Why haven’t we learned from old mistakes and classic fraud techniques | #cybersecurity | #cyberattack


By: Saeed Ahmad, Managing Director, Middle East and North Africa, Callsign

New fraud and significant cyberattacks are a common occurrence in today’s world and have been for some time. The target is the only thing that consistently seems to vary. In the UAE, police in Abu Dhabi have returned Dh21 million to victims of financial fraud, including phone scams and other cybercrimes during the past year.

Headlines that once fumed at traditional financial services such as insurance firms for being breached now voice the alarm at the vast sums of money routinely being stolen from newer services that consumers use, such as crypto exchanges and Buy-Now-Pay-Later services.

The painful and infuriating reality is that fraudsters are still employing the same tried-and-true strategies, even though their targets have changed. Even while techniques like account takeover and Authorised Push Payment (APP) fraud have been around for years, they continue to plague these frequently digitally native marketplaces.

Because fraudsters rely on volume, their attacks frequently target the most well-liked consumer services, which is why they have turned their attention to platforms like exchanges and so far, they haven’t shown any indications of slowing down.

Therefore, the question is: Why are these newer financial services repeating the same mistakes conventional financial services were making over a decade ago, and what is the source of this failure?

Symptoms of a bigger problem

With the aid of technology, it seems as though new financial opportunities are being unlocked daily; users may now access financial markets and exchanges in a variety of novel and interesting ways. With each new advancement, however, new attack vectors emerge, such as Buy-Now-Pay-Later services, crypto exchange attacks, and NFT schemes.

Additionally, as automated tools are easily accessible to cybercriminals on the dark web, scammers can concentrate on launching simultaneous large-scale attacks to cause as much havoc as they can.

Fraudsters then tend to look for the weakest link in the system and target it, usually with a combination of username, password, and device access – commonly used authentication methods that aren’t secure and easy to infiltrate.

The bad news is that the widespread use of bots, malware, and other traditional types of cybercrime that are prevalent on modern financial services platforms are likely to persist. The truth is these forms of fraud have remained effective due to a fundamental, unrepaired defect in our system of digital identity system – one that has yet to be remedied

The death of digital trust?

There is currently no universally accepted approach for identifying real users online. One-time passcodes for example, are still widely used, even though not secure, and have contributed significantly to the growth of cybercrime.

As most businesses lack the capability to unequivocally verify if a person is who they claim to be online, we are losing our sense of digital trust. Users’ confidence in people, technology, and processes to build a secure digital world is referred to as “digital trust.” This base of online trust serves as the cornerstone for the entire e-commerce industry.

Digital trust must be earned, much like trust in traditional contexts. Governments and businesses earn the trust of users by demonstrating they can provide safety, privacy, security, reliability, and data ethics when delivering online services. Moreover, digital trust is built over time, each time a user interacts with an online service, it reinforces their digital trust in that businesses or organization.

Therefore, as cyber fraud continues increasing, it is rapidly undermining user confidence in the system. If enough people lose trust in the digital world, significant facets of our global civilisation will begin to crumble. Modern financial services platforms must act swiftly to regain the digital trust of their users, and behavioural biometrics can play a role in this.

Digital solutions for digital times

Behavioural biometrics, in contrast to many of the digitalised analog techniques currently employed by financial platforms, is a truly digital solution. This means that unlike a one-time passcode, which relies on the unreliable layer of SMS messages, behavioural biometrics authenticates users based only on their behaviour.

Behavioural biometrics are meticulously tailored to the individual from the start, learning and evolving with the client as their relationship with the company progresses. The distinctive patterns that each individual displays are stored as a sort of digital DNA. As a result, the technology may be utilised to add additional protection layers without the need for time-consuming actions that degrade the user experience.

Behavioural biometrics is device independent and depends only on user behaviour patterns to authenticate users, making it less complex and more affordable than many other authentication solutions. Consequently, it’s safer, particularly when companies stack behavioural biometrics on top of passwords, location information, device information, and threat detection. As a result, whenever people access goods and services online, their experience is always seamless and streamlined.

The public’s digital confidence will continue to decline in the absence of these kinds of proactive improvements, and we will all suffer the consequences. Therefore, it is the duty of every organization that engages with users online to do their part to rebuild trust in digital identity, if not for the sake of the greater ecosystem, then at the very least for their own financial health.





Original Source link

Leave a Reply

Your email address will not be published.

sixty three − fifty seven =