Faces of Fraud: New Survey DebutsWhat Are the Top Threats to Banking Institutions?
See Also: How to Defend Your Attack Surface
These are just two of the questions posed by our annual Faces of Fraud Survey, which we just launched. If you have not yet responded to this survey, please take a few moments to participate: 2013 Faces of Fraud: The Threat Evolution.
We're eager to see how banking institutions such as yours have responded to some of the emerging and evolving threats.
The cybersecurity landscape has changed quite a bit since we polled our readership in 2012. This time around, we're eager to see how banking institutions such as yours have responded to some of the emerging and evolving threats.
Over the past 12 to 18 months, we've seen U.S. financial institutions make strides toward conformance with the Federal Financial Institutions Examination Council's updated authentication guidelines for online banking transactions, issued in June 2011.
But we've also seen the emergence of customized online banking Trojans, such as Citadel and Bugat, which are attacking both desktops and mobile devices. Phishing schemes have continued to grow in number and sophistication, and as researcher Daniel Cohen of security firm RSA recently noted, they are expected to hit all-time highs in 2013 and 2014.
"Today a lot of banks will use a second factor out-of-band/SMS authentication, and the bad guys are trying to get around that," by developing mobile malware counterparts, Cohen says during a recent interview with BankInfoSecurity. "They [the Trojans] manage to get on your mobile device, and basically sniff your SMS stream. ... Any kind of authentication code that you get from the bank is being picked up by this malware and then forwarded to the bad guy, so that he can complete the fraudulent transfer. And we're seeing more and more of that."
Let's also not forget the ever-increasing card fraud risks we've seen affecting banking institutions and payments processors around the world. Malware attacks aimed at retailers' point-of-sale systems and networks played lead roles in the card compromises that this winter and spring affected Bashas' Family of Stores and Schnuck Markets.
ATM cash-out schemes, too, got renewed attention in mid-2013, as card brands warned issuers these attacks are becoming more prevalent.
Federal authorities' recent takedown of another cash-out scheme only reiterates how prevalent these global cyberheist attacks have become.
So, how are banking institutions expected to react as they take steps to curb payments and ATM-related fraud through enhanced transaction monitoring and migrations to stronger card technologies, such as EMV?
That's what we want to know.
We're also asking survey respondents to tell us about improvements they've made in fraud prevention and detection, and how those improvements have helped to reduce losses linked to ACH/wire fraud.
I encourage you to take a few moments to respond to this important survey now: 2013 Faces of Fraud: The Threat Evolution.
And be sure to look for our forthcoming in-depth coverage of the survey's findings.