Cybercrime and malware are the top online fraud threats financial institutions face today, and they’ll continue to top the list of threats over the next two to three years, according to a new report from research firm Aite Group.
The report, “Online Fraud Mitigation: Tools of the Trade,” which is based on interviews with 32 North American financial institutions and 40 fraud mitigation vendors, examines the origins of online fraud, the online fraud mitigation strategies in use today, the vendors in use today and fraud mitigation in the mobile channel.
The majority of financial institutions interviewed, 56%, said cybercrime and malware are the most powerful instigators of online fraud.
Meanwhile, 52% of the institutions also listed cybercrime and malware as the most significant online fraud threats to emerge over the next two to three years, Aite Group said.
Mobile fraud is also a notable threat–26% of respondents listed it as the type of fraud that will cause the most pain over the next two to three years.
Aite Group Senior Analyst Julie Conroy McNelley, who authored the report, said credit unions must realize that implementing a robust fraud prevention strategy, though it may come with a steep price tag, is a critical move given today’s threats.
“The report highlights the fact that no institution is exempt from the threat landscape,” McNelley said. “It’s important, not just from a compliance standpoint but from a loss-mitigation perspective, for credit unions to have a good understanding of the threats out there.”
“The challenge for credit unions will be making the business case to deploy the technology it takes to keep pace with the bad guys. They’ll need to take the long view for the business and realize that with just one big corporate account takeover, the institution can be wiped out. So the risks are significant.”
Financial institutions are combining multiple fraud mitigation strategies, including secure browsing technology, knowledge-based authentication, out-of-band authentication, complex device printing and behavior analytics, into a layered approach to combat fraud, Aite Group said.
Respondents rated behavior analytics, in which institutions monitor user sessions or Web navigation techniques to pinpoint suspicious activities, as one of the most effective strategies.
Vendors leading the pack in behavior analytics include SilverTail Systems, which focuses on Web session activity monitoring, and ArcSight, which allows institutions to analyze behaviors tied to account breaches. NICE Actimize currently has the highest number of behavior analytics solutions installed or underway among the large institutions interviewed, the firm said.
Out-of-band authentication (known as OOBA) is an authentication strategy that involves communication through a channel outside of the one being used to access the banking application, such as a text message or phone call. It is another method rated as highly effective by financial institutions. Large financial institutions interviewed use Authentify, RSA and Entrust for their OOBA solutions, and midsize institutions listed Authentify, Access Softek and RSA.
“The good news is the technology–the robust, layered mechanisms that are out there–is successful,” McNelley said. “If you have a bigger guard dog in your yard, it’s going to be more difficult for fraudsters to get in, and they’ll instead target a place that’s less difficult.”
OOBA, however, poses challenges, such as maintaining accurate phone data and determining protocols for making outbound calls.
“In some cases, OOBA can be seen as a customer pain point, so the effectiveness needs to be balanced with the degree of intrusiveness on the customer experience–authentication that keeps the fraud out but impedes business is a failure,” McNelley said.
Mobile banking technology will pose increasing risks as financial institutions add person-to-person transaction functionality to their mobile platforms, Aite Group said.
An emerging fraud mitigation solution in the mobile space is voice biometrics, which allows institutions to identify users based on voice prints. About 37% of large financial institutions surveyed either use or plan to use voice biometrics, and 15% of mid-sized institutions have voice biometrics on their road maps. Aite Group identifies the leading voice biometrics vendors as Convergys, eLoyalty (now Mattersight), Nuance, PinDrop and Victrio.