Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Blinding bank's anti-fraud systems with FraudFox VM

Banks have invested heavily into fraud detection systems that tries to identify suspicious transactions. The systems put together network data, user's normal payment pattern...  anything that can create a picture of what is normal and what is not. An important part of this is device fingerprinting, a technology that collects system information from browsers. The amount of data a standard browser is willing to release is enough to make a unique fingerprint for each individual device. The problem with device fingerprinting is obviously that anything a bank can collect is also available for any other service as well.. This is where FraudFox comes in. FraudFox VM is a tool that collects device fingerprints and present them to the bank - leaving the bank in the same position they had before they invested heavily in malware detection systems from major security vendors. This development is clearly a result of that anti-virus is dead (Not my words -  Symantec's CEO said this) and in reality end-users has no healthy alternatives. Consequently it makes no sense to even ask end users to keep their devices clean from malware.. They can't, so no help from them either.

So what's the situation?

  • Banks cannot tell the difference between a fake and legitmate user
  • The device fingerprint can be spoofed
  • Network adresses can be spoofed
  • Users neither have competence or resources

The banks obviously need to work on this and I believe they need to revise their client side security strategy from detect and react to block and report. This means we will see more use of malware resistant applications like browsers desktop applications. This development has gained traction in the mobile space where potent app security tools are available as products that integrates with the app.

So the bad news is not so bad - banks will not be blinded by fraud tools like FraudFox - but they need to add security to the user applications that connects to the bank services. As the analysts from Gartner says: Self-protective and self-aware applications is a strategic IT trend. When I see tools like FraudFox and others, I agree.. once again.

 

4636

Channels

Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion

Member since

0

Location

0

More from member

Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more