Cybercrime has a new form, Account Takeover, which involves stealing login credentials for digital financial accounts
Amid the crisis caused by the coronavirus, many issues have risen to attention: E-commerce, digital payments, online transactions – and also cybercrime.
While phishing and malware are the most common threats (as Google’s analysis of 100 million fraudulent emails blocked per day shows), Account Takeover or ATO is one of the best-structured robbery techniques today, especially in digital banking.
In this type of fraud, a third party obtains the data of a user to take over their online account. Once they have control, they begin to transfer amounts to other accounts, withdraw money and take other actions.
In order to address this kind of sophisticated attack, it’s important for banks to use a range of security solutions in their digital channels, based on technologies that will guarantee safe user experiences and counteract any attempt at cybercrime. Among these security solutions are biometrics, one-time passwords, two-factor identification, and push notifications stand out in the financial industry.
Biometrics: Key Security Mechanism
Biometric authentication is a verification method that involves using a person’s inherent characteristics, including fingerprint scanning, facial recognition, iris recognition, even heartbeat analysis and vein mapping. Incorporating biometrics in banking security is essential, as this data is unique for each client and highly complicated to replicate.
Biometric authentication is not complex or time-consuming to incorporate into mobile banking, and it can be used for logins, or even to make a transaction. Biometrics also complies with the standards of the online identity authentication systems on mobile devices.
A secure biometric verification process must include liveness tests – to avoid using videos or even photos to get through. In addition, it is key to relate biometric data not only with the user, but also with their device. With that, the opportunities to enter an account from another device are reduced.
Tools against ATO: Notifications and 2FA
The smart use of other customer communication channels also offers significant protection against ATO. Among them, push notifications and the use of two-factor authentication are worth mentioning.
Push notifications operate as a guarantee of security by sending interactive alerts that allow the customer to control their accounts and protect their transactions. These notifications are different from the previous generation of informational, reactive messages. Those messages, used to send information to clients, did not allow for users to approve or block operations.
However, with the use of push notifications, the user can react to the alert and confirm whether the transaction is real or fraudulent.
At the same time, the use of two-factor authentication (2FA) also makes Account Takeover difficult. In a 2FA process, the customer has to enter an additional digital code to their username and password. That code can come from a dedicated app, a physical token, or is sent via SMS.
One Time Passwords (OTP) are part of this security infrastructure. This tool provides an authentication password that the client must use to carry out online transactions. Authentication, in this case, is based on a text message (SMS) that reaches the mobile and must be used in addition to the username and password.
In a short time, with the rise of new cyber-attack methodologies, new digital security technology tools have become essential to banking. And in these difficult months dominated by COVID, we have more responsibility than ever to defend our institutions from new threats and to do everything we can to protect customer accounts.