Knowing is half the battle: How to defend against bank fraud

Knowing is half the battle: How to defend against bank fraud

Jasie Fon, Regional VP Asia, Ping Identity, says there’s no way to ‘set and forget’ user security online.

Jasie Fon, Regional VP Asia, Ping Identity

Bank fraud – like depositing a fake cheque – used to be more complicated. Today, though, sophisticated bank fraud can be executed simply through a PC connected to the internet. In 2023 alone, the Anti-Scam Command (ASCom) had to freeze over 19,600 bank accounts worth over SGD100 million.

Ping Identity’s most recent consumer survey reveals that Singapore consumers expressed greater concern over identity fraud as they gained greater awareness. According to the survey, 42% have fallen victim to identity fraud, with financial identity fraud, account takeover and impersonation being the most common fraud types experienced by respondents – while 96% of consumers indicate that they receive spam calls; 46% receive spam calls once a week.

It’s now much easier for criminals to siphon off substantial sums of money from individuals and exact reputational harm on institutions. To guarantee that adequate security measures are established, it’s crucial for both consumers and businesses to have knowledge of the various types of bank fraud being used by malicious individuals. Let’s have a look at some of the more common types of fraud being used by criminals to trick businesses and consumers:

Phishing attacks

Criminals can gain login credentials through the use of fake emails, texts, or phone calls. Typically, the account holder is lured into providing their account details to someone pretending to be a bank staff member. This is what’s commonly known as phishing. There were around 4,100 phishing attempts reported to the Singapore Cyber Emergency Response Team (SingCERT) in 2023. Of these, 63% were mimicking institutions in the banking and financial services sector.

Credential stuffing

This scam is used by criminals who purchase stolen credentials off the dark web, a part of the internet that lets people hide their identity and location from law enforcement. The data is usually incomplete, so the attacker uses programs to ‘stuff’ usernames and passwords into different websites in large quantities, hoping for a match. Success rates are low, but attackers work with large volumes of data to achieve their aim.

Session hijacking

The criminal will seize control of a customer’s ongoing online session through stolen session cookies — small files used to identify your computer but used for only one online session. Stolen data is usually acquired through third-party browser extensions, devices infected with malware, or even public Wi-Fi networks.

Password spraying

Instead of focusing on getting the right login information, hackers might use bots (automated applications) to match various usernames with commonly used passwords. This operation is done at a large scale, so hackers can ultimately identify correct combinations and obtain access to accounts.

Due to thousands of breaches over the past few years, a large number of passwords can be found on the dark web. No matter how complicated your password is, it is no longer sufficient to stop fraudsters from accessing your accounts. Because of this, rather than sticking with the traditional password, consider implementing passwordless authentication techniques like biometrics.

New account fraud

Existing bank accounts are not the only ones vulnerable to attacks. Another concern is the potential consequences of new account fraud. In this scam, the criminal could use another person’s identity to create a new account, or they could take it a step further by blending authentic and bogus identities to form a deceptive account. The criminal will most probably use counterfeit IDs, email addresses, or cheques to achieve this illusion of authenticity.

Putting Up Safeguards

Fortunately, there are proven methods to help reduce the risk of becoming a victim of fraud. These include:

  • User education

One of the most powerful security methods available is educating staff and customers about typical fraudulent schemes. One example is to include warnings in transactions and email messages. These warnings can serve as reminders to help them distinguish between what’s authentic and what could potentially be a fraudulent scheme.

  • Multi-factor authentication (MFA)

MFA asks users to provide multiple forms of identification. This might include something they are familiar with, like a password or pin, combined with something they possess, like a key fob or a device that creates a unique code. MFA can also utilize other methods like fingerprints, voice recognition, and facial scans.

  • Policy-based access control

This method enhances security by only allowing entry according to established guidelines. Authorisation is contingent on the bank’s selection of characteristics. Some examples are job position, level of access and period of time. Customers may need to take additional factors into consideration, such as their access location, in order to gain access.

  • Online Safety Is a Never-Ending Process

Ensuring user security online isn’t a one-time affair, and there’s no way to ‘set it and forget it.’ More companies are using Customer Identity Access Management (CIAM) systems in response to their customers’ complex digital needs. These advanced platforms help online businesses safely record and handle consumer identity while regulating access to applications and services. From a consumer’s point of view, a well-executed CIAM system creates smooth engagement with different parts of a business without the need to repeatedly verify their identity.

It’s important to continually update security measures in order to provide users with the required protection level. Building trust between clients and banks is essential for preventing bank fraud. By adhering to these strategies and staying vigilant for new attack techniques, the chances of experiencing disruption and damage from a cybercriminal will significantly decrease.