Did your virtual bank just onboard a fraudster?
In a recent incident, police and financial institutions fought to contain an email scam that defrauded individuals and business billions. Lawsuits were filed for negligence, but the damage has been done. And as American Bankers Association (ABA) highlighted, there is very little chance to recuperate funds lost in wire transfers from hacked consumer accounts.
The problem is growing fast. The Federal Bureau of Investigation (FBI) reported close to US$1.8 billion lost to similar scams. Global losses between June 2016 to July 2019 totaled US$26 billion. And most of these stolen cash are funneled through Hong Kong and Mainland China into oblivion.
Multi-factor authentication (MFA) was supposed to stop such scams. But early iterations, such as SMS-based two-factor authentication (2FA), ran into problems. Attackers used man-in-the-middle techniques, such as phishing and/or installing smartphone malware, to read plain text SMS messages and rendering the control useless.
Banks learned. Today, many employ “push” and encrypted communications that smartphone vendors already use. They are also using a variety of techniques, from unique hardware tokens and GPS locations to biometric and complying with new PSD2 regulations.
Admittedly, SCA requires a mindset shift and impacts merchants, PSPs and issuers. An underestimation of the complexities and amount of effort stayed many from embracing it. It was one reason why SCA implementation was delayed from the original 14 September 2019 for up to 18 months in the European Economic Area (EEA).
For virtual banks, SCA can impact on their promises of online convenience and seamless experience. The answer is adopting a two-fold approach.
First, not all transactions need this level of scrutiny. Checking balances, monitoring transactions and viewing transactions within the last 90 days, and recurring and low-value transactions, such as standing orders, do not need SCA.
Second, virtual banks should not be alone. By partnering with companies like LexisNexis? Risk Solutions, they can tap into security expertise and solutions that prepare them for SCA. Through the use of our digital identity intelligence during logins, payment transactions and new account applications, they can ensure that fraudsters are stopped at their virtual doors.
Click HERE to learn more how LexisNexis? Risk Solutions can help.