Why People Lose Money Online: A New Perspective on Online Fraud Prevention in Banking

October 18, 2024

In a recent episode of the "Into The Cyberverse" podcast hosted by Tech Lady and VinCSS, HiTRUST was featured as the cybersecurity experts to discuss the growing issue of online payment fraud. This article will unpack insights from the interview, exploring why people lose money online, the latest fraud trends, and how cutting-edge technologies like AI, machine learning, and FIDO2 transform fraud prevention in the banking and financial sector.

The Rising Cost of Fraud

Despite the advancements in cybersecurity, many people still lose money online. But why? Fraudsters evolve, and so do their tactics. There are three key reasons why individuals and even institutions are vulnerable:

Social Engineering Attacks: Fraudsters often trick individuals into revealing sensitive information by pretending to be trustworthy entities, such as banks or government officials. These attacks exploit human psychology rather than technological vulnerabilities.
Lack of Awareness: Many individuals and organizations are unaware of the latest fraud tactics. Without proper education, it is easier for people to click on malicious links or provide sensitive information to fraudsters.
Weak Security Practices: The continued use of outdated methods like SMS one-time passwords (OTPs) or simple passwords makes people vulnerable to advanced attacks such as phishing, SIM swapping, Man-in-the-Middle attacks, or data breaches.

So, how can financial institutions address these vulnerabilities?

How Advanced Technologies Are Reshaping Fraud Prevention

In the podcast, Roger Kuo, HiTRUST's CEO, and Kitty Cao, - Head of Global Marketing, discussed how adopting innovative technology is the key to staying ahead of fraudsters. Explore three of HiTRUST's powerful tools every financial institution should consider.

1. EMV 3-D Secure (3DS)

3DS protocol adds an extra authentication layer of security to online transactions. This global protocol, used by issuers, acquirers, and merchants, allows for additional authentication during transactions, ensuring that the person making the payment is a legitimate cardholder. Aside from enhancing security, implementing 3DS has several benefits:

Liability Shift: If a fraudulent transaction occurs, the risk of loss shifts from the customer to the bank or the card issuer.
Real-Time Verification: Banks can authenticate the transaction in real-time, minimizing the chances of unauthorized use.

This protocol is especially crucial for online transactions where card-not-present (CNP) fraud is common. It helps mitigate the risk, protecting banks and customers from unauthorized card information use.

2. Veri-id: AI-Driven Fraud Detection

Artificial intelligence (AI) and machine learning are revolutionizing how banks detect and prevent fraud by overcoming the limitations of human analysis. Unlike people who cannot continuously gather and process vast amounts of data quickly, AI can work 24/7, monitoring real-time transactions. HiTRUST leverages AI to identify suspicious patterns, such as sudden changes in location, unusual spending behavior, or automated bot attacks that humans might miss. Additionally, AI assigns risk scores to transactions, triggering further security checks when necessary. Key features include:

Device Intelligence Information Analysis (DiiA): This feature runs a URL method that collects around 100 device data points in real-time, allowing AI to identify unusual patterns and anomalies that could indicate fraud, such as sudden changes in location or behavior.
Risk Scoring: Each transaction is assigned a risk score based on various factors. High-risk transactions trigger additional security checks, such as multifactor authentication (MFA), to ensure safety.
Customizable Rule Engine: The rule engine allows financial institutions to set tailored fraud detection rules according to their risk profiles.

This use of AI ensures that banks can stay ahead of increasingly sophisticated attacks, allowing them to respond in real time to threats as they emerge.

3. Passkey Authentication

as 81% of heacking-related breaches are casued by weak or stolen password, Passkey offer a more secure alternative using biometric data (such as fingerprints or facial recognition) and public-key cryptography. The main advantages of Passkey compared to the other biometrics authentication are:

Aspect	Traditional Biometric Authentication	FIDO2/ Passkey Authentication
Password Dependency	Requires a password in the background; biometrics is a shortcut to send the password.	Passkeys eliminate the need for passwords.
Data Storage	Centralized servers store biometric data and passwords.	Biometric data is stored locally on the user’s device (decentralized)
Security	Vulnerable to centralized server breaches, exposing both passwords and biometric data.	It uses public-key cryptography, preventing sensitive data transmission and reducing the risk of breaches.
Authentication Process	Biometric data triggers the transmission of stored passwords to the server for verification.	It uses a private key (on the device) and a public key (on the server) for secure, passwordless authentication.
Risk of Breach	High, due to centralized storage and transmission of sensitive information.	Low, since the server does not transmit any biometric data or passwords.
User Experience	Convenient but still reliant on insecure passwords (in the background).	More secure and user-friendly with seamless, passwordless login.

Major organizations, including Apple, Google, Microsoft, X, WhatsApp, and several Taiwanese banks, have already adopted passkey authentication. The industry shift means it's just a matter of time before financial institutions implement It.

Why Banks Must Act Now: Adapting to the Future of Fraud

Fraud is not just evolving; it's getting smarter. One emerging trend is using deepfakes to mimic bank officials or trusted individuals, tricking customers into giving away sensitive information. AI-driven phishing attacks are also on the rise, as criminals now use AI to create highly personalized and convincing attacks.

Financial institutions must stay ahead of these threats. That means more than adopting new technologies—it means continuously educating customers on the dangers of online fraud and improving security measures. There are three critical steps financial institutions need to take:

Educate Your Customers: Ensure your customers understand how scams work and encourage them to be cautious. Awareness is a powerful defense.
Adopt Stronger Authentication Methods: Avoid vulnerable methods like passwords and SMS OTPs. Passkeys and