When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems start. That way, banks can launch products and services that keep customers engaged and draw new ones.

Banks looking to grow and expand should proactively consider how fraud concerns impact achieving their goals. La Banque Postale (LBP) saw firsthand the need for risk assessment as it began working to attract more young customers and was named one of the top three banks in France.

However, banks cannot protect their accounts and infrastructure without knowing their risk level as well as specific vulnerabilities. Security begins with a complete and comprehensive risk assessment. With that firmly grasped, then organizations can take the next step to prevent or stop attacks and fraud. Risk and fraud are constantly evolving, too. Financial institutions now often team up with trusted partners who specialize in financial cybersecurity. That way, they can focus on their main goal – providing great service to their customers.

French bank faces account takeover fraud

As they set out to achieve their goals, LBP realized they needed to move to full Instant Payment (IP) in less than an hour across all payment types. For a successful and secure IP rollout, the bank knew that it must have a strong fraud prevention strategy in place. The ultimate goal: fraud-free online banking.

Because its past fraud incidents stemmed from unauthorized account access, the team wanted to prevent attacks from happening. However, multiple log-in attempts may happen at the same time, making it challenging to stop attacks in real-time. The team realized that the key was using a scoring system for each login session. That could determine which login attempts were high risk. They could then devote the resources to preventing high-risk attempts, which increased the likelihood of success.

When they started the project, LBP set realistic goals for the project to help determine success. Of course, the bank wanted to reduce the costs of online fraud. At the same time, the bank also wanted to avoid the costs of renovating payment factories. They planned to do it by investing again in innovative IP deployment and fraud protection. LBP wanted to improve customers’ time with the bank while at the same time reducing costs. They knew that addressing the issue was not a short-term project, but a long-term focus.

Selecting a risk confidence solution to bolster IAM

A wide range of risk confidence solutions is currently on the market at a variety of price points and features. However, banks must carefully select the right tool for their specific needs. This ensures that they are correctly assessing risk and that the tool integrates with other IT systems. When LBP began looking for a tool, their top need was a complete, in-depth fraud protection and authentication solution that could address the requirements. After a careful search, they selected IBM.

Specific features to look for include:

  • Cloud-based: The tool must detect attempts across multiple channels. So, the solution must be cloud-based to provide the coverage needed for the wide range of ways customers and threat actors access bank accounts. Additionally, cloud-based solutions allow employees to access the tools from wherever they are working that day, including their mobile devices.
  • Uses AI: Attackers are increasingly using AI-based tools to take over accounts and commit fraud. Without using predictive technology, banks find it increasingly hard to spot vulnerabilities and assess risk. Otherwise, your bank reacts to attacks instead of proactively predicting risk and potential vulnerabilities. By using AI-based technology, LBP can now spot fraud happening in real-time and limit the damage by intervening.
  • Anomaly detection: Threat actors are often very sophisticated in their approach. However, their patterns typically vary ever so slightly from the account owner. With anomaly detection, the tool uses AI to uncover deviations based on device hygiene and network characteristics. Even subtle differences such as typing speed can be detected with behavioral biometrics.
  • Fits into zero trust framework: Hybrid and remote work are changing the surface area banks need to protect. The zero trust approach provides the best protection for the way that bank employees currently work. Zero trust, which is a collection of technologies used together, starts with the mindset that each user must prove that they are authorized. Identity and access management (IAM) serves as a cornerstone of zero trust by establishing that the user is authorized.
  • Fraud patterns: Attackers always change how they do business. When you use a tool that continually updates its algorithm with the latest fraud patterns used in other attacks, such as spoofing attributes, malware infections and non-human behavior, you can more accurately spot potential risks.
  • Consortium data: By using a trusted partner that is always creating new research and data, your bank benefits from the targeted protections deployed by the IBM Security research consortium.

Importance of fraud protection

After assessing risk with a tool like this, the next step is to effectively prevent fraud by denying access. As banks move through their digital transformation, they see more fraud and account takeovers.

LBP selecting IBM Security Verify Trust to both assess risk and prevent fraud allowed the bank to then confidently launch the first IP program to their customers. LBP improved its customer image by setting up full instant payment without additional fraud. Users now had the convenience of free and faster payments without security concerns.

By becoming the first bank to fully deploy free instant payments, other banks will likely follow, which means customers across the globe will benefit. As your bank looks to continue its digital transformation by moving existing processes to digital channels and offering a new customer experience, now is the time to follow LBP’s lead and assess your current risk. By getting the tools and processes needed to assess risk and prevent fraud, your bank can focus on its digital transformation and provide the personalized experiences that your customers expect. You can then move towards your goal of a fraud-free online experience and becoming a digitally focused bank.

More from Banking & Finance

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today