5 Ways For Financial Institutions To Stop Account Takeover Fraud
Account takeovers are a constant danger that carry serious consequences for financial institutions. As a Javelin study noted, identity fraud resulted in $112 billion in losses for consumers between 2009 and 2015.
A large volume of compromised accounts can mean substantial rewards for criminals. Consequently, fraudsters are determined and resourceful in using bots, phishing emails, malware and an array of other tactics to obtain legitimate users’ credentials.
Therefore, financial services providers must have security measures in place that are just as alert and agile to maintain the integrity of customers’ savings and private data.
Here are five steps your organization can take to secure customer accounts:
1. Unify security measures across all channels
Institutions add convenience by offering financial services through mobile and online channels, allowing customers to check their balance, transfer funds or make a deposit from anywhere – features that particularly appeal to younger account holders. A survey from the Federal Reserve found 67 percent of Americans between the ages of 18 and 29 who had both a bank account and mobile phone used mobile banking in 2015.
However, even though these popular options engage millennial consumers, they bring new risks from criminals finding ways to exploit online and mobile channels. For instance, recent months have seen a rise in SIM-swap fraud, in which someone activates a new SIM card tied to an existing mobile account in order to take control of all credentials.
It’s clear that fraudsters are willing to work across multiple channels to gather information and breach accounts, so security must cover all angles. This points to the importance of a unified solution. A siloed system simply does not provide the information-sharing and agility necessary to protect accounts in today’s ever-changing fraud landscape.
2. Build a layered security infrastructure
Financial services providers are increasingly requiring multifactor authentication for a variety of online and mobile services. One commonly used process is sending a one-time use password (OTP) via text message when a user accesses certain options or logs on from an unfamiliar device. But these multifactor authentication measures are not foolproof, as fraud tactics like SMS-jacking or social engineering can be used to get around them.
The PricewaterhouseCoopers Global Economic Crime Survey for 2016 emphasized that strengthening safeguards against criminals is all about building a layered defense. Organizations will benefit from placing varied obstacles between criminals and funds or private information, going beyond just using a single method for confirming identities.
3. Keep customers informed
Communication with account-holders is crucial to preventing or detecting fraud, starting with warning them about dangers. Fraudsters commonly use social-engineering techniques such as phishing emails to gather compromising data. Therefore, consumers must be educated and reminded about risky behaviors like sharing personal information via email and using weak passwords for multiple logins.
When current account fraud does occur, the way a financial institution communicates with customers can make a major difference in the fallout. Even customers who are satisfied with the management of an issue may choose to close their accounts. However, they are much more likely to pursue further services or recommend a provider when they approve of the fraud response.
4. Monitor events, not just transactions
Once fraudsters take control of an account, they might move quickly to make transfers and launder funds or keep their access in a ‘sleeper’ or ‘dormant’ mode for attacking at a later date. In other cases, fraudsters continue defrauding the same accounts for months or years by taking advantage of unaware account holders.
Financial services providers cannot afford to handicap their fraud response by looking backward. They need security systems in place that not only flag suspicious transactions in real time but also look at ongoing online account login activity, IP addresses used, session click streams, and more to detect anomalous activity.
5. Utilize machine learning to get leverage
With machine learning based omnichannel systems such as Feedzai, you can get massive leverage by using one system for analyzing big data from multiple channels that would not have otherwise been able to be actioned by simple rules-based measures. In addition, when architected correctly, such systems can be flexible enough to solve multiple use cases in one platform — protecting ongoing transactions as well as monitoring accounts on an ongoing basis.
At Feedzai we are constantly on the state-of-the-art of innovating new technologies for this brave new world of connected commerce. Everyday we process more than 20 million payment transactions across more than a hundred million customer accounts across the globe. Contact us to learn more about how we can help you.