Our 'Newsletter on Financial Fraud' is your monthly insight into the various new fraud types and methods used by fraudsters globally in the banking space.
In this issue, we bring to light the effect of banking fraud creeping in and making banks lose millions to this plaguing menace.
The value of online fraudulent transactions is expected to reach $25.6 billion globally by 2020, up from $10.7 billion last year. This means that by the end of the decade, $4 out of every online payment of $1 000 will be fraudulent.
This is according to a new study from Juniper Research titled : "Online Payment Fraud: Key Vertical Strategies & Management 2016-2020", which found e-retail tops the list of online fraud with 65% of overall incidents estimated to reach $16.6 billion by 2020. Second on the list is online banking fraud, making up 27% of cases globally which are valued at $6.9 billion.
Growth in e-commerce, increased use of mobile payments and increasing flows of money transacted via different online channels are among the significant factors driving fraud in e-commerce and online banking, says Juniper.
The report further found the implementation of CHIP and PIN services at POS (point of sale) locations in the US is likely to be a key factor driving activity in the online fraud space. It argued that the greater security afforded by CHIP and PIN persuades fraudsters to switch their attention from the in-store environment to the card not present (CNP) space.
According to mobile payments Web site, mobilepaymentstoday.com, the US's rollout of Europay, MasterCard, and Visa (EMV) technology is beginning to eliminate some fraud concerns of retailers. Experts expect to see an increase in online fraud as fraudsters turn their attention to online sales. Some reports indicate online retail fraud in the US alone is expected to rise by 106% over the next three years, says the site.
Two weeks ago the South African Bank Risk Information Centre (Sabric) warned bank customers to pay more attention to their mobile security. Sabric CEO Kalyani Pillay said while banks continuously provide cyber security messages and advice, criminals are also devising new ways to steal from customers.
"With the increase of cyber-crime worldwide, the issue of cyber security has moved from the server room to the board room in many local businesses, and the banking sector is no different," he pointed out.
Pillay noted while new technologies such as apps and Wi-Fi spots have made banking easily accessible to the public, they also carry certain risks and consumers must be aware of these risks and take steps to safeguard themselves.
Juniper also claims e-retail would be particularly susceptible to online fraud in the next few years, with the value of fraud in this sector increasing at twice that of banking. The research highlighted two key areas for fraud within e-retail namely; "buy-online, pay in-store' methods and electronic gift cards.
The report argued that the continuing migration to online and mobile shopping, of both digital and physical goods, will provide a further incentive for fraudsters to focus their attention on these channels.
Meanwhile, Juniper claims that although banks are able to counter online banking fraud by deploying new technologies such as 3D-Secure and device fingerprinting , these measures often only provide temporary respite as fraudsters quickly find new ways to defraud.
According to a report by Javelin Strategy & Research, card not present fraud, which includes online transactions, is expected to be nearly four times greater than point of sale card fraud by 2018.
The study says consumer choices can negatively impact fraud detection efforts made by banks as consumers who do not trust their financial institutions and do not take advantage of the services offered by them are setting the stage for more damage if they become fraud victims.
"These consumers are less likely to use transaction monitoring, e-mail alerts, credit freezes and black market monitoring.
"This results in their information being used for 75% longer by fraudsters and incurring a 185% greater mean consumer expense than those victims that have high trust in their financial institutions," revealed the report.
The increasing threat, of online fraud, says Juniper, has led to the emergence of a host of new tech start-ups developing innovative technology to combat the problem.
The RBI is working to put in place a regulatory framework to address customer grievance and liability issues arising out of frauds in electronic transactions, according to the government.
“The matter is being further examined by the RBI to put in place a regulatory framework for addressing customer grievance and liability issues arising out of such frauds,” Minister of State for Finance Jayant Sinha said during the Question Hour in the Rajya Sabha.
He said the Banking Codes and Standards Board of India (BCSBI) had in 2014 come out with a recommendation of limiting the customer liabilities in case of frauds taking place through electronic channels.
Replying to supplementary questions, Sinha said there was too much of cash transaction in the Indian economy. “87 percent transaction happens in India in cash, which is not the case in other countries. So much use of cash transaction is not good…this increases cost of handling besides inconvenience,” he said and underlined government’s commitment to encourage cashless financial transactions.
The RBI in its ‘Payment System Vision Document 2012-15’ for ushering in a less cash economy suggested drawing up of a policy framework establishing roles and responsibilities of banks and customers in electronic transactions to minimise frauds, fix responsibilities and zero liability protection to increase customer confidence. The document had also suggested drawing up a strategy for dis-incentivizing usage of cheques above a certain threshold limit by customers and corporate which may include prescribing a cut off limit for cheques cleared through clearing house arrangements.
Sinha further said the government had come out with a white paper on dis-incentivising paper cheques and sought public comments on it. “However, the comments were not very encouraging. The charges levied for electronic transactions operated by the bank are low and transparent,” he added.
