Online payments are an unintended soft spot resulting from the EMV point of sale migration, creating an opening for security technology vendors to combat the emerging cybercrime threats.
Drawing on its experience in post-EMV Europe, Amsterdam-based cybersecurity provider Fox-IT is offering U.S. financial institutions a Web and mobile banking analytics service called DetACT that sniffs out payments fraud in real-time during a bank customer's session online or in a native mobile banking channel.
European banks have used Amsterdam-based Fox-IT's DetACT software to correlate click-path, event, traffic, financial and historical information as a way to monitor Web-based or native mobile banking channels.
Fox-IT operates under the premise that cybercriminals most often go "low-tech" in their attacks, finding ways to plant malware into social engineering apps to manipulate customer behavior to commit fraud, said Andy Chandler, senior vice president of Fox-IT.
"Four years ago, the challenge was around the man-in-the-middle or man-in-the-browser attacks and we developed an algorithm-based behavior analytics solution for our client banks in Europe," Chandler said. "We keep telling everybody that criminals are not going more high-tech or more innovative, they are still using this method."
Fox-IT has been able to develop software that protects consumers and businesses engaging in online banking sessions through real-time monitoring of session clicks. Operating as a parallel security layer, DetACT reveals when a session is being hijacked, Chandler said. Banks using DetACT obtain an annual license for the software, with pricing determined by the level of service and support requested by the bank.
Criminals are infecting banking sessions at U.S., European and Asian banks with Dridex or Dyre, a malware that creates a botnet, which customers fill with authentication or other information. The criminal is then able to operate in a parallel manner to the bank customer, who unwittingly is passing along passwords and access to bank accounts, Chandler added.
Fox-IT has been able to detect these types of attacks "after a few clicks in real time in Europe," so the company decided to launch DetACT support into the North American market, Chandler said.
DetACT monitors three clicks of a mouse in a session and compares it against as many as 20 other sessions to provide login and Internet protocol address details that banks may have previously taken hours or days to compile after discovering a problem from a customer complaint, Chandler added.
If a session suddenly changes an operating system, or switches language from English to Russian, DetACT would see it occur at the instant of the change, Chandler said.
When detecting potential attacks, Fox-IT quickly establishes rules for DetACT to follow, taking that long process off the bank client's plate.
DetACT integrates with Fox-IT's InTELL, which collects information about various cyber threats and their tendencies for bank clients.
Security experts generally agree that hackers will concentrate on mobile banking channels when EMV chip cards are in place in the U.S. to thwart counterfeit fraud attempts at the point of sale. It's also proving difficult to keep criminals out of networks, so new security measures are attempting to identify when crooks are in or trying to get into a network.
Fox-IT is joining other vendors in the U.S. that have expanded analytics to determine botnets and monitor online banking sessions as a way to thwart fraud, said Julie Conroy, research director and fraud expert with Boston-based Aite Group.
"Some are bringing in biometrics capabilities to determine how someone is keying into their key pad," Conroy said.
The majority of larger banks in the U.S. have reported their online banking fraud is decreasing, due in large part to how they bolstered security through analytics and better authentication, Conroy added. "Better use of this type of analytics in real time is keeping the bad guys out," Conroy said.
Fox-IT is "a very innovative vendor with excellent threat intelligence," but it may have to target smaller banks as clients, but those banks suffer less fraud, said Avivah Litan, fraud expert with Stamford, Conn.-based Gartner Inc.
Many banks have already established various security layers, making it difficult "to rip out old technology and put in something new, even if it is better," Litan said of the competitive field in bank security.
"Attacks continue to hit the large banks and they have a lot of security in place already," Litan added. Still, Fox-IT has a valuable product to offer and certain modules may resonate with banks, Litan said.
As faster payments initiatives take hold in Europe and the U.S. continues to work on its faster payments clearing, banks may indeed need new fraud-prevention technology that keeps that same pace.
Criminals will shift their malware focus to commercial banking in hopes that "faster" will equate to less time to monitor for fraud, Chandler said.
"To have fraud protection occurring in real time is vital if payments are moving faster, and the only way to do it is by having it in place right at log-in [of a banking session]," Chandler added. "Otherwise, the fraud protection does not operate fast enough."