September 25, 2018
September 20, 2018
Posted March 15, 2017
It’s been said that money makes the world go ‘round. But it’s how that money moves across international borders that make foreign exchange and payment systems victims of payment fraud.
As we’ve seen just this past year, the impact can be catastrophic.
In March, hackers used malware to compromise the computers of the central bank of Bangladesh, stole credentials used to authorize payment transfers from the New York Federal Reserve, and attempted to steal $1 billion by transferring it banks around the world.
Thankfully, most of the transactions were halted. But the perpetrators still successfully made off with $81 million—sent mostly to fraudulent bank accounts in Asia.
By midyear, security experts had identified six institutions that had suffered similar attacks, potentially from the same perpetrators—including a Ukrainian bank that reported $10 million in losses.
“One thing is very clear: The criminals have started going after major foreign exchange systems where billions of dollars move between banks around the world every day,” says Gartner fraud expert Avivah Litan. “These types of high-stakes attacks are only likely to increase in frequency going forward.”
Catch Me If You Can
Like so many other sectors of the digital economy, exchange and payment systems operate under a simple rule. Customers want the ability to easily move money on a moment’s notice, anywhere in the world.
So it’s no wonder the vast majority of fraud now involves thieves using stolen credentials or fraudulent accounts to move funds across borders. A victim’s funds can be pilfered from their financial institution in say, London, and sent to the thieves’ banks in say, the Philippines, within minutes.
According to experts, this doesn’t just complicate the process of recalling funds once the theft has been recognized. It can make apprehending the fraudsters a fool’s errand.
To fight back, exchange and payment providers are focusing on getting more effective at stopping the transactions before they ever go through. It won’t be easy. But they are scoring some victories through a welcome resource: cooperation.
Bust a Move
It’s important to remember that most of the $1 billion fraudsters attempted to transfer from the Bank of Bangladesh was blocked—mostly thanks to fraud triggers at receiving institutions. Still, $81 million in losses is devastating.
To be more effective, financial institutions will need to focus on the central factor in prevention: identifying fraudsters from the get-go.
That will require a whole new level of cooperation, via shared global intelligence on known threats and cyber criminals from institutions throughout the international financial ecosystem.
Also, a new generation of fraud prevention systems will need to be use this intelligence and compare it to data on each user—assessing credentials, devices, true location and behavior and more. All without slowing down legitimate transactions.
“The more steps you make a customer go through, the less likely they are to use your service,” says Jason Rohoff from Sydney-based OFX, one of the world’s largest providers of international exchange and payment services. “It’s about being as flexible as possible…and doing risk assessment behind the scenes in real time.”
To that end, OFX is actively deploying advanced digital identity solutions to correlate users with any known threats worldwide. “Looking at somebody’s digital persona strips out the headline elements—name, address, date of birth—and looks at the underlying person making a transaction.”
According to Rohoff, shared intelligence is essential ingredient. “As stakeholders in the financial services industry, we feel we all have a responsibility to make sure our services are used for their appropriate purposes,” he says. “It’s about going above and beyond to protect the broader community.”
As a case in point, OFX recently used its digital identity systems to uncover and help shut down an elaborate international tax scheme involving a global cybercrime ring. Check out a full case study here. And watch a webcast featuring Rohoff here.
Once Bitten, Twice Shy
Due to the ever-changing nature of cybercrime, this approach to addressing foreign exchange fraud will need to be adaptive and evolve to keep ahead of the crooks.
For institutions already hit by exchange and payment fraud, one thing is certain. While they’re happy to help move the money that keeps the world turning, they don’t want to fall victim to that movement ever again.