When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems start. That way, banks can launch products and services that keep customers engaged and draw new ones.

Banks looking to grow and expand should proactively consider how fraud concerns impact achieving their goals. La Banque Postale (LBP) saw firsthand the need for risk assessment as it began working to attract more young customers and was named one of the top three banks in France.

However, banks cannot protect their accounts and infrastructure without knowing their risk level as well as specific vulnerabilities. Security begins with a complete and comprehensive risk assessment. With that firmly grasped, then organizations can take the next step to prevent or stop attacks and fraud. Risk and fraud are constantly evolving, too. Financial institutions now often team up with trusted partners who specialize in financial cybersecurity. That way, they can focus on their main goal – providing great service to their customers.

French bank faces account takeover fraud

As they set out to achieve their goals, LBP realized they needed to move to full Instant Payment (IP) in less than an hour across all payment types. For a successful and secure IP rollout, the bank knew that it must have a strong fraud prevention strategy in place. The ultimate goal: fraud-free online banking.

Because its past fraud incidents stemmed from unauthorized account access, the team wanted to prevent attacks from happening. However, multiple log-in attempts may happen at the same time, making it challenging to stop attacks in real-time. The team realized that the key was using a scoring system for each login session. That could determine which login attempts were high risk. They could then devote the resources to preventing high-risk attempts, which increased the likelihood of success.

When they started the project, LBP set realistic goals for the project to help determine success. Of course, the bank wanted to reduce the costs of online fraud. At the same time, the bank also wanted to avoid the costs of renovating payment factories. They planned to do it by investing again in innovative IP deployment and fraud protection. LBP wanted to improve customers’ time with the bank while at the same time reducing costs. They knew that addressing the issue was not a short-term project, but a long-term focus.

Selecting a risk confidence solution to bolster IAM

A wide range of risk confidence solutions is currently on the market at a variety of price points and features. However, banks must carefully select the right tool for their specific needs. This ensures that they are correctly assessing risk and that the tool integrates with other IT systems. When LBP began looking for a tool, their top need was a complete, in-depth fraud protection and authentication solution that could address the requirements. After a careful search, they selected IBM.

Specific features to look for include:

  • Cloud-based: The tool must detect attempts across multiple channels. So, the solution must be cloud-based to provide the coverage needed for the wide range of ways customers and threat actors access bank accounts. Additionally, cloud-based solutions allow employees to access the tools from wherever they are working that day, including their mobile devices.
  • Uses AI: Attackers are increasingly using AI-based tools to take over accounts and commit fraud. Without using predictive technology, banks find it increasingly hard to spot vulnerabilities and assess risk. Otherwise, your bank reacts to attacks instead of proactively predicting risk and potential vulnerabilities. By using AI-based technology, LBP can now spot fraud happening in real-time and limit the damage by intervening.
  • Anomaly detection: Threat actors are often very sophisticated in their approach. However, their patterns typically vary ever so slightly from the account owner. With anomaly detection, the tool uses AI to uncover deviations based on device hygiene and network characteristics. Even subtle differences such as typing speed can be detected with behavioral biometrics.
  • Fits into zero trust framework: Hybrid and remote work are changing the surface area banks need to protect. The zero trust approach provides the best protection for the way that bank employees currently work. Zero trust, which is a collection of technologies used together, starts with the mindset that each user must prove that they are authorized. Identity and access management (IAM) serves as a cornerstone of zero trust by establishing that the user is authorized.
  • Fraud patterns: Attackers always change how they do business. When you use a tool that continually updates its algorithm with the latest fraud patterns used in other attacks, such as spoofing attributes, malware infections and non-human behavior, you can more accurately spot potential risks.
  • Consortium data: By using a trusted partner that is always creating new research and data, your bank benefits from the targeted protections deployed by the IBM Security research consortium.

Importance of fraud protection

After assessing risk with a tool like this, the next step is to effectively prevent fraud by denying access. As banks move through their digital transformation, they see more fraud and account takeovers.

LBP selecting IBM Security Verify Trust to both assess risk and prevent fraud allowed the bank to then confidently launch the first IP program to their customers. LBP improved its customer image by setting up full instant payment without additional fraud. Users now had the convenience of free and faster payments without security concerns.

By becoming the first bank to fully deploy free instant payments, other banks will likely follow, which means customers across the globe will benefit. As your bank looks to continue its digital transformation by moving existing processes to digital channels and offering a new customer experience, now is the time to follow LBP’s lead and assess your current risk. By getting the tools and processes needed to assess risk and prevent fraud, your bank can focus on its digital transformation and provide the personalized experiences that your customers expect. You can then move towards your goal of a fraud-free online experience and becoming a digitally focused bank.

More from Banking & Finance

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today