Source: Indian Express
Banks in Singapore are increasingly being targeted by cybercriminals, experts said, given the growing sophistication of the dark web that has developed into a bustling marketplace for malware, complete with money-back guarantees.
"Tech-savvy consumers in Singapore are getting more and more reliant on mobile and online banking services but continue to be unaware of evolving cyber threats and risks," said Vincent Loy, Asia Pacific financial crime and cyber leader, PwC Singapore. "As one of the top financial centers in the world, Singapore banks will continue to face the risk of being more vulnerable, as technologies continue to evolve to keep pace with business and consumer needs."
As it is, a PwC study at the end of 2015 showed Singapore banks put tech-related crimes and risks at the top over all other concerns. When asked about the level of preparedness in dealing with risks, respondents' answers out of Singapore led to an overall score of 2.9 out of a possible 5. This is lower than the study's global average of 3.13.
Banks said then they would only refund money to customers if there was proof that customers were careful in protecting their banking credentials.
Cybercriminals infiltrate mainly using spear-phishing, that is, by sending an email that looks to be from an individual or business with which the receiver has association.
Banking customers may also be fooled into revealing their two-factor authentication code over the phone, or be hit by the smallest malware to date - known appropriately as the tiny banker, or tinba - that expands itself once downloaded onto the computer, and seizes banking information by tracking keystrokes when the victim accesses his or her account, said IBM Security's executive security adviser Diana Kelley in an interview.
Cybercriminals are attacking employees within organizations such as banks, too. They may be checking LinkedIn to get a sense of the corporate hierarchy, and crafting legitimate-looking emails in hopes that employees will introduce malware into systems, said Ms Kelley. She recounted a case experienced by a senior executive at a global financial services firm. "He said to me, 'I got an email, and it was so good, I would have clicked on it. And the only reason I didn't, is that it was supposedly coming from me'."
She noted that there is much more collaboration on the dark web today, which makes malware a lot smarter, and better, than before.
The black market for information, such as credit card details, has also evolved, he observed. Now, buyers can customize their searches for details from cards stolen in a certain country, and within a certain period.
Companies are still grappling with "conceptualizing the return of investment" on cybersecurity, said Mr Wootliff, noting that organizations need to spend to lock away critical information assets such as customer data.
"Most organizations are pretty ill-prepared. There's an awareness at the board, but they see it as a technical problem."
PwC's 2016 study on information security showed about 25 per cent of banks in Asia had an information security budget of about at least US$10 million. As a very rough benchmark, the percentage of cybersecurity spending of the total IT budget for banks averages between 4 and 10 per cent, said PwC's Mr Loy. "To minimize the impact of attacks, organizations should look at their governance, processes, people and technology in totality," he added.
Singapore banks would not comment on how much they spend on cybersecurity, but said they treat the risk seriously, highlighting that cybersecurity is the subject of board-level discussions.
For security reasons, UOB's latest mobile banking app cannot be launched on phones that are jailbroken or infected with malware, said UOB's head of group technology and operations Susan Hwee.
OCBC, like other banks, would constantly alert customers of potential cyberattacks, said Eugene Lau, head of group technology services at the bank, adding that the threat of cyberattacks is evolving rapidly.
IBM's Ms Kelley said banks should watch out for hackers doing reconnaissance - checking on account balances, and making changes to contact details. These log-ins could be at unusual times for users. Banks could also tap IBM's large IP network to limit fraud, and share anonymized cases of attacks, so more businesses learn of the latest forms of breaches.
This collaboration should extend to one between governments, in preventing a cyberattack, said former chief of MI6, John Sawers, at the Credit Suisse Asian Investment Conference.
"Every government feels much more vulnerable than they feel there's an opportunity here," he said, when asked about governments using cyberattacks as a means of security.
Singapore will soon introduce a new Cybersecurity Bill, the Ministry of Communications and Information said this month. This is meant to ensure operators of Singapore's critical information infrastructure secure such systems. It will also empower the Cybersecurity Agency to manage cyber incidents and raise standards of cybersecurity providers here.
Source: The Business Times
CustomerXPs has been showcased in NASSCOM research paper titled as 'India Fin-Tech Products - Innovating Driving Growth'. The objective of this report is to present a detailed overview of Fin-tech software products landscape in India and discuss key business technology trends, drivers and enabling ecosystem for Fin-tech and its sub segments.
Key takeaways from the report are:
1). The Indian Fin-tech software product market generated revenues of USD ~1.2 billion in 2015, and is expected to grow >2X by 2020
2). With ~400 companies, India is quickly emerging as an Fin-tech products hub out of which more than 30 per cent are mature firms with demand across regions
3). The Indian Fin-tech industry is expected to grow significantly in the future, driven by increased demand for mobility and analytics solutions
Here is an infographic summing up our references in the Nasscom’s Research Paper:
Archive Section[-]  2017