Remote banking fraud occurs in three categories: internet banking, telephone banking and mobile banking. Of these three, internet banking fraud is by far the most costly, representing £123 million of the total £152.9 million lost to remote banking fraud in 2018.
Internet banking often leans on OTPs (one-time passwords) as a means of securing online payments. These passwords are sent to customers over SMS when they make online purchases over a certain limit if they are in a foreign location, or for a service that they've never used before.
OTPs deliver a great deal of benefits. They're simple, fast, cost-effective, and convenient for customers. Anyone with a phone, no matter the device or the operating system can receive an OTP over SMS.
However, OTPs have vulnerabilities. If a fraudster has already performed a SIM swap — moving the victim's phone number from their SIM card to a SIM card in the fraudster's possession — they can receive any number of OTPs to gain account access and complete fraudulent purchases. In many internet banking cases, an OTP is the first, and only, security step performed to verify a ‘customer’s’ identity.
Fundamentally, the vulnerability of OTPs, coupled with their popularity in online banking, risks leaving the financial industry — and its customers — open to fraud. Remote banking fraud is the source of 30% of all financial fraud losses in 2018; banks need to do more to protect their customers from internet banking dangers.
How banks can prevent remote banking fraud online
1. Work with the telecommunications industry
One of the key ways that banks can prevent remote banking fraud is to involve the telecommunications industry in the security process. Mobile Network Operators are in a position to stop this issue at its source, so long as banks take advantage of their services.
Mobile operators can access information relating to the SIM or the device which can be used to prevent SIM swap fraud before it happens, detect it while it's happening, and catch fraudsters after it's happened. All of these are goals most banks would struggle to achieve on their own.
2. Invest in advanced security systems, such as biometrics and customer behaviour analytics
In conjunction with mobile operator services, banks may consider investing in the latest in remote banking security. This could enhance the security that mobile operators are offering while making banks less reliant on the support of these operators.
Modern security systems including biometrics are able to identify people based on physical characteristics (fingerprint, face, and voice recognition).— and customer behaviour analytics, which are tools to detect when a customer interaction is out of line with past customer interactions (checking a customer's location and the nature of their request, for example).
Though these advanced security systems require more investment upfront, they significantly improve customer retention, reduce customer chargebacks, and bolster brand image — all of which make up the cost of the investment over the long term.
Financial institutions can work with security consultants, like JT, to determine which security implementations are the most effective.
3. Educate consumers on remote banking fraud
Lastly, banks should take steps to educate their customers on remote banking fraud. Many cases of mobile fraud are successful because of inexperience, or lack of knowledge, on the part of consumers. This can lead to issues like phishing, where a consumer gives sensitive information away on a phone call or in response to an email.
Financial providers should make sure that every customer is aware, and frequently reminded of standard communications — their bank account details will never be requested over email or telephone, for example.
Indeed, this is just one necessary measure to improve telephone security and minimise the risk of fraud. Another is how banks verify a caller’s identity before providing account access.
To learn more about SIM swap fraud and how banks can protect their clients from it, check out our eBook on the topic.