|Fraud detection solution helps banks stop latest malware threats|
New strains of malware, including the URLzone Trojan, have defeated basic bank fraud detection. Entrust's TransactionGuard blends automatic, adaptive fraud detection with a powerful rules engine
October 28, 2009In the last three months, even the most elite financial institutions have fallen victim to new types of malware, specifically advanced trojans and man-in-the-browser attacks. Entrust, Inc., an expert in strong authentication and fraud detection solutions, says that a proper security strategy must empower financial institutions to detect, defend and adapt to these ongoing fraud threats in real-time, saving the organization and their customers from damaging online fraud losses.
“Outdated username-and-password policies are obviously not enough to properly protect financial institutions, but now we’re seeing that even basic fraud detection solutions can be defeated by today’s evolving malware,” said Entrust President and CEO Bill Conner. “Simplistic fraud detection and authentication solutions, which lack advanced tools and technology, aren’t up to the task of stopping the types of fraud that target today’s banks.”
Entrust’s newest zero-touch fraud-monitoring capabilities can help organizations detect, defend and adapt to this evolution in online attacks. Entrust TransactionGuard includes advanced abilities to detect fraud, including monitoring the speed of end-user navigation, as well as highlighting transaction attributes that are indicative of malware and Botnet-based fraud attacks.
One of the latest online fraud techniques is the use of the URLzone Trojan, which cleverly covers its tracks so victims don’t know the virus compromised their online account. Uncovered by California-based Finjan Software, URLzone has a number of configurable settings that enable fraudsters to customize the virus to circumvent basic fraud detection capabilities.
On Sept. 30, SC Magazine reported that the URLzone Trojan enabled fraudsters to illegally obtain more than $430,000 from German bank accounts during a lucrative 22-day online crime spree.2 During the same month, the New York Times reported that a Maine-based construction company sued its bank after more than $588,000 was illegally transferred from the company’s online account3 — a precedent that could force unprotected financial institutions to be more responsible in properly securing online channels and applications.
Entrust advises that an effective fraud detection platform must actively keep pace with fraudster innovation and include a variety of capabilities that provide fraud analysts with options to fights today’s advanced threats. Unlike other solutions on the market, Entrust TransactionGuard provides a blend of automatic, adaptive fraud detection and a powerful rules engine — both of which help enable the fraud team to rapidly tweak fraud models and promptly deploy new defenses. The solution performs these tasks without the need to ever change the end application — a zero-touch approach that provides the ability to quickly react to new types of fraud without the high costs associated with traditional fraud detection engines.
“There are simplistic fraud detection solutions on the market today that are often very slow in reacting to these advanced forms of fraud attacks; they must process significant amounts of data to develop new fraud learning models,” said Conner. “These unacceptable delays leave banks and financial institutions susceptible to sophisticated malware code.”
While detecting online fraud is critical, of equal importance is swift action to thwart the attack. The Entrust IdentityGuard versatile authentication platform is seamlessly integrated with Entrust TransactionGuard to provide step-up authentication challenges whenever a high-risk or suspicious transaction session is identified.
Once identified, a comprehensive fraud detection and strong authentication strategy works together to increase authentication of the end-user, thus working to eliminate the potential for online fraud loss. Entrust says a single solution, acting in isolation, isn’t enough to defeat online fraud today.
“While proven fraud detection solutions are absolutely necessary for today’s financial institution, their real importance is realized when they are coupled with a strong authentication platform — forming a truly integrated solution for security-conscious banks,” said Conner.
Additional Entrust TransactionGuard techniques that can help identify and thwart online fraud attacks include user-profiling, behavior/pattern identification, ground-speed rules, Web browser malware plug-in detection and in-depth forensics reporting.
Entrust TransactionGuard is a zero-touch fraud detection solution that captures all the data in a session and does not require integration with back-end applications. It transparently monitors user behavior to identify anomalies, and then calculates the risk associated with a particular transaction — all seamlessly and in real time. Unlike competitive offerings, Entrust TransactionGuard can analyze all points of interaction with the user on the Web site, allowing organizations to gain a complete picture of potentially fraudulent behavior without ever changing sophisticated banking applications.
Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All Entrust product names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.
| TechTopics Plus