Last updated: 06 February 2015
As our use of the internet and eBanking services has advanced, so have the methods that criminals use to target our personal information. The number of attacks rose sharply in 2012 due in large part to shared server hacks, which are gaining in popularity (they accounted for 47% of all phishing attacks in the second half of 2012), allowing fraudsters to launch attacks with a frequency never before seen.
Until recently, there was some debate as to banks’ liability when this kind of fraud occurs. That changed in 2012 when a federal appeals court ruled that Ocean Bank held the liability for fraud loss after criminals made wire transfers totaling almost $600,000, saying that the bank’s security was not “commercially reasonable.” This served as a wake-up call for bank executives to review their security procedures.
I’ve seen first-hand how banks are changing their security ways to stay ahead of the fraudsters. Banks are now using a multi-layered approach to security, continuing to combat fraud while recently focusing on a few new components: leading customers away from dangerous browsing activity, and for additional protection, transacting outside of the internet on a USB device.
There are new choices for extra layers of security that banks have begun implementing. Smart Browsers (also called Hardened Browsers) create secure channels between customers and banking websites, diminishing malware and man-in-the-middle attacks by allowing a customer to visit only the URLs intended by the bank. Smart Browsers can be used on a PC, smart phone, or tablet, providing easy adoption for consumers, which is critical in the success of any security product.
The real pioneers are taking a leap ahead and deploying Smart Browsers with Transaction Signing on a USB device. This creates a safe banking session sanctuary on a USB – actually taking the session offline and conducting the transaction on the USB. Customers can review, approve, and digitally sign banking transactions without the risks of being online. The session is transparent to the customer and blind to the man-in-the-middle.
According to Gartner analyst Avivah Litan, allowing the user to actually see the transaction before confirming it is key to overcoming fraud. “We have been advocating transaction verification for a long time,” she said. “We call it ‘sign what you see.’”
Criminals will always try to overcome security controls that banks put in place – but, coming up against multiple security layers will present an enormous challenge for even the most talented of hackers. By securing the browsing session, financial institutions are venturing far beyond simple anti-virus software or multifactor solutions. Using a layered approach to security can – and will – defeat the fraudsters that may be lurking in the background.