Bot Fraud: Financial Services Count the Cost

By Paul H. Müller On Feb 14, 2020

The tech world moves fast. As new platforms are developed and users migrate, one troubling constant has emerged: fraudsters keep following the money. No surprise then, that financial services apps are firmly in those criminal crosshairs. The sector is booming, with 115.6 million people banking on mobile at least once a month across the US. As usage rates grow, so too do the risks for the sector, and apps coming under increasing threat from automated bots.

A report from ThreatMetrix reveals that companies fell victim to 3 billion automated bot attacks in the latter half of 2018 — 189 million of these originated from mobile devices, a 12% increase from the first six months of 2018. And the economic losses due to bot fraud were expected total $5.8 billion globally in 2019.

Bots can be used to hack into users’ accounts directly, making purchases and draining funds into other accounts, or to uncover user credentials to be sold for other cybercriminals to utilize. Automated attacks leave customers’ most sensitive financial information at risk, which can be devastating for the bank, the user, and the economy.

This in-app bank fraud can lead to severe losses for banks and financial service providers. They’re left counting the cost both financially and through damage to their reputations: once consumer trust in financial service is lost, it’s difficult to regain. Customers simply take their business to one of the myriad competitors offering a more secure platform. To make sure your app isn’t targeted, here’s a checklist of steps to stay ahead of the hackers:

Keep a Close Eye on the Numbers

Automation allows these attacks to happen quickly, and on a huge scale. One attack is reported to have tried to access 8.5 million accounts over a 48 hour period. Malicious bot logins are difficult to detect, and when they use user details that have been scraped they can be almost indistinguishable from a genuine login.

It’s important to pay attention to user patterns and to spot unusually high volumes of login attempts as they’re happening. Other analytics such as user numbers can help—an exceptionally high rate of logins exceeding registered users or unusual login times can both indicate bot attacks.

The quicker the detection, the quicker the user can be informed and safety procedures put in place.

Focus on the Unfakeable

Bots are smart, no question. They’re difficult to detect, an innovative adversary with the ability to mimic users’ credentials to gain access to important and confidential financial information, causing untold damage.

But there are data sets that they can’t mimic, and in that data is where an innovative solution to bot fraud lies. Anonymized sensor data such as touch strength, tap speed, and scroll action are unique to human users, with the bot unable to replicate that individual physicality. If those data points are taken, a Machine Learning model can then be created around these unique user patterns to discern which users are genuine, and which are bots.

Developing bespoke models, precisely tailored to an app’s unique user base, is the key to keeping customers’ financial details safe, retaining trust and reputation.

Make Fraud Prevention Central to Your Strategy

The threat of bot fraud is ever-present and, sadly, will continue to be so. As protection becomes more sophisticated, so too do the attacks. The key to staying ahead in this cat-and-mouse game is to stay prepared at an organizational level: employ people to this exact purpose. Make use of a dedicated team to stay on top of the latest innovations in both bot fraud and preventative measures. This way, your app updates can be ahead of the game, and the latest app prevention software can be brought in at an early stage. Letting consumers know you’ve taken the threat of bot fraud seriously and have taken this positive action can only serve to improve levels of trust in your app.

Financial service apps are shaping the future of banking. Research from Citi found that 91% of mobile banking users prefer banking in-app than visiting a physical branch. As adoption becomes the norm, providers who invest in practical solutions will reap the benefits. So be vigilant before becoming a victim: the right precautions will not only safeguard you and your customers’ best interests but will also enhance your reputation in a competitive marketplace.