The Dark Side of Digital Transformation

Apr 17, 2019 | by Heidi Bleau

All around the world, financial services organizations are shaking up business as usual by taking advantage of digital technology to make consumer banking and payments faster and more convenient. The problem is they're not the only ones taking advantage of digital innovation.

There is, of course, a dark side of digital transformation, and one of those risks comes in the way of fraud. Here are three examples of how cybercriminals recently exploited digital innovation, along with solid advice on how to avoid the unwanted consequences of digital transformation.

Europe: Instant Transfers Open a New Window of Opportunity for Fraud
A group of leading lenders in Spain launched a new instant bank transfer service to provide more convenient digital payment options for their customers. Who wouldn't rather use their phone number or email address to transfer money between accounts? And who doesn't like the option of moving money anytime, anywhere? It didn't take long for cybercriminals to catch wind of this latest innovation. They moved quickly to phish for account numbers and other enabling information resulting in a 178 percent increase in phishing attacks targeting financial institutions in Spain.

North America: Payment Systems Merger Leads to a Spike in Phishing
When an inter-bank debit card network in Canada merged with the company that operated the network's online and transfer services, cybercriminals were quick to take notice. Following the merger, there was a flurry of phishing attacks in which someone pretending to represent the card network attempted to get victims to reveal login credentials by claiming they were confirming a transaction. Within months of the merger, nearly half of global phishing attack volume was targeted at Canadian financial institutions and their customers.

APJ: Easier Payments Make Card-Not-Present Fraud Easier
A new third-party payments app launched in Japan, and the company offered a generous cash-back promotion during the holiday shopping season to drive consumer adoption. When word got out in the cybercriminal community, carding markets became flooded with Japanese payment cards for sale which were then used to sign victims up for the service. In this case, cybercriminals essentially looted twice; first, they used the stolen cards to make fraudulent purchases through the app and reaped a second windfall in the form of cash-back rewards.

Digital Services for Customers – Not Criminals
Cybercriminals are always on the alert for any change in the financial services infrastructure, whether it is the launch of a new product or service, or even changes in the way payments are authenticated online. Financial services providers can fight back by narrowing the window of opportunity for cybercriminals to take advantage. Here are some tips to consider:

Digital risk monitoring. Cybercriminals openly share best practices on new or impending changes, process vulnerabilities, and the best methods of cashing out in dark web forums, and even on social media. Real-time monitoring of this chatter is a good place to start looking for potential risks.

Cyber attack response. Evaluate how prepared you are to identify and respond to cyber attacks. If your organization was suddenly hit by a surge in phishing attacks following the launch of a new service, how quickly could you respond? Do you have enough resources, or even the right resources? The ability to quickly take down and remediate digital risk events is critical.

Rethink payment authentication. Having the right technology and controls in place is essential to any fraud prevention strategy, and this includes the use of risk-based, adaptive authentication to watch for signs of fraud based on device, user behavior, location, and other indicators.

Adopt EMV 3-D Secure. EMV 3-D Secure enables risk-based authentication (RBA) decisions to authenticate card-not-present transactions, drastically reducing the ability of cybercriminals to use compromised credit cards in the commission of e-commerce fraud. Smart RBA means good customers are hardly disrupted. The result is more robust fraud prevention for issuers (up to 97% detection rates) and, at the same time, convenient, frictionless payments for consumers.

Conclusion
The challenge of increasing customer convenience without also increasing security risks isn't new, but digital transformation has raised the stakes considerably. Financial services providers and other consumer-centric companies are introducing innovative new products and services so quickly, they may be caught unprepared when cybercriminals seize the opportunity for fraud. As digital transformation continues, financial institutions must be increasingly vigilant, and increasingly well-equipped technologically, to protect themselves from sophisticated attacks. In this way, digital transformation becomes both a critical contributing factor in the problem of growing cyber risks today—and a critical resource for solving it.

# # #

Learn more about the latest digital tools and technologies cybercriminals are using, and the ones companies are using to fight back, in RSA's 2019 Current State of Cybercrime report.

Author: Heidi Bleau

Category: RSA Fundamentals, Blog Post

Keywords: Phishing, Card Not Present Fraud, Banking Fraud, Financial Fraud, Cybercriminal, Cybersecurity, Cyber Crime, CNP, Risk, Digital Risk Management, 3-D Secure 2.0, Authentication, RSA Adaptive Authentication