Malware infections soar, but banks hold the line

The number of malware infections has increased by 10 times in the past year, but banks are managing to limit attacks on their online customers through...

The number of malware infections has increased by 10 times in the past year, but banks are managing to limit attacks on their online customers through multiple lines of defence, say researchers.


Cybercriminals have rapidly increased their capability to exploit browser vulnerabilities to pass on infections to website visitors without requiring any interaction.

But online banking fraud is not increasing at the same rate, growing by 55% in the UK, compared with the 1,000% increase in the malware infection rate.

Multiple lines of adaptive and dynamic defence are the key to the financial sector's strategy, says Uri Rivner, head of new technologies, consumer identity protection at RSA, the security division of EMC.

"The financial services sector understands that multiple lines of defence is much more effective than any single technology or approach to fighting cybercrime," he says.

Any single technology will be obsolete in a very short time, says Rivner, so banks and other financial institutions are combing technologies in dynamic systems of defence that can evolve with the threat.

Typically, financial institutions will do a risk analysis of each transaction based on a number of factors such as the IP address and geo-location of the PC involved, transaction amount and past behavioural patterns.

Higher risk transactions, for example, will trigger more sophisticated authentication mechanisms such as a one-time password sent by text to a customer's mobile phone, says Rivner.

In addition to the visible authentication methods that involve interaction with the customer, banks also use invisible authentication methods which are far more difficult for criminals to circumvent.

"If criminals cannot see what the bank is doing to authenticate a customer, it is extremely difficult to find ways of faking identity," says Rivner.

These invisible authentication methods include things like building up a profile of the PCs that a customer commonly uses and using that as a factor to determine risk in future transactions.

"The fact that a customer is using an unknown computer to access accounts is not that unusual, but in combination with other factors, it may trigger additional authentication processes," says Rivner.

Some banks are using knowledge-based authentication for higher risk transactions, in which the bank will call the customer and ask for several pieces of personal information.

"These answers to these questions cannot be easily researched by would-be fraudsters," says Rivner.

Together with malware and phishing technologies, these kinds of risk assessment and authentication mechanisms provide the financial sector with the multiple lines of defence needed to be effective, he says.

"Banks and other financial institutions have proved that this approach works, now enterprises should learn from that and apply the same principles to improve their defences," says Rivner.

Read more on Hackers and cybercrime prevention