The popularity and pervasiveness of online banking is good news not only for financial institutions but also for cybercriminals, who see easy targets in online banking customers. Cybercriminals have figured out how to convince customers to surrender their usernames, passwords and other types of personal information through phishing requests or via malware. In fact, there has been a fundamental shift in the way online crime takes place. It is happening on an immense scale that was simply not possible just a few years ago. This property and asset theft is being undertaken by skilled, organized, professional groups of people who use increasingly sophisticated techniques and collaborate to target organizations.

The threat landscape continues to evolve at a rapid rate that threatens to outpace today’s protection approaches and strategies. Looking at digital security in the context of the banking industry, it is clear that banks are currently struggling to find the optimal balance between customer service excellence and fraud prevention.

Simply increasing the amount of conventional protection is not the answer. This is because traditional approaches, ranging from heightened authentication requirements to complicated and frustrating verification processes, not only fail to effectively prevent fraud but can actually negatively impact the bank’s business. Instead, banks should focus on creating better systems and techniques to collect and analyze internal and external data, develop more meaningful algorithms and profiles, execute penetration testing against current strategies, detect changes in transaction patterns and develop more effective solutions. This approach could be thought of as collective defense.

As banks successfully transform themselves, we will ultimately experience the modernization of information security by the banking industry. One important element of this modernization will be a shift in banks’ threat protection operations. Rather than concentrating only on what happened in the past, the emphasis will move to understanding what is likely to occur in the future.

The challenges of fraud prevention and recommendations for how to get a better grip on security, regulation and compliance are discussed in further detail in a new IBM white paper. Through the transformation and modernization of banking industry security, fraud will be further reduced, customer service and satisfaction will impove, and banks will be able to grow and pursue their business goals with both confidence and agility.

Read the Paper: Modernizing Digital Security to Protect Banks from Fraud

More from Banking & Finance

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today