Fraud trends to be prepared for in 2020
Enterprise Security Magazine
Fraudsters are keen on committing more frequent, more tech-savvy financial fraud; they can teach many people how to be fully dedicated to your work. The fraud scenarios that have increased include identity thefts, account takeover (ATO), card not present, and authorized push payments scams. With more fraudsters gaining ground every year by leveraging the same cutting edge technology, the payments industry uses to tackle fraud. The main question here is that in this one-step forward, on-step-back scenario, how can banks and payment processors thwart bad actors and lessen their continuous attacks.
Here are the three fraud trends to be prepared for in 2020.
SMS spoofing is a tactic used to commit APP fraud. SMS spoofing utilizes technology to impersonate a trusted party like a PSP as the sender of an SMS message. The victims receive messages that appear to be from their banks but, in reality, are from fraudsters and act out instructions believing to be from their PSP.
Social and voice banking — Banking channels, like social and voice banking, develop new avenues for automated payments. Although these new channels’ convenience is visible, the registration processes for these services are still relatively weak with known loopholes. Financial criminals can be the unintentional winners in the race to create exceptional customer experiences.
Deepfakes and voice biometrics — The use of facial recognition to unlock cell phones and using voice biometrics to command smart home devices generate Jetson-era excitement until criminals get their hands on them. Here enter deepfakes, which are AI-created fake images, videos, or audio manipulations. Expect criminals utilize deepfakes to target the C-Suite and PSP’s authentication procedures to commit financial fraud.
Institutional disruption — Fraudsters’ main aim is to create massive-scale campaigns that cause disruption. They can use events like bank mergers or Brexit as reasons to ask the customer to revalidate credentials or update settings. This angle applies both to social engineering and collecting customer data for ATO attacks. As we see more mergers and government changes, expect a rise in linked fraud attacks as well.
Securing cyber assets has become a priority to-do job in all business models with the IT department making strides in the same directions. But observations project that most of the efforts are restricted to safeguarding assets from external attacks, whereas, internal attacks make assets equally vulnerable. Most domestic attacks are carried out by employees within the organizations unknowingly. Employees’ being a part of the security system gives hackers an easy gateway to breach central data repository to carry out malicious activities. Businesses opting cloud platforms is one major reason behind the same as employees are veering towards remote operation making them move out of organizations IT security system.
• Lack of Awareness: Usually non-technical employees are not aware of burgeoning threats and methods to combat them. They have no details on cybersecurity measures and factors affecting it. Practices applied by such employees to utilize organization resources, increase the threat attacks.
• Phishing Mails: Old yet effective method of hackers to breach in. Employees with low technical knowledge are the main cohort that gets trapped in the phishing scam. Phishing mails are emails demanding sensitive information and appear to be sent by a legitimate company. Else, they might contain links to a malicious fake website of notable ones and seems very believable one. Signs of phishing mail are not addressing receiver by name, sender’s address is doubtful, typing errors, and persuading one to open provided links. It is advisory to contact IT cell in case of doubts.
• Accessing Unsecured Networks: Public Wi-Fi is the biggest lure for employees, hackers utilize them as bait to trap. Usually, employees operating outside the premise connect mobile devices with public Wi-Fi to carry on with the work giving malware an invite invade organization’s database. Instead, companies must provide them with personal mobile Wi-Fi routers or get paid VPN service activated on the company’s devices to act as an extra layer of security.
• Installing Illegitimate Applications: A common habit where employees install illegitimate software on the company’s device either for organizational use or personal use. Such applications have high chances of being infected with malware. It advisory to cross-check the legitimacy of applications before installing them and only download them from official app stores.
