Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites.
Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. For avoidance of any doubts and to make it easier, you may consider any links to external websites as sponsored links. Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


Written by Mark Reeves, SVP International for Entrust

Today, financial institutions (FIs) offering internet-based and mobile-banking services face increasing pressure to provide enhanced consumer protection against phishing, sophisticated malware and fraudulent activities.

Malware, phishing and fraud attacks are increasing. According to Kaspersky Labs IT Threat and Evolution Report for Q2 2013 more than 100,000 unique mobile malware samples were detected in that quarter which is substantially more than the previous quarter. In fact,  this was the most significant statistical category in both quantity and complexity in the report, indicating that not only are cybercriminals developing more malware targeting mobile platforms, they’re also advancing their capabilities and behaviours.  The UK also has the third highest incidents of phishing websites. Not surprisingly, payment services (47.6 percent) and financial services (27.32 percent) are the most targeted verticals.

Mark Reeves
Mark Reeves

How can FIs protect themselves against online attacks? Our advice is to invest in long-term solutions that enable FIs to adjust their security controls to keep pace with ever-changing and evolving threats.

Here are Entrust’s five best practice recommendations to protect against identity-based online attacks:

1.       Drive better risk assessment

Assess online transactions and the level of risk these present by type of transaction or user group in order to develop risk mitigation strategies. Be sure to assess specific attributes such as customer type, volume and capability of your transaction methods, information sensitivity and existing security, ease of use and the customer experience, and how mobile devices are interacting with your environment.  Consider not only financial loss, but also liability, corporate risk and reputational damage. And don’t just do this once, review and refresh this assessment at least every 12 months.   The risk assessment will help you to map out potential impacts and the security service levels required.

2.       Adopt strong authentication standards

Today’s threats require stronger means of authentication than simple usernames and passwords, particularly for high risk financial transactions such as wire transfers.  Traditional two-factor authentication solutions such as one-time password tokens and SMS-based authentication are no longer effective against, for example, sophisticated man-in-the-browser attacks if used on their own. Even SMS-based multi-factor authentication, while better than single-factor authentication, is vulnerable to SMS redirection malware. There are, however, a number of newer techniques that provide the level of protection required either through the use of a separate communication channel with the user or by relying on advanced behaviour-based fraud detection engines that can automatically detect transaction or website navigation anomalies in real-time.

3.       Take a layered approach

It is worth noting that no single authentication or traditional fraud detection solution can stop advanced malware on banks and other FIs.  It is the layering of different complimentary security technologies such as strong authentication, behavioural fraud detection, out-of-band transaction verification, mobile authentication and extended validation SSL digital certificates that provide the best method of protecting customer identities and transactions in a banking environment.

4.       Explore advanced authentication techniques

The good news is that today, there are a wide range of strong advanced authentication techniques available. As online fraud attacks increase in sophistication, so does the innovation in authentication technology required to stop these attacks in the consumer space. FIs should explore these advanced techniques like mobile-based transaction verification, dynamic device authentication – including one-time session cookies and digital fingerprints – rather than broadly using static device cookie-based approaches.   Remember however, threats are ever-changing and growing. This means FIs must have an ongoing programme of investment to evolve their technology, people and processes. Security in this area should not be a one-time exercise.

5.       Enhance customer awareness and education

Finally, we also advise that FIs involve the customer as much as possible to help fight fraud. Ongoing education and training programmes should be in place to ensure that everyone does their best to help protect and mitigate today’s threats.  For example, some progressive banks are deploying security measures that notify customers when suspicious transactions are in progress and ask the customer to confirm that a given transaction is valid.

It is vital that consumer confidence is maintained. No bank or FI can afford the reputational damage that an online attack can cause. Continuous investment in security systems, processes and people is a must rather than a nice-to have, otherwise banks risk leaving customer data vulnerable to attack.

If you are interested in finding out more about how FIs can implement identity-based security to win the war against online attacks, why not download our latest whitepaper: It’s Cyber Warfare