Why Rule Based Approaches Are no Longer Effective in Detecting Online Banking Frauds

With online banking a user doesn’t interact with a bank employee in-person, a user is identified solely through a username and password. These credentials can be, and often are, easily stolen by fraudsters via various phishing and social engineering scams. Security analysts realize that every online session that uses the correct username/password combination cannot be blindly trusted, and there is a need to use additional attributes to verify that the session being conducted is in fact, by a legitimate user.

To SWIFT or not to SWIFT? Guardian Analytics has the answer.

Banks concerned about the recent SWIFT breaches look to Guardian Analytics to immediately alert banks to suspected intrusions. In these intrusions, news reports detail the thieves obtained fraudulent user credentials and used them to submit fraudulent SWIFT messages that correspond to money transfers out of the bank. Further, the criminals used malware to mask their activities by inserting the Trojan into the PDF reader that validates the transaction – the rule based PDF reader verification was defeated by the criminals and could not detect the fraudulent transaction. The user credentials and rule based systems provided inadequate protection for the banks, as the criminals demonstrated.

Go to Top