In 2017 we’ve seen fraud attacks in financial services become increasingly account-centric. Customer data is a key enabler for large-scale fraud attacks and the frequency of data breaches among other successful attack types has provided cybercriminals with valuable sources of personal information to use in account takeover or false identity attacks.
These account-centric attacks can result in many other losses, including that of further customer data and trust, so mitigation is as important as ever for businesses and financial services customers alike.
What can we expect in 2018?
2018 will be a year of innovation in financial services as the pace of change in this space continues to accelerate. As more channels and new financial service offerings emerge, threats will diversify. Financial services will need to focus on omni-channel fraud prevention to successfully identify more fraud crossing from online accounts to newer channels. Newer successful payment types will see more attack attempts as their profitability for attack increases.
- Real-time payment challenges. Increasing demand from consumers for real-time and cross-border financial transactions results in pressure to analyse risk more quickly. Consumer expectations for friction-free payments make this task even more challenging. Financial services will need to rethink and make ‘Know Your Customer’ processes more effective. Machine learning and eventually AI-based solutions will also be key in meeting the need for quicker fraud and risk detection.
- Social engineering attacks. Financial services will need to stay focused on tried and tested attack techniques. In spite of more sophisticated emergent threats, social engineering and phishing continue to be some of the simplest and most profitable attacks – exploiting the human element as the weakest link. Customer and employee education should continue to improve awareness of the latest attacks and scams.
- Mobile threats. According to the latest Kaspersky Cybersecurity Index, ever more online activity now takes place on mobile. For example, 35 per cent of people now use their smartphone for online banking and 29 per cent for online payment systems (up from 22 per cent and 19 per cent respectively in the previous year). These mobile-first consumers will increasingly be prime targets for fraud. Cybercriminals will use previously-successful and new malware families to steal user banking credentials in creative ways. In 2017 we saw the modification of malware family Svpeng. In 2018, other families of mobile malware will re-surface to target banking credentials with new features. Identification and the removal of mobile malware is essential to financial services institutions to stop these attacks early.
