Financial Crime World

Banks’ Mobile Banking Apps Need Advanced Security Measures to Combat Sophisticated Fraudsters

Recent Mobile Banking Fraud Highlights the Need for Robust Security Measures

A recent mobile banking fraud incident has underscored the importance of implementing robust security measures to prevent attacks from sophisticated fraudsters. The incident, which involved an emulator being used to simulate a legitimate user’s device, highlights the need for additional layers of defense to protect against emerging threats.

Advanced Anti-Tampering Technology: A Key Component

The use of advanced anti-tampering technology, such as mobile app shielding with runtime protection, can significantly reduce the risk of adversaries tampering with or reverse-engineering the device-binding process. This technology can detect and block various tools used by attackers to analyze and understand how an app operates, making it more difficult for them to carry out a cyberattack.

Gartner’s Five-Layer Online Fraud Detection Framework

Gartner recommends a five-layer online fraud detection framework, which includes:

  • Endpoint-centric
  • Navigation-and-network-centric
  • User- and-entity-centric
  • Cross-channel user- and-entity-centric
  • Big data user- and-entity analytics

However, the recent incident demonstrates that even with these layers in place, additional measures are necessary to prevent attacks.

Additional Measures: Biometric Authentication and Continuous Session Monitoring

One such measure is the use of biometric authentication along with confirmation of a push notification to provide an additional layer of defense against attackers. This approach can make it more difficult for fraudsters to mimic human-like interaction behavior and overcome subsequent prevention layers.

Continuous session monitoring is also crucial in identifying new devices, beneficiaries, or transactions that may be indicative of a scaled attack. By leveraging machine learning models, financial institutions can analyze typical activity patterns and identify anomalies in real-time, enabling swift action to prevent attacks from propagating.

Detecting Automated, Non-Human Interaction Behavior

The recent incident also underscores the importance of detecting automated, non-human interaction behavior. By analyzing session analytics along with endpoint behavior and location correlations, banks can identify emulated devices and take appropriate action.

Conclusion: A Layered Approach to Online Banking Fraud Prevention

In conclusion, financial institutions must adopt a layered approach to online banking fraud prevention that includes:

  • Strong customer authentication
  • Server-side risk analytics
  • Advanced mobile app security measures such as mobile app shielding with runtime protection

This will enable them to effectively combat sophisticated fraudsters and protect their customers’ sensitive information.