Kaspersky Fraud Prevention: protecting financial operations

February 25, 2014

At the Mobile World Congress held in Barcelona Kaspersky Lab presented a new platform designed to protect financial transactions on the Web – Kaspersky Fraud Prevention. The solution is primarily aimed at financial institutions: such organizations can no longer do without multifunctional transaction protection tools.

According to the joint survey by B2B International and Kaspersky Lab, 98% of users now resort to the services of online banking. 38% use mobile devices for that. The popularity of electronic payments presumably attracts criminals. Over the 12 months covered by the survey about 62% of users encountered obscure attempts at gaining unauthorized access to their accounts in one way or another. It is two thirds, actually.

The most lamentable of all is the fact that today’s methods of protecting payment transactions, such as temporary passwords, SMS confirmation, access session tokens, one-time password generators – generally all methods applied by banks and payment systems to protect their customers rapidly become obsolete. And it is not because these methods are just inferior by themselves: the reason is that cybercriminals just do not loiter. Experts at Gartner noted that “innovation in methods of preventing fraud is absolutely necessary because thieves with increasing success bypass the old methods of protection, such as authorization by device identification”.

In this regard, the story of the American network of grocery stores Schnucks Market is quite illustrative. By deploying an appropriate malware attackers had successfully intercepted transaction data and credit card information directly from the network’s payment terminals before the data entered the processing center where the information would be encrypted. The number of potential victims is millions.

Kaspersky Fraud Prevention platform includes client software protecting transactions on various devices, server solutions that detect fraudulent transactions at the stage of electronic payment processing and several additional services. Individual components of the platform can operate independently or, on the contrary, complement one other providing multi-layered protection at any stage of online payment. The example of Schnucks confirms again that this is a must.

Today’s methods of protecting payment transactions rapidly become obsolete. And it is not because these methods are just inferior by themselves: the reason is that cybercriminals just do not loiter.

The client application of Kaspersky Fraud Prevention works on computers running Microsoft Windows and Apple Mac OS X as well as on mobile devices running Android and iOS. Applications under the name Kaspersky Fraud Prevention for Endpoints are designed to protect users’ devices from financial cyberthreats developed for certain operating systems. Android deserves particular attention in this case because this system is one of the least protected and most attractive to date for cybercriminals. In 2012 about 94% of mobile malicious programs were written just for Android.

Another point is worth to be highlighted. In addition to the platform itself companies may have to use Kaspersky Fraud Prevention SDK, a set of tools for developers of mobile applications based on Kaspersky Lab’s technology. In other words, any company, for example, engaged in processing electronic payments can develop its own application to protect transactions conducted through mobile devices. The server component Kaspersky Clientless Engine operating within the corporate IT infrastructure is able to detect and block fraudulent transaction attempts even in cases when there are no protective tools on a user’s device (unfortunately, this is still a very common occurrence).

The Clientless Engine assesses the legitimacy of an operation by real-time checking information about payments and devices, the sources of payments, detecting suspicious anomalies and attempts of cyberattacks. If there are any then payment system operators can quickly stop the transaction.

You may learn more about the platform, its components and features here: http://www.kaspersky.com/fraudprevention.