Online fraud is still a dominant issue in the retail banking sector despite the major decline in losses reported by the Financial Fraud Action UK (FFA). The latest figures suggest the cost against UK institutions was calculated at a substantial £17.1 million for the first half of 2013, even though it represented a decrease of 21 per cent compared to the same period in 2012.

Improved fraud detection and swifter action on phishing sites is reported to have contributed to the significant drop. The FFA statement released in early October said that enhanced processes for intelligence-sharing across the banks, as well as better online security tools and greater awareness amongst consumers had led to a decline in losses. Phishing sites, set up by criminals to trick vulnerable customers into giving away their passwords by convincing them they are communicating with their bank or building society, has also seen a dramatic 87 per cent drop in the numbers of these sites, since the equivalent period in 2012.

These statistics may paint a more positive picture; however the retail banks affected by the continuing online fraud practices are still working hard to tackle the issue. The drive to keep customers and their accounts protected remains as strong as ever, with an increased demand for enhanced security solutions to guard customers against online fraud.

At Accumuli, we have been working with a fortune 500 banking group that has a large retail presence across Europe. The bank had invested heavily in retail online banking fraud prevention systems, including two-factor authentication devices, which were provided to every customer. Despite this proactive action, the bank still faced a significant on-going problem from fraudulent online banking transactions, caused by advanced malware specifically targeting their customers. The malware works by manipulating the online banking web interface displayed to the customer, in order to obtain the required two factor codes and make fraudulent payments.

Unfortunately, this is not an uncommon problem with many financial institutions facing attack from this type of advanced malware. The malware used to launch this breed of attack is widely available to buy from hacking forums and even some social media sites, and the code is continually being changed and enhanced to avoid detection.

In a bid to protect its customers, maintain regulatory compliance and protect its world leading reputation, the bank had built internal fraud systems, using analytical techniques, which meant that customers suspected of being victims of online banking fraud were placed in a protected mode and were proactively supported while the malware was removed.

However, the action was not completely successful as the attacks on the bank continued, and the process of protection became both labour intensive and expensive. The bank also needed to continually adapt to changing fraud patterns, which led to using more complex analytical detection techniques and required extra staff to provision.

The bank identified the need for a system that would enable the automation of the analytical detection process developed in-house and increase the speed of detection and response. The system had to have the capability to be rapidly enhanced to deal with new or evolving online banking threats and complex detection criteria and also deliver a platform that could be extended to provide detection and prevention technologies for other types of transactional fraud.

The result of a market review by the bank led to it selecting SIEM as its preferred solution for delivering an automated fraud detection solution. The approach we took involved using our seven stage EDGE methodology to analyse, design and deliver a comprehensive ArcSight SIEM solution. The detection design included a flexible, extensible framework and implementation technology to allow the bank to rapidly update and refine the detection rules if the threat evolves or if new detection patterns are identified.

The new system was designed to support fraud detection capabilities for more than 13 million online daily banking transactions, as well as infection detection capabilities in excess of 40 million web logs per day.

The banks technical teams from mainframe, networks and retail banking worked alongside the Accumuli SIEM experts, who designed and delivered the automated online banking fraud detection solution, implementing existing bank detection logic. When the implementation was completed, the bank’s fraud analysts were provided with an interface into which fraudulent and suspicious transactions were displayed in near real time. The transactions were accompanied with metadata detailing the detection logic that was matched and a threat score, to allow the analysts to prioritise their work.

The system had a significant impact on detection times, reducing it from 24 hours using the manual process, down to less than ten minutes using ArcSight and the external database interface. Subsequently, this allowed the bank to rapidly begin the process of blocking fraudulent payments or start the recovery process before any money had been extracted from the destination account.

As retail online banks continue the fight against fraud it has become clear that increasingly sophisticated techniques from today’s fraudsters demand more complex solutions to help protect customers. The losses to UK online banks may be on the decline but the issue is still highly prevalent in this sector and needs to be tackled with the right mix of expertise and technology.

Jon Inns, Director of Product Management, Accumuli