Financial institutions need to provide a top-tier level of security to earn and keep the trust of their clients. When it comes to personal data, after all, few types are as privileged as financial records. This fact, unsurprisingly, makes them a prime target for criminals.
"Fraudulent activity is a huge problem for the financial sector - but there's a solution."
The nature of financial fraud has evolved over the decades. It used to be that financial institution fraud mainly centered around criminal acts like check and wire fraud. But with the growth of the cybersphere and the accompanying expansion of the cybercriminal realm, financial fraud has taken on more virtualized forms. As banks leverage technologies like online banking and mobile payments, hackers seek to exploit these methods. For the FBI's Financial Institution Fraud division, this has led the bureau to monitor illicit tech-based financial threats more carefully.
A growing concern that demands action
But even with the FBI on the case, the proliferation of cybercrimes targeting financial organizations shows no sign of slowing down. As Insurance Business America pointed out, in this "new era" of cybercrime, financial institutions are particularly vulnerable to intrusion. These days, hackers can leverage phishing and social engineering attack methods to breach their way into ATMs, as cyber broker Christian Davies told IBA. With the clear potential for significant monetary rewards that accompany a fraud-based financial attack, hackers are increasingly looking for ways to mount sophisticated intrusions. Many have been successful.
Here are just a few of the recent tech-based financial fraud incidents that illustrate what a significant threat such episodes are to the banking sector:
- The Heartland Breach(es): Back in 2009, Heartland Payment Systems - a credit and debit processing provider - earned the undesirable distinction of having suffered what was then the biggest breach ever. At the time, Heartland's president and CEO, Robert H.B. Baldwin Jr., said that the systems impacted by the breach were ones in which 100 million transactions a month took place. In the years since that massive attack, Heartland has worked to mount stronger fraud defenses - but unfortunately its efforts weren't enough. This past June, as American Banker reported, the company suffered yet another malicious intrusion - though this one was caused by a burglary of its payroll office.
- The Carbanak incident: In February 2015, Kaspersky Labs released a report detailing a $1 billion banking scheme carried out by a cybercriminal group known as The Carbanak. According to Kaspersky researchers, the Carbanak's malicious effort began in 2013, when the criminals involved started launching attacks on various banking institutions and e-payment systems. The years-long scheme was determined to have stolen a collective $1 billion from around 100 institutions across the globe. Yet despite the enormous monetary gains netted by the criminals, their method was fairly simple. As Kaspersky Labs uncovered, the criminals would commence their attacks through a spear phishing intrusion aimed at a single employee within a targeted institution."They were then able to jump into the internal network and track down administrators' computers for video surveillance," Kaspersky reported. "This allowed them to see and record everything that happened on the screens of staff who serviced the cash transfer systems."
- A massive credit card scheme: In the realm of cyber financial attacks, "sniffers" are installations which are "designed to comb through and steal data from computer networks of financial companies," according to Reuters. Back in 2003, Dmitriy Smilianets and Vladimir Drinkman worked alongside three other individuals to install these sniffers at various banks and other organizations. The men were able to sell the data they stole, and over the years their criminal effort evolved into a scheme that infiltrated 16 business networks and reportedly compromised more than 160 million credit cards. Smilianets and Drinkman were both caught in June, and both have since pleaded guilty. Their co-conspirators, however, haven't been brought to justice yet.
3 ways financial institutions can improve
With schemes like the ones described above becoming increasingly common, the responsibility is falling on financial organizations to up the ante in terms of fraud prevention. In order to do that, it's important for companies to keep these three key steps in mind:
- Detect: If financial organizations aren't able to detect suspicious activity as it's happening, they'll likely be unable to prevent fraud before it materializes into a real threat. When it comes to keeping fraud at bay, therefore, robust detection is one of the first things financial organizations need to make sure they're on top of. The ability to detect fraud depends on having a detection solution in place - one that's built to comprehensively monitor transactions and other activities in real time, so that no questionable activity slips through the cracks.
- Defend: While threat detection is vital, it's equally important for financial organizations to have tools in place that provide defense against such attacks. These defensive methods should be built around securing all facets of a financial business, but particularly those that are most susceptible to intrusion. Employee accounts, for instance, represent a prime means of hacker entry, as evidenced by the Carbanak's 10-year scheme. Protecting against this kind of attack calls for better identity assurance, which can come in the form of authentication tools like digital certificates, mobile device certificates and, increasingly, biometrics data. All of these methods provide a significantly higher degree of security than the traditional (and outmoded) password.
- Evolve: The threat atmosphere facing financial businesses is growing all the time. For companies, the threats they're facing today aren't the ones they faced 10 - or even five - years ago. Financial organizations can expect this malicious evolution to continue moving forward. Therefore, a robust fraud prevention strategy will be inherently future-focused, and will be designed to adapt to the evolving threat realm.
Deploying Entrust TransactionGuard for optimal fraud detection
As an integrated framework for fraud prevention, Entrust TransactionGuard is built to hit all three elements that will ensure optimal fraud oversight. From detection to defense to evolution, Entrust TransactionGuard offers an industry-leading approach to fraud prevention that's built upon ease of deployment and use for the end user. Here are some of the elements of Entrust TransactionGuard that set it apart:
- Top-of-the-line authentication: Entrust is a leader in authentication solutions, and TransAction Guard users benefit from this expertise. Entrust TransactionGuard is designed to function seamlessly with Entrust IdentityGuard, which provides a layered security approach that's vital today, particularly with the rise in stolen credentials-based intrusions.
- Broad detection: There are other fraud detection tools out there on the market, but they're often limited to transaction-based detection. Entrust TransactionGuard, on the other hand, was designed to evaluate every point of user interaction. For financial organizations, this comprehensive assessment capacity allows them to glean a much fuller picture of user activity, which can prove vital in identifying suspicious activity before it becomes a major issue.
- Adaptability: Here at Entrust, we know that the threat atmosphere can change overnight. Simply put, yesterday's biggest threat may be no match for what comes out tomorrow. The always-evolving nature of the malicious sector calls for defensive tools that are equally adaptable, and that's exactly what Entrust TransactionGuard provides. If there's a new threat that looms over financial institutions, Entrust TransactionGuard is built with the agility to register that threat and help you deploy strategies to counter it.
In an evolving threat atmosphere, financial organizations need to detect and defend against fraudulent activity, as well as be prepared to handle the threats of the future. By deploying a tool like Entrust TransactionGuard, such businesses can put themselves in a much better position to reduce the threat of fraud - which in turn will drive up customer trust and satisfaction.