Our 'Newsletter on Financial Fraud' is your monthly insight into the various new fraud types and methods used by fraudsters globally in the banking space.
In this issue, we bring to light the effect of banking fraud creeping in and making banks lose millions to this plaguing menace.
Financial companies do not seem to believe that prevention is better than cure when it comes to cybercrime incidents. A recent survey revealed that around half of the banks and other financial institutions prefer to deal with online fraud when the deed has already been done.
The IT Security Risks Survey 2015 saw participation from more than 5,000 company representatives, including those from 131 banks and payment services, across 26 countries. It aimed to find out their attitudes towards information security, including financial companies' policies towards protection from online fraud.
Each year, cybercriminals invent more and more sophisticated methods of attack, and if the banks do not have preventive measures in place, it enables further growth in the numbers of financial cybercrime and increased losses, warned a senior official.
The survey found that 48% of financial organizations said they take measures to protect their clients from online fraud, aiming at mitigating the consequences rather than preventing incidents entirely. Moreover, 29% of companies believe it is cheaper and more effective to address cases of fraud as they occur, rather than to attempt to prevent them.
Another shocking revelation of the survey was that only 41 % of organizations take measures to prevent an incident from recurring. 36 % of companies conduct an analysis of the vulnerability exploited in the attack, and 38% compensate the losses.
The FBI, in a new alert, estimates that fraud losses linked to so-called business email compromise scams worldwide totaled more than $1.2 billion from October 2013 to August 2015. But some financial fraud experts say the losses from this largely overlooked threat could be even higher because the incidents often are not reported.
David Pollino, bank fraud prevention officer at Bank of the West, who calls these scams "masquerading" schemes, has warned of upticks in this type of wire fraud since January 2014. In May, he predicted that losses linked to masquerading, or business email compromise attacks, in 2015 alone would exceed $1 billion. "This is a global fraud trend," he said.
"Masquerading is a payments scheme in which a fraudster impersonates a company executive or outside vendor and requests a wire transfer through a phone call or email to a company controller, or someone else with authority to wire funds," Pollino writes. "The controller will usually tell the business' bank to wire the funds because the email or phone call seems legitimate."
Fraudsters' social-engineering methods include sending these bogus requests to accounting departments with a sense of urgency, Pollino notes. To speed up payments, the fraudsters often ask the bank or credit union to bypass the normal out-of-band authentication and transaction verification processes in place for wires, especially those being sent to overseas accounts, he says.
As a preventive measure, a senior official argues that the solution to the BEC problem is ensuring that businesses have stronger internal controls and targeted attack prevention on their email systems. "Banks can help their customers get educated, and can strengthen their validation processes and requirements when funds are being requested to be sent to new, untrusted accounts," he says.
Fraud expert Avivah Litan, an analyst at the consultancy Gartner, says identify-proofing technology, which requires that an online account user provide a headshot or picture of a driver's license captured with a mobile phone, could make a difference.
More banking institutions are exploring identity-proofing to authenticate new-account customers, Litan says, by employing the same technology they use for the remote-deposit capture of check images from smart phones and PC scanners.
Source: Bank Info Security
Crafty hackers are gaining access to bank accounts and draining them in a tweaked version of the well-known Microsoft scam, security experts have warned. The fraudsters use clever tactics to coax their unsuspecting victims into giving them remote access to their computers in a fine-tuned version of the scam dubbed the “cold-calling technical support scam” which has been perpetrated around the world.
The South African Banking Risk Information Centre (Sabric) has alerted SA banks that these scamsters are now targeting South Africans. These criminals create an environment that allows them carte blanche to drain victims’ bank accounts in seconds, and glean information which may be sold to other fraudsters.
Sabric’s chief executive warned people to keep their software up to date and not to give anyone remote access to their computers. She explained how the scam works: “You receive a call from a number you don’t recognize and the caller claims to be from a reputable computer or software company. Through skillful manipulation, the caller manages to persuade you that it is absolutely crucial that you take the trouble to sort out a problem with your computer and offers to guide you through the process.”
