Combating The Rising Tide of Bank Fraud

Southeast Asia is home to some of the fastest-growing digital markets in the world. The digitalisation of financial services is expected to be a major development engine for ASEAN’s digital economy and is expected to surpass US$300 Billion in gross merchandise value by 2025, according to research by Google, Temasek, and Bain. The financial services sector is among the top 5 leading sectors in the digital economy.

Cybercriminals have noticed this change as well, and continually evolving their techniques, leveraging advanced technologies to carry out highly sophisticated cyberattacks that are difficult to detect.

According to the latest survey conducted by Ping Identity, consumers in Singapore expressed greater concern over identity fraud. According to the survey, 42% of respondents have been the victim of identity fraud; the most prevalent fraud types experienced by respondents were financial identity fraud, account takeover, and impersonation. Additionally, 96% of customers report receiving spam calls, with 46% reporting such calls once a week.

Criminals can now steal large amounts of money from victims and damage an institution’s reputation far more easily. It’s critical that businesses and consumers are aware of the different kinds of bank fraud that bad actors use in order to ensure that appropriate security measures are put in place. Let’s examine some of the more popular forms of fraud that thieves utilise to deceive customers and businesses:

Phishing Schemes

Identity thieves can get login credentials by sending phoney texts, phone calls, or emails. Usually, the account holder is tricked into giving their account information to somebody posing as a bank employee. This is often referred to as phishing. The Singapore Cyber Emergency Response Team (SingCERT) received reports of about 4,100 phishing attempts in 2023. 63% of these were imitating financial services and banking establishments.

Credential stuffing

Criminals who buy stolen credentials on the dark web—a section of the internet where users can conceal their location and identity from law authorities—use this scam. Since the data is typically insufficient, the attacker utilises programs to “stuff” passwords and usernames into several websites in large quantities, hoping for a match. Attackers work with large volumes of data to achieve their aim despite low success rates.

Session hijacking

Using stolen session cookies—small data used for only one online session but used to identify your computer—the criminal will take over a customer’s ongoing online session. Most often, malware-infected devices, third-party browser extensions, and even public Wi-Fi networks are used to obtain stolen data.

Password spraying

Instead of concentrating on obtaining the correct login credentials, hackers may employ bots, or automatically generated programs, to compare different usernames with widely used passwords. Because this activity is carried out on a wide scale, hackers will eventually be able to determine the right combinations and get access to accounts.

There are a lot of passwords on the dark web due to the thousands of breaches that have occurred over the last few years. Your password is no longer enough to prevent hackers from accessing your accounts, regardless of how complex it is. Because of this, think about utilising passwordless authentication methods like biometrics rather than staying with traditional passwords.

Fraud on New Accounts

Bank accounts that exist are not the only ones subject to cyberattacks. The potential repercussions of new account fraud are a concern. The perpetrator of this fraud has two options: either they exploit someone else’s identity to open a new account, or they combine real and fake identities to establish a false account (often called a synthetic identity). Most likely, the criminal will create the appearance of legitimacy by using forged identification documents, email accounts, or checks.

Establishing Barriers

It is key for banks to adopt the following strategies to ensure that they remain secure and highly protected against fraud.

For instance, in Singapore, the Monetary Authority of Singapore (MAS) recently announced today the establishment of a Cyber and Technology Resilience Experts (CTREX) Panel, a mandate designed to address emerging risks and threats related to technology in the financial sector, ensuring that Singapore remains resilient to cyberattacks and technological disruptions.

Educating Users

Teaching employees and clients about common fraudulent tactics is one of the most effective security measures available. Adding caution to emails and transactions is one example. These alerts can act as a helpful reminder to assist them in differentiating between legitimate offers and those that might be fraudulent schemes.

Verification Using Multiple Factor Authentication (MFA)

Users of MFA are required to submit several proofs of identity. This could involve using something they already own, like a banking app on a mobile phone, a key fob or a gadget that generates a special code, along with something they are familiar with, like a password or pin. Other techniques, including voice recognition, facial scans, and fingerprints, can also be used with MFA.

Access control based on policies

This approach improves security by permitting access only in accordance with predetermined protocols. Authorisation is subject to the features that the bank chooses. Position in the company, degree of access, and duration are a few examples. In order to obtain access, customers might need to consider other criteria, like their access location.

Online Safety is a Continuous Process

Making sure customers are safe online is a continuous process that cannot be “set it and forget it.” In response to their customers’ sophisticated digital needs, more businesses are using Customer Identity Access Management (CIAM) systems. These cutting-edge systems control user access to apps and services while assisting companies to create securely and manage customer identities. From the perspective of the customer, a well-run CIAM system facilitates seamless interactions with various products and services without requiring constant and often different identity verification methods, creating unnecessary friction for the customer.

Preventing bank fraud requires that banks and customers develop a trusting relationship. By following these guidelines and continuing to be vigilant for new attack techniques, banks and financial institutions can reduce the chances of experiencing disruption and damage from cybercriminals.