Technology
The human cost: why the financial sector is still rife with social engineering fraud
Home > Technology > The human cost: why the financial sector is still rife with social engineering fraud
Global Banking & Finance Review®
Company
By Iain Swaine,Head of Cyber Strategy EMEA, BioCatch
Every year, there is a greater likelihood of becoming a victim of cybercrime. In the first half of 2021 in the UK, criminals stole a total of £753.9 million through fraud, an increase of over a quarter (30 per cent) compared to the first half 2020. Criminals are increasingly focusing on banks and other financial organisations with social engineering fraud.
Cybercriminals continue to take advantage of the weakest link in the security chain – people. People are error prone and make the same mistake multiple times. The inability of financial institutions from preventing us from making mistakes, makes us the weakest link in the chain. While social engineering fraud has been implemented for years, mostly in the form of phishing and vishing (voice phishing), it is growing continually.
To combat this, behavioural biometrics-based technology can be used to confirm a person’s identity during a banking transaction without the need for additional security layers in order to detect this type of fraud.
What is real-time fraud detection?
Real-time fraud, also known as authorised push payment (APP) fraud, is a form of social engineering that can cause considerable financial harm. To establish the necessary authenticity, cybercriminals utilise their victims’ personal data obtained through data breaches on the dark web or captured from social media profiles. The more information available to the perpetrators, the more authentic they can appear. In doing so, they contact their victims via telephone and pretend to be a representative of a government agency, an employee of the bank or another official organisation. In this way, they can persuade the person called to transfer a certain amount of money to another account. The banks’ security processes can be bypassed because a real account holder triggers the transfer. Multi-factor authentication (MFA) thus offers no protection either.
It is challenging to identify the fraud because it involves a real person who logs in from an authorised place and completes the authentication process using their own end device. This is because the usual checks – for example, identifying the location, the end device, or the IP – are no longer sufficient. Even out-of-band methods such as authentication with a one-time password (OTP) via SMS can be circumvented. Cybercriminals who carry out such attacks also usually have a sophisticated script and are familiar with a bank’s security practices and procedures. To make matters worse, cyber criminals use social engineering methods to elicit emotional response from their victim. Criminals will try to extract feelings of sympathy, guilt, or companionship from their victims. They will use a sense of urgency, flattery, an aura of authority or trusting dispositions. These popular methods elicit feelings such as fear, anxiety, or ease, causing victims to behave hastily or without judgement, resulting in the attacker’s desired outcome.
How can you use Behavioural Biometrics to detect Authorized Push Payment (APP) Fraud?
In the UK, APP fraud is on the rise, with victims losing a combined £479 million, or more than £7,000 per person. However, technologies based on behavioural biometrics can detect this type of fraud; it can be used to verify a person’s identity during the entire banking transaction. BioCatch uses data-based insights to distinguish behaviours of “real” and manipulated users. In collaboration with its customers, BioCatch has developed risk models that can be used to identify a variety of threats, as this collaborative effort is deemed essential in empowering clients and keeping consumers safe. In addition, there are clear behavioural patterns that can distinguish “real” from “fraudulent” activity during an online session and reveal manipulation by a cybercriminal:
Regardless of how complicated a bank’s systems and procedures are, cybercriminals who utilise social engineering to defraud organisations are highly motivated and skilled. After a successful social engineering fraud, the victim’s money is typically impossible to locate. Therefore, to protect customers from financial loss, it is imperative to detect fraud the moment it occurs. The use of behavioural biometrics can prevent significant losses, while comprehensively protecting customers and company assets. It must form the bedrock of any financial institution’s anti-fraud protection.
Social engineering fraud involves manipulating individuals into divulging confidential information, often through deceptive means such as phishing or vishing, leading to unauthorized access or financial loss.
Real-time fraud detection refers to the immediate identification and prevention of fraudulent transactions as they occur, often using advanced technologies and analytics to assess risks.
Behavioral biometrics is a security technology that analyzes patterns in human behavior, such as typing speed and mouse movements, to verify a user's identity during online transactions.
Multi-factor authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to a system, enhancing security against unauthorized access.
Authorized push payment (APP) fraud occurs when a victim is tricked into authorizing a payment to a fraudster, often under the guise of a legitimate request.
Explore more articles in the Technology category
