Effectively combating fraud while staying user-friendly

As an industry, financial services is seeing unprecedented threats from cyber and technology risks. As institutions work tirelessly to stay ahead of criminal activities, hackers continue to up the ante and advance their techniques. In this article, we discuss the threat landscape and how it has evolved, alongside authentication methods and ways in which the …

by | October 30, 2020 | Comarch Finance

As an industry, financial services is seeing unprecedented threats from cyber and technology risks. As institutions work tirelessly to stay ahead of criminal activities, hackers continue to up the ante and advance their techniques.

In this article, we discuss the threat landscape and how it has evolved, alongside authentication methods and ways in which the industry continues to fight back.

More than ever, highly technical terms not often seen in general conversation are becoming part of day to day discussions. The general consumer population is increasingly familiar with terms such as two-factor authentication, as well as the benefits of increased security and techniques adopted by financial institutions. Less familiar is the work banks are undertaking to continue to maintain security for consumers, internally and across supply chains. Here, we review some present threats and how institutions can begin to combat them.

Threat landscape
When considering security threats, there is a lot at stake, including company reputation, company trust, data, money, access to online services, and even business. The last few years have seen a number of high-profile breaches and resulting data leakages, including that suffered by Garmin. As outlined by Comarch at CeFPro’s recent Fraud & Financial Crime event, Garmin was a victim of a ransomware virus known as Wasted Locker, which encrypted files on their corporate network. Soon after the company’s website, mobile app, and call centers were taken offline, a $10m ransomware demand was made.

The losses incurred as a result of the attack go far beyond the ransom paid – loss of data can result in unquantifiable reputational fallout and the risk of fines. Just some of the GDPR fines issued over the last two years include: British Airways, fined £183m in 2019 for ‘poor security arrangements’; Marriott International, fined £99m in 2019; and Equifax, fined £500k in 2018.

In light of these incidents, it is important to consider how you or your company would respond to such an attack. Do you have the right protocols and security in place to get ahead of the risk?

“A lot of companies, small and large, are losing data including log-ins and passwords. Anyone with a basic knowledge can download huge databases with credentials from hacked websites.”

Michal Olawski, cyber security department manager, Comarch

The current scenario regarding the global pandemic has resulted in huge sections of the workforce operating remotely, opening up a whole host of opportunities for hackers and fraudsters.

The use of passwords
Traditionally, static passwords were the most common form of security measure but increasingly, they are becoming the least effective and highest risk (excluding one-time passcodes). Passwords are so engrained into security protocols and processes with both institutions and consumers that, despite the risks, they remain popular.

However, institutions must consider additional security steps to protect themselves, their business, their reputation, and their customers’ data.

During our presentation, we displayed an eye-opening price list of hacker services available on the dark web, as well as available malware building options. With the increase in the use of mobile banking, comes an increase in malware attacks. Comarch therefore recommends integrating security to include measures such as anti-tampering mechanisms, malware detection, device reputation, second factor-based dedicated communication channels, and more.

“Today’s single-factor authentication solutions are weak and deprecated. The loss of passwords or credential leaks exposes the user to the risk of access by unauthorised sources and services.”

Pawel Bulat, cyber security department manager, Comarch

Multi-factor authentication
Modern, two-factor authentication solutions provide a far wider range of mechanisms to improve security and confidentiality of integrated solutions. The current scenario regarding the global pandemic has resulted in huge sections of the workforce operating remotely, opening up a whole host of opportunities for hackers and fraudsters. Unlike the aforementioned malware attack in which a monetary ransom was demanded, the most common threat is stolen credentials. Easily accessible online, this increases the risk of credential stuffing attacks.

The main method underpinning all of the above is two-factor authentication (2FA), which can either be used at the onset or on an adaptive basis (being required only when changes are highlighted). For example, once the above approaches identify any changes or a cause for concern, they would require re-authentication to combat a potential breach.

“A way to efficiently introduce 2FA is through tokens, but it’s very important to do it in such a way as not to compromise the user experience. This is something that Comarch is very interested in. In recent years, we have been looking at ways to enable security for the end-user without compromising their experience, seeking the perfect balance between security and usability of an IT system.”

Cybersecurity is a vital component in any institution’s security considerations, especially with the increased risks found in a pandemic work environment. Companies like Comarch continue to develop innovative solutions to help institutions across different sectors protect themselves, their staff, and their consumers. Using tokens developed by Comarch with technology to monitor user interaction, institutions are more protected against threats to internal and external systems.

For more information, visit the Comarch website here.

View the full virtual interview with Adrian Korczynski, Director, Cyber Security Business Unit, Comarch here.

Categories:

Resources

Top Strategic Technology Trends for 2021: Privacy-Enhancing Computation

White Paper | Behavior detection & predictive analytics Top Strategic Technology Trends for 2021: Privacy-Enhancing Computation

R3

Top Strategic Technology Trends for 2021: Privacy-Enhancing Computation

Gartner has identified privacy-enhancing computation as a key enterprise technology trend for 2021 and enabler for processing and analyzing highly… Continue Reading

View resource
Quartz™ Magazine - The New Age

Case Study | Consultants Quartz™ Magazine - The New Age

TCS Financial Solutions

Quartz™ Magazine - The New Age

This edition of the Quartz magazine features launch of Quartz Crypto Services, insights from our first Quartz Live event on… Continue Reading

View resource
Quartz™ Magazine - The Future will be Tokenized

White Paper | Infrastructure/architecture Quartz™ Magazine - The Future will be Tokenized

TCS Financial Solutions

Quartz™ Magazine - The Future will be Tokenized

Quartz is building ecosystems that bring together participants in industries including energy and utilities, government, financial services and real estate. Continue Reading

View resource
Euroclear Finland Modernizes with TCS BaNCS for Market Infrastructure

Case Study | Behavior detection & predictive analytics Euroclear Finland Modernizes with TCS BaNCS for Market Infrastructure

TCS Financial Solutions

Euroclear Finland Modernizes with TCS BaNCS for Market Infrastructure

Euroclear Finland in 2012, sought to align its corporate actions processing with the emerging European market harmonization efforts along with… Continue Reading

View resource