The popularity and pervasiveness of online banking is good news not only for financial institutions but also for cybercriminals, who see easy targets in online banking customers. Cybercriminals have figured out how to convince customers to surrender their usernames, passwords and other types of personal information through phishing requests or via malware. In fact, there has been a fundamental shift in the way online crime takes place. It is happening on an immense scale that was simply not possible just a few years ago. This property and asset theft is being undertaken by skilled, organized, professional groups of people who use increasingly sophisticated techniques and collaborate to target organizations.

The threat landscape continues to evolve at a rapid rate that threatens to outpace today’s protection approaches and strategies. Looking at digital security in the context of the banking industry, it is clear that banks are currently struggling to find the optimal balance between customer service excellence and fraud prevention.

Simply increasing the amount of conventional protection is not the answer. This is because traditional approaches, ranging from heightened authentication requirements to complicated and frustrating verification processes, not only fail to effectively prevent fraud but can actually negatively impact the bank’s business. Instead, banks should focus on creating better systems and techniques to collect and analyze internal and external data, develop more meaningful algorithms and profiles, execute penetration testing against current strategies, detect changes in transaction patterns and develop more effective solutions. This approach could be thought of as collective defense.

As banks successfully transform themselves, we will ultimately experience the modernization of information security by the banking industry. One important element of this modernization will be a shift in banks’ threat protection operations. Rather than concentrating only on what happened in the past, the emphasis will move to understanding what is likely to occur in the future.

The challenges of fraud prevention and recommendations for how to get a better grip on security, regulation and compliance are discussed in further detail in a new IBM white paper. Through the transformation and modernization of banking industry security, fraud will be further reduced, customer service and satisfaction will impove, and banks will be able to grow and pursue their business goals with both confidence and agility.

Read the Paper: Modernizing Digital Security to Protect Banks from Fraud

More from Banking & Finance

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

BlotchyQuasar: X-Force Hive0129 targeting financial institutions in LATAM with a custom banking trojan

16 min read - In late April through May 2023, IBM Security X-Force found several phishing emails leading to packed executable files delivering malware we have named BlotchyQuasar, likely developed by a group X-Force tracks as Hive0129. BlotchyQuasar is hardcoded to collect credentials from multiple Latin American-based banking applications and websites used within public and private environments. Similar operations conducted in late 2022 have also been noted delivering an earlier variant of this modified QuasarRAT by likely Spanish-speaking actors. BlotchyQuasar, which X-Force describes as…