Dealing with financial threats to online transactions
Mon 26 Oct 2015
One third of banks and payment services have failed to provide a secure channel for all online payments.
That’s the latest finding from a survey conducted by Kaspersky Lab and B2B International. Despite the increase in online tools to make payments, the survey’s results find that many banks and payment companies are finding it hard to shield both themselves and their customers from the ever-present risk of fraud.
Going into greater detail, 65% of the organisations said that customers are using a greater variety of devices to pay online but only 53% have introduced two-factor authentication and only half have introduced specialised, real-time solutions to combat fraud. Further findings discovered that 42% extended this sort of solution to customer devices while only 67% implemented secure connections for all online payments.
Ross Hogan, head of SafeMoney Business Development, Kaspersky Fraud Prevention, Kaspersky Lab, said that the individual “deal with it as it happens” approach to fraud protection was not a workable one. Especially considering that last year, 22.9 million financial malware attacks had been targeted at 2.7 million customers all over the world.
Last year, Kaspersky Lab and Interpol also found that about 500,000 users had encountered Android malware which was designed to steal money at least once. The amount of banking malware had risen 8.89 percentage points to 75.63% of all financial malware attacks in 2014. The same report also found that in 2014, financial phishing attacks (for targets such as banks, payment systems and e-shops) accounted for 28.73 of all phishing attacks.
The latest study looked at ways of tackling this problem. General internet security solutions were not regarded as effective means of dealing with online financial attacks (less than 10% favoured this solution). However, Kaspersky’s own comprehensive Fraud Prevention is designed to tackle threats like these head-on.
The main platform comprises two subsystems. One is a clientless engine which resides in the bank infrastructure. This allows for extra protection by analysing the banking operations that take place on customer devices. The other subsystem is for endpoints such as computers and mobile devices. It checks whether websites are genuine and to ensure that personal data is protected from outside threats, opens pages in protected mode. No malware can be downloaded onto the owner’s device thanks to this solution.