23 September 2017
Uri Rivner

The Joy of Fraud Fighting

Uri Rivner - BioCatch

78Posts 361,896Views 36Comments
Online Banking

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.
A post relating to this item from Finextra:

UK's Faster Payments service goes live

27 May 2008  |  14681 views  |  0
aclock.JPG
The UK's faster payments service, designed to provide customers with near real-time transfer of phone, Internet and standing order payment instructions - has finally gone live.

Christmas Comes Early This Year

30 May 2008  |  4084 views  |  0

Dear online fraudsters, I've got some good news and some bad news. 

The good news is that Christmas comes early this year: on May 27th the UK banking industry launched the much anticipated Faster Payment scheme, in which inter-bank money transfers are instantaneous. Let me actually re-phrase: that's great news for you. 

I bet you're all excited about the new opportunity presented by Faster Payments because you know that one of the most effective weapons the banks have been using against online banking fraud is no longer at their disposal. 

This weapon is Time.  

Now, please excuse me while I explain this to the non criminal elements reading this blog. Why is time so important to fraudsters? 

The previous, slow process of sending money from one bank to another may have been cumbersome and not very friendly to the end user, but it did give sufficient time for the banks to investigate high risk transactions, and stop the money from leaving the bank. Typically the bank had between 24 to 72 hours to investigate and freeze risky transfers. 

Suppose a bank processes 1,000 transactions per day that meet a high-risk criteria: they are a payment to a newly established destination account, and the amount is higher than five thousand pounds. 

Until now, the bank could have let all these transactions go through, and then during the next 24 hours have a team of fraud analysts review them by calling the users to confirm the activity. If the money transfer wasn't authorised by the user, the bank had sufficient time to stop the money from going out.  

This can no longer work in Faster Payments. In a Faster Payment, once the transaction is cleared, funds leave the bank. The only way to stop fraud is to decline the suspicious transaction, or delay it until it is reviewed. In both cases, the end result is that the user will not be able to transfer the funds in real time. 

Following the previous example, to stop the same amount of fraud, the bank would have no choice but to delay ALL of the 1,000 transactions. Which is against the very notion of Faster Payments. 

The alternative is to let all of them go through and face the consequences. Which is exactly what fraudsters like about the new scheme. 

OK, that was for the sake of the law abiding segment of the readers.  

Now back to you, dear fraudsters. I said I've got good news and bad news; so lets get to the bad news, shall we? 

The bad news is that the UK banking industry has prepared for Faster Payments and equipped itself with several layers of defense against your evil ploys. Deploying visible defenses such as EMV 2-factor or out-of-band phone authentication, and invisible layers such as transaction monitoring and anti-Phishing / anti-Trojan detection and termination services, most banks have managed to raise the bar significantly. 

So let me summarise the situation. Fortunately for you, criminals of the twenty first century, fraud will be much more difficult to intercept following the move to Faster Payments. Unfortunately for you, the banks realised the rules of engagement are about to change and beefed up their fraud fighting strategies. You should expect the banks to put up a good fight.

 

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Uri

Brazil vs. Germany: A Surprising Find

12 July 2014  |  3696 views  |  1 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Sweetheart Scams: When Fraudsters Turn to Romance

30 June 2014  |  3033 views  |  0 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

BitCoin Explained: How to Become a BitCoin Thief - part 1

04 December 2013  |  22064 views  |  1 comments | recomends Recommends 1 TagsMobile & onlinePaymentsGroupInformation Security

A Message from Hell

01 October 2013  |  3731 views  |  0 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Uri's profile

job title Head of Cyber Strategy
location Tel Aviv
member since 2008
Summary profile See full profile »
Internet. The perfect fraud frontier. These are the thoughts of Uri Rivner, head of Cyber Strategy at BioCatch and formerly Head of new technologies, identity protection, at RSA, the security division...

Uri's expertise

Member since 2008
78 posts36 comments
What Uri reads

Who's commenting on Uri's posts