Since it is purely an IT issue and no mention of banking is made, victims often cast aside their reservations. Because most victims were not tech savvy and the claim that there was a dire problem that needed sorting out seems completely plausible. But then it becomes tricky. With the old Microsoft scam, fraudsters would persuade their targets to download malware (software that can damage a computer system), but the new scam involves getting remote access to victims’ computers to fix the purported “problem”. Once “fixed”, the callers ask for a small fee to be paid, but to ensure the victims are not put off they ask that it be done via EFT or by credit card. Since victims know never to supply credit card details to strangers, they opt for an EFT payment and the caller provides details, telling the victim to add them as a beneficiary.
The scamsters take advantage of the remote access they have been given, which enables them to load malware onto their victims’ computer and which allows them to harvest the victim’s banking details. During the conversation, the scamsters get people to volunteer information, without them realizing that they are being scammed.
Source: iOL News
The barbs of banking fraud have drained the blood and soul of banks, disrupting the business process for a long time. Banking fraud has been a menace that has evolved continuously from the inception of the concept of banks. UK is the leader of e-commerce in Europe. UK banks and merchants know how important the improvised fraud prevention strategy, and rules addressed to online and mobile fraud is as they have been handling this menace for decades. The losses due to fraud in UK cards has reached to GBP 450.4 million in 2013, a rise of 16% to what it was in 2012 but still 26% less as fraud was at its peak in 2008. Losses are currently 7.4p for every GBP 100 spent. Card not present(CNP) based fraud in UK has topped at GBP 326.4 million in 2008, 22% fraud increase was seen in 2013, with fraudulent purchases made online reached GBP 301.1 million. This fraud in accounts rose to 67% of total banking fraud from 54% in 2008. The UK market has the highest online spenders in Europe (2466 per capita in 2012). This value is growing and the banks have been able to payback a full refund to 97% of the customers facing fraud. However, the responses by the merchants and banks have encouraged the customers to spend more but the losses are bleeding banks dry in terms of fraud compensation.
The USA is the largest economy in the world, it’s not an unknown fact that the US has fallen victim to 51% of global card fraud. The USA has lost more than 7.1 billion dollars in 2013, not only to card based fraud but also to major breaches, e.g. Target breach (retailers- online, brick mortar) has lifted the total fraud by 500 million dollars. These events will continue to have an impact on USA economy for years to come. Effective online enterprise level security measures will be required to avoid a repeat of the experience of European markets in this respect. It is evident from the merchants and banks that they are rooting for robust, real-time fraud prevention solutions to prevent cross channel fraud. As close as 60% of US consumers surveyed say that a security breach involving their personal or credit card data would make them less likely to do business at a bank or store that they commonly use(Unisys). According to the forecasts 50% of the users of mobile will be conducting financial transactions over the mobiles by 2015. In such a big market for mobile commerce that is facing overwhelming rates of fraud, application of enterprise wide fraud prevention tools is gaining a lot of attention lately. The application of such technology will require a very careful approach that has to be tailored to the channel and its problems.
The fraud has left not only USA, UK but also the MIDDLE EAST scarred. UAE has evolved as the new fraud capital in Middle East. In June 2014, the UAE led the list of the countries with the credit card frauds with 44% up from 36% in 2012. The UAE leads the Middle East nations in online payments. According to Frost and Sullivan in 2014, 83% of UAE residents made purchases online. This level of increase is contributed by increased internet penetration, a rapid increase in mobile penetration and ‘government initiatives encouraging a digital lifestyle’. Continued profitable growth of ecommerce will require consumers to be educated in fraud prevention techniques, and that merchants and banks respond quickly and effectively to secure transactions, prevent fraud and protect the customer experience.
Archive Section[-]  2017