Corporate Online Banking Fraud: How Do You Stop It?

If you’re in the banking world, you’ll know that personal banking and business banking present a wealth of different challenges. Not only are the volumes and values different, but the nature of the customer-bank relationship is redefined, and so is the inherent threat from fraudsters trying to steal that money.?

This article aims to clarify the scope of online fraud in corporate banking and give you the right guidelines to shield your customers from cyber threats.

Business banking vs. personal banking: challenges and threats

We recently saw that a company in Hong Kong had $25m stolen as a result of a scam where the company employee was tricked into sending the money on a conference call with who they thought were senior employees, but actually were all “deepfake” video manipulations of these managers.?

Business customers need to watch out for different types of scam like fake invoices, CEO fraud (whaling) or business email compromise, and then there’s the more technological threats like malware and man-in-the-middle attacks.?

Threats to business banking customers are much more nuanced, and the advent of instant payments and the increasing speed of settlement serves to exacerbate this problem.

Standard personal banking fraud detection measures include technologies such as device and behavioral profiling. They look at the user’s normal behaviour and identify anomalies, such as ‘new device’ or ‘customer holding device in a different hand’, both of which could suggest an account has been taken over by a fraudster.?

In a business setting, when banking online, it may not be the same person logging into a business account from one transaction to the next. There may be no single person’s behaviour to track or a single device to profile. As a result, the fraud threats are different.?

How to tackle corporate fraud

So, with these approaches limited in the corporate space, how should banks tackle these problems? The nature of the threat determines the nature of the solution. When scams and automated threats form a large part of the problem, it is necessary for these to form a large part of the solution, too.?

Scams are designed to manipulate someone’s behaviour, so only by looking at the customer’s interaction with the bank can you see these. By contrast, automated threats like malware are not always visible when looking at the transaction in isolation.?

Therefore, the solution to these problems needs to be a comprehensive approach, looking at all aspects of the traffic associated with the transaction, not just the transaction itself.?

Detect and stop corporate fraud with Cleafy?

Cleafy takes a holistic approach to fraud detection, looking at every aspect of customer traffic to make a decision. Our approach to detecting corporate fraud is unique to other fraud vendors as we have access to a far richer data source, allowing us to:

• Examine the minutia of each transaction and create a degree of atomic visibility, allowing the risk engine to see everything, including indications of possible social engineering.
• Use our patented full content integrity to detect the slightest tampering within the app or web app's content, even in the case of zero-day malware. We were the first organisation to identify, label and prevent the TeaBot malware strain.
• Intercept multidimensional ATO scenarios by automatically correlating the risk detected in one session to another.
• Use our AI-powered risk engine, constantly enriched with information from the Cleafy Threat Intelligence Team. Our repository details the most advanced malware and scam cases for immediate identification, detection and response.

Finally, Cleafy smoothly integrates with your app and tech ecosystem, making it possible to automate adaptive responses tailored to each threat pattern and to your business banking customers’ needs.

If you’d like to understand more about our solutions for Corporate Banking, feel free to contact us at [email protected] for a demo or a more in-depth discussion.