Banking & Finance December 9, 2022
By Jennifer Gregory 4 min read

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems start. That way, banks can launch products and services that keep customers engaged and draw new ones.

Banks looking to grow and expand should proactively consider how fraud concerns impact achieving their goals. La Banque Postale (LBP) saw firsthand the need for risk assessment as it began working to attract more young customers and was named one of the top three banks in France.

However, banks cannot protect their accounts and infrastructure without knowing their risk level as well as specific vulnerabilities. Security begins with a complete and comprehensive risk assessment. With that firmly grasped, then organizations can take the next step to prevent or stop attacks and fraud. Risk and fraud are constantly evolving, too. Financial institutions now often team up with trusted partners who specialize in financial cybersecurity. That way, they can focus on their main goal – providing great service to their customers.

French bank faces account takeover fraud

As they set out to achieve their goals, LBP realized they needed to move to full Instant Payment (IP) in less than an hour across all payment types. For a successful and secure IP rollout, the bank knew that it must have a strong fraud prevention strategy in place. The ultimate goal: fraud-free online banking.

Because its past fraud incidents stemmed from unauthorized account access, the team wanted to prevent attacks from happening. However, multiple log-in attempts may happen at the same time, making it challenging to stop attacks in real-time. The team realized that the key was using a scoring system for each login session. That could determine which login attempts were high risk. They could then devote the resources to preventing high-risk attempts, which increased the likelihood of success.

When they started the project, LBP set realistic goals for the project to help determine success. Of course, the bank wanted to reduce the costs of online fraud. At the same time, the bank also wanted to avoid the costs of renovating payment factories. They planned to do it by investing again in innovative IP deployment and fraud protection. LBP wanted to improve customers’ time with the bank while at the same time reducing costs. They knew that addressing the issue was not a short-term project, but a long-term focus.

Selecting a risk confidence solution to bolster IAM

A wide range of risk confidence solutions is currently on the market at a variety of price points and features. However, banks must carefully select the right tool for their specific needs. This ensures that they are correctly assessing risk and that the tool integrates with other IT systems. When LBP began looking for a tool, their top need was a complete, in-depth fraud protection and authentication solution that could address the requirements. After a careful search, they selected IBM.

Specific features to look for include:

  • Cloud-based: The tool must detect attempts across multiple channels. So, the solution must be cloud-based to provide the coverage needed for the wide range of ways customers and threat actors access bank accounts. Additionally, cloud-based solutions allow employees to access the tools from wherever they are working that day, including their mobile devices.
  • Uses AI: Attackers are increasingly using AI-based tools to take over accounts and commit fraud. Without using predictive technology, banks find it increasingly hard to spot vulnerabilities and assess risk. Otherwise, your bank reacts to attacks instead of proactively predicting risk and potential vulnerabilities. By using AI-based technology, LBP can now spot fraud happening in real-time and limit the damage by intervening.
  • Anomaly detection: Threat actors are often very sophisticated in their approach. However, their patterns typically vary ever so slightly from the account owner. With anomaly detection, the tool uses AI to uncover deviations based on device hygiene and network characteristics. Even subtle differences such as typing speed can be detected with behavioral biometrics.
  • Fits into zero trust framework: Hybrid and remote work are changing the surface area banks need to protect. The zero trust approach provides the best protection for the way that bank employees currently work. Zero trust, which is a collection of technologies used together, starts with the mindset that each user must prove that they are authorized. Identity and access management (IAM) serves as a cornerstone of zero trust by establishing that the user is authorized.
  • Fraud patterns: Attackers always change how they do business. When you use a tool that continually updates its algorithm with the latest fraud patterns used in other attacks, such as spoofing attributes, malware infections and non-human behavior, you can more accurately spot potential risks.
  • Consortium data: By using a trusted partner that is always creating new research and data, your bank benefits from the targeted protections deployed by the IBM Security research consortium.

Importance of fraud protection

After assessing risk with a tool like this, the next step is to effectively prevent fraud by denying access. As banks move through their digital transformation, they see more fraud and account takeovers.

LBP selecting IBM Security Verify Trust to both assess risk and prevent fraud allowed the bank to then confidently launch the first IP program to their customers. LBP improved its customer image by setting up full instant payment without additional fraud. Users now had the convenience of free and faster payments without security concerns.

By becoming the first bank to fully deploy free instant payments, other banks will likely follow, which means customers across the globe will benefit. As your bank looks to continue its digital transformation by moving existing processes to digital channels and offering a new customer experience, now is the time to follow LBP’s lead and assess your current risk. By getting the tools and processes needed to assess risk and prevent fraud, your bank can focus on its digital transformation and provide the personalized experiences that your customers expect. You can then move towards your goal of a fraud-free online experience and becoming a digitally focused bank.

 |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from Banking & Finance
August 30, 2023

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

August 17, 2023

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

July 28, 2023

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

July 14, 2023

BlotchyQuasar: X-Force Hive0129 targeting financial institutions in LATAM with a custom banking trojan

16 min read - In late April through May 2023, IBM Security X-Force found several phishing emails leading to packed executable files delivering malware we have named BlotchyQuasar, likely developed by a group X-Force tracks as Hive0129. BlotchyQuasar is hardcoded to collect credentials from multiple Latin American-based banking applications and websites used within public and private environments. Similar operations conducted in late 2022 have also been noted delivering an earlier variant of this modified QuasarRAT by likely Spanish-speaking actors. BlotchyQuasar, which X-Force describes as…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature