Memento provides next-generation technology and solutions that enable financial institutions to rethink and improve the way they combat fraud and manage compliance. Memento customers realize unmatched business value and rapid ROI.

Home > Forums > Bank Fraud Forum > Insights and Opinions > When All Accounts Are Compromised

RECENT NEWS

View All

bank fraud forum
< Back to listing

When All Accounts Are Compromised

November 10, 2010 by Jamie Watt
0 comment(s) Anyone see this story on BankInfoSecurity about the Zeus Trojan that hit mobile banking users at 12 Spanish banks? In addition to providing another catchy term (Zeus Mitmo – for Man in the Mobile), this event is perhaps the harbinger of a wave of new attacks aimed to compromise remote channels, and yet another example of how nimble fraudsters will always find the open window.

The event makes me think back to a comment made by a senior executive at a Fraud Peer Bank Forum that Memento helped to organize last year. In his opening remarks this individual made the somewhat heretical assertion that, when developing fraud prevention strategies, we should start with the assumption that all accounts are compromised. Assume that fraudsters are able to access customer information and log into accounts at will – then develop your strategy.

In retrospect the remark was prescient as the threat of personal and commercial account takeover continues to rise and fraudsters and online security technologies continue to play their own version of whackamole. One expert told me recently that evidence suggest fraudsters actually have a backlog of stolen login credentials ready to be used to compromise accounts and steal funds. The only hold up is recruiting the mule accounts to receive the money.

These circumstances will keep us all very busy for years to come. They also point towards the need for aggressive defenses on both the front-end and back-end of payments channels. Predictive analytics that monitor transactions and other account activity can catch fraud that defeats the first line of defense. Robust authentication, encryption and session monitoring is vital – but all become stronger when backed by advanced and accurate monitoring of suspicious visitors that do make it through the front door.

A layered approach to fraud detection is part of the response to the assumption that all accounts are compromised. Secure the front end, but reinforce every online defense investment with back end monitoring. Fraudsters can tap their reserves of compromised accounts, but we’ll be ready.
Posted in: Account Takeover Identity Theft Collusive Networks

Make a Comment

* = Required
*
*
*
*
 
Solutions Overview
Technology
Approach
Forums
About Memento
WE CAN ALSO BE FOUND:
  • facebook
  • linkedin
  • twitter

©2012 Memento, Inc. All rights reserved.
55 Network Drive Burlington, MA 01803
1-877-371-0673 |

Privacy/ Usage Agreement | Contact Us | Sitemap