At the end of October 2021, cybersecurity firms identified yet another malware bot in a long line that cybercriminals are using to take over consumers’ bank accounts. SharkBot is just the latest of these banking trojans, following in the footsteps of FluBot and TeaBot, but they all work on similar principles.
First, fraudsters convince the victim to download and install an app—which contains the malware—onto their device. Then the infected app lets the criminals access all the victim’s personal information, credit card details, and mobile banking apps. With the device at their mercy, fraudsters can intercept or hide one-time passcodes (OTPs) and other messages and quickly empty victims’ accounts before anybody notices what’s happening.
Right now, SharkBot is targeting customers of UK and Italian banks. But as we’ve seen many times before, successful fraud schemes quickly spread across the globe.
And malware bots are just one of many threats to banking customers. Since the start of the pandemic, security professionals have recorded an alarming rise in the number of phishing attacks and account takeovers. Identify thefts doubled in 2020 compared to 2019—and that’s just in the US.
Banks must do more—or customers will go elsewhere
While schemes based on an initial phishing attempt rely on customers falling for the con, it’s not enough for banks to just tell people to be careful.
The success of any financial institution hinges on trust. And if consumers don’t trust a bank to proactively safeguard their accounts from cybercriminals and fraudsters, they’ll go to the bank down the street that’s doing everything it can to protect its customers.
In this age of growing security threats, there are three key strategic priorities that can help banks protect their customers, reduce fraud losses, and build trust in their brand.
1. Shift to password-less authentication
The days of “choose a strong password” are truly over—passwords are far too easy to buy, steal, or phish from people. And when criminals can take over someone’s device, or have their messages sent to another device through SIM swap fraud, SMS OTPs aren’t fit for purpose either.
Many banks are now turning to voice biometrics to help fight off sophisticated fraud attacks. By identifying people based on their unique voiceprint, rather than the device they have, a password they know, or an OTP they may have intercepted, banks can be confident that the person behind the transaction is the account owner.
Biometric security closes the door to many of the biggest criminal schemes, bringing huge reductions in fraud losses, as well as increased customer trust. But one of the most exciting things about biometric authentication is how it’s helping banks identify individual fraudsters and work with law enforcement to bring them to justice.
2. Adopt a layered approach to security
Of course, no single technology can solve the fraud problem alone. For banks to bolster fraud protection and build customer trust, they’ll need to layer multiple biometric modalities—voice, behavioral, and conversational biometrics—with non-biometric factors and other available data to get a complete view of risk in every interaction.
We’re already seeing some banks bring all of these factors together in a central AI risk engine that can assess fraud risk in all customer interactions—on every channel—in real time.
3. Share fraud data
Just as no technology can tackle fraud alone, no financial institution can tackle fraud alone. They’re stronger when they join forces—with other banks, and with organizations from across retail, telecommunications, and government.
Fraudsters are incredibly agile, and fraud teams face new threats every day. By sharing data on known fraudsters and emerging fraud tactics across organizations and industries, each contributing company will remove many of the obstacles that prevent fraud teams from protecting customers effectively.
So, while strengthening fraud prevention will help banks drive competitive advantage, institutions will also need to work together to win the fight against their criminal adversaries.