Bold Business Logo

Fighting Bank Fraud With Biometrics And AI

Online bank fraud has increased ten-fold over recent years.

The number of hackers and fraudsters targeting banks has risen sharply. Security measures put in place to protect people’s accounts aren’t matching the speed in which computer geniuses can gain access.

“online fraud is costing banks $15 billion each year”

According to internationalbanker.com, online fraud is costing banks $15 billion each year, outlined in the 2016 Javelin Identity Fraud Study. In 2015, there were 13.1 million instances of fraud. It is now a ‘normal’ part of doing business. Hacking in banks and credit card companies still happen on a regular basis. It happens despite incorporating severe security measures into their systems.

Fraud prevention measures are evolving constantly as fraudsters find innovative ways to access online data. The increase in security will combat the threat, including “biometrics, artificial intelligence (AI) or even blockchain. Banks have an opportunity to increase transparency, deepen their insights and enhance security to minimize fraudulent activity.”

Biometrics

Biometric payments to combat online bank fraud
Increasing security using fingerprint sensors for biometric authentication, and chip and PIN for more secure payments

Biometrics has so far been one of the most effective security measures put in place to combat banking fraud. The past few years have marked a significant shift across card and digital payments technologies. According to Javelin, “The US Payments Forum found that 29% of US merchants have enabled EMV chip-card technology.” Javelin adds, “Almost 75% of consumers have at least one EMV card. However, the migration to EMV in the US drove a 113% increase in new account fraud, which represents 20% of all fraud.”

International banker states that US banks really need to think about their vulnerabilities. In the United Kingdom, EMV fraud is not so much a problem. British banks incorporated an extra layer of security with the chip and PIN model. It requires a four-digit identification number along with the chip/credit card. Experts say US would experience less fraud if they added an extra layer of authentication. These include PIN or digital fingerprint on the EMV chip.

For the likes of Apple Pay, biometric hardware is even more important. You use it by touching your phone on the payment point to approve funds.  Finger print scanning or even eye scans are part of some devices to allow access to payments. Biometrics are even advancing to the point at which after users sign-on with physical biometric authentication, companies can use behavioral biometric authentication to detect fraud.

Blockchain

Blockchain software is also an effective way of preventing fraud, but can also lead to delays in transaction times and frustration for customers. It is currently evident in Bitcoin transactions, and the online currency is trying to revamp procedures to reduce the problems blockchain causes.

However, blockchain is a win-win for larger corporations and huge banking transactions. It can eliminate online bank fraud for 100% of the transactions that occur on the chain by providing complete transaction history and security to all members of the chain.

Artificial Intelligence

Artificial Intelligence is also making a bold impact on online security. Money laundering has become a huge challenge for banks, dirty money puts all their activities at risk.

Banks are using data science, artificial intelligence that uses algorithms to analyze data, on spending patterns to identify activity that is consistent with money laundering and fraud, to weed out the bad seeds.

Other measures put in place are increased online security measures, including firewalls and encryption, and super-routers that are blocking entry at the source.

It has become clear that online security is evolving all the time, as are the methods used by hackers to gain access to sensitive data. Cyber security conferences up and down the country are constantly looking at ways of tackling online bank fraud, and banks and credit-card companies are doing all they can to protect their businesses, but most importantly their customers.

Mobile Phone Security Questioned As Google Finds Another Vulnerability

In another case that highlights the importance of mobile phone security, Google’s Project Zero has found a chip vulnerability in a commonly used Wi-Fi chip in Android and iOS devices, Digital Trends reported.

Built by Broadcom, the Wi-Fi Full MAC chips are used by mobile devices for Wi-Fi communications. The Wi-Fi tasks on cellphones are usually offloaded to such chips in order to save on battery life. Unfortunately, there is a vulnerability in the chip which could enable the hijacking of the mobile device.


The chip handles all the Wi-Fi communications, however, its stack could be overloaded, and when that happens, privileges could be elevated and this could lead to access to the kernel. With the proper privileges, a small program can be used to rewrite the kernel or to include malicious code without the owner’s knowledge.

Chip vulnerability - mobile phone security

Android and Apple operating systems are known to be strict about allowing root access to specific parts of the system. Even a root or admin user still has to key in the password before any system app is run. This vulnerability is deeply embedded, that strictly speaking, it is not even a part of the operating system. The vulnerable code resides on a separate chip which the OS communicates only via an API.

Computer developers, in general, look for vulnerabilities within the system code, or any other user created code interacting directly with the OS. It is seldom that embedded codes have these vulnerabilities. Or even if they did, these could not be exploited because of the nature of the larger systems. Security in computers is checked with almost every instance of a system call.

However, in the case of cellphones and other mobile devices, there is a degree of integration which is not found in computers. The embedded systems themselves communicate with one another. This method is done to save code space, faster execution, and ultimately saving on battery life. If the same chip were installed on a computer or laptop, there would have been no problem even if there was a stack overflow.

Some mobile devices which use the Broadcom chip include Samsung cellphones, Google’s Nexus phones, and Apple mobile devices. The chip is also used in Wi-Fi routers.

Project Zero

Project Zero is a Google program which aims to catch security vulnerabilities in operating systems before they can be used in a malicious manner. So far, the Wi-Fi Full MAC vulnerability has been patched up by Apple. IOS devices which were formerly vulnerable to this included iPhone 5 and later, 4th generation iPads and later, and the 6th generation iPod Touch.

Broadcom Takes Bold Steps To Improve

Meanwhile, Broadcom has already been informed about the chip vulnerability and have implemented a bold solution with its newer versions. Called the Memory Protection Unit, it manages user access privileges, including other hardware-embedded security features.

How can we help?