Banking is one of the most intense and demanding business areas, primarily because financial institutions process other people’s money, which is a huge burden of responsibility in and of itself. Reducing “unwanted” online and offline risks in this case is a priority. Contemporary financial institutions see online and electronic payments both as a blessing and a curse. On the one hand, it is a vital communication tool, but on the other hand it is a permanent source of cyber threats, so extra risks should be avoided by all means.
Despite the fact that all banks, most payment services, and a significant portion of other organizations processing other people’s money use these methods to protect electronic transactions, the cyber threat situation is dismal. The most used methods such as two-step verification, for example, used to be considered extremely secure until recently, but now they guarantee total security for neither organizations nor their clients.
Cybercriminals are eager to steal other people’s money. They’re continually getting smarter and findning new ways to exploit other people’s credulity. They create copies (sometimes very accurate) of banking sites, send users mock emails from financial institutions, intercept billing information via public WiFi networks, plant banking Trojans on both personal computers and mobile devices of users, and so on. The hit list of intruders is extensive.
Criminals are becoming more interested in electronic payments, as more people use them. According to a survey by Kaspersky Lab and B2B International, about 98 percent of Internet users now make payment transactions on the Web, i.e. we are talking about millions and billions.
Last year, for example, a group of cybercriminals using malware extracted more than 3 billion hryvnia (about 8 billion rubles, or $250 million) from financial institutions in Ukraine. This was just the direct loss, but there was also collateral damage: compensations to customers, litigation expenses, rehabilitation of infrastructure and the loss of confidence on the part of customers. And for organizations that manage other people’s finances, the clients’ trust is crucial.
Protecting against fraudulent online transactions on the side of financial institutions is saving both other people’s money and one’s own reputation. Moreover, organizations are thereby able to ensure the loyalty of existing customers and are able to attract new ones.
Unfortunately, not all customers of financial institutions take care of the security of their own online payments. About 28% of users of payment services do not bother to check if the site of a bank is real or fake, 34% of the users connect to public wireless networks on devices that do not have security solutions installed at all. The most typical situation is when a person needs to make an urgent online transaction – not having time to think about what type of connection is being used and how to make it more secure.
Particularly, it means that users themselves often create extra risks. At the same time, 20% of financial institutions’ customers state that banks and financial organizations do not take sufficient measures to protect their money.
You can solve these problems with the help of a centralized security solution that will “escort” online payments at all stages, preventing fraudulent actions. The new platform Kaspersky Fraud Prevention by Kaspersky Lab is this kind of a solution.
Kaspersky Fraud Prevention includes mechanisms to protect online transactions on various devices, server solutions for detecting fraudulent transactions while payment processing tools develop your own security solutions, and other additional services. All components of the platform – and there are quite a few – can work both independently and in tandem, complementing one other and providing multilayer protection at all stages of online payment.
One of the most peculiar technologies implemented in KFP is Clientless Engine, the server-side software that detects malware and automatically identifies abnormal behavior patterns in individual customers’ transactions, even if the endpoint client is lacking – i.e. if your customer chose not to install Kaspersky Fraud Prevention for Endpoints. This also works if a customer has accidentally revealed their password and account details in a phishing or social engineering attack. Kaspersky Fraud Prevention Clientless Engine is still able to block fraudulent transactions, protecting both your business and customer’s money.
Client applications of Kaspersky Fraud Prevention (namely Kaspersky Fraud Prevention for Endpoints) work on computers running Microsoft Windows and Mac OS X, as well as on mobile devices running Android and iOS.
Your organization may choose to develop its own mobile payment application or to improve the security of an existing one. Kaspersky Fraud Prevention SDK offers a set of tools to do just that: these tools include all the necessary components for reliable protection of payments processed via your mobile devices.
The Kaspersky Fraud Prevention Console provides you with key statistics and at-a-glance feedback about online fraud events and how Kaspersky Fraud Prevention technologies are performing right now. Besides this, it offers statistics and information about users that aren’t running Kaspersky Fraud Prevention for Endpoints on their devices – the Clientless Engine helps a lot here.
Naturally, introducing such a protective system implies a sound investment. On the other hand, a correctly picked solution from a vendor with a reputation provides fast return on investment because it helps prevent incidents that may cost you too much both financially and in reputation. And as we already mentioned above, the reputation and trust of customers is crucial for banks.