The new guide, Account Takeover Fraud: How to Protect Your Customers and Business, sets out the top techniques that cybercriminals use to take control of a bank account.
Account takeover, which is an identity theft crime, can be initiated in several ways, with criminals using a variety of weapons and methods to harness personal data.
These can include data breaches, phishing, SIM swapping and malware - all of which can cause serious damage to an enterprise.
However, by employing a multi-layered security approach, account takeover fraud can be protected against and customers cared for at every stage of their digital journeys.
This, together with several best practice steps, is explained in OneSpan’s new ebook
ATO attacks can be initiated by criminals harvesting personal data, says OneSpan. Typically, this is achieved through the purchasing of personal data leaked as part of a data breach that then allows cybercriminals to prepare targeted phishing attacks.
To combat this, financial institutions should use multi-factor authentication processes, such as fingerprint technology or one-time password capability.
Typical phishing attacks include:
While all of these phishing methods can be used, according to OneSpan, the most common continues to be by email.
Phishing takes advantage of trust. Messages typically create a sense of urgency that encourages the recipient to click links or open them. These redirect them to a fake banking portal or install credential-harvesting malware.
Malicious software - or malware - is installed on a victim’s computer as a result of specific user actions. According to OneSpan, they carry out different types of attacks, including intercepting everything type by the victim and infecting web browsers through an add-on.
Mobile banking trojans have been growing in complexity, says OneSpan. The continued tendency towards mobile banking means that this trend is likely to continue.
The attacks present their own screen on top of the legitimate banking app, thus capturing a user’s log in and personal details.
Other forms of attack outlined by OneSpan include man-in-the-middle attacks, in which criminals position themselves between a user and financial institution to intercept data, and SIM swapping.
OneSpan’s guide sets out several recommendations and best practices to protect financial institutions from ATO. These are based around a multi-layered approach that covers:
OneSpan understands the complexity of ATO. The company’s guide provides an in-depth insight into the risks that company’s in the financial services sector face, as well as the steps they must take to mitigate them.
For more information on all topics for FinTech, please take a look at the latest edition of FinTech magazine.