is applied to a card reader in order to extract the payer’s details). Now, cybercriminals are more advanced and sophisticated. For example, an attacker can go online and get instant access to thousands or millions of account details -user names, credentials, email addresses and telephone numbers. Additionally, an attacker might conduct a phishing campaign sending out thousands of emails that purport to come from a financial institution. The email will either contain malware or a link to a phishing webpage designed to impersonate a bank’s website in order to capture the user’s access details.

Unfortunately, many of these elements are static and once compromised can result in an account takeover. In addition, there are more advanced tools available to attackers, such as Muraena and NecroBrowser, which are designed to bypass second factor authentication by performing a session hijack. The ease of availability of such tools and the lower barrier of entry means fraudsters have a variety of weapons and methods of harvesting personal data to cause serious damage – making effective protection a challenge.

The full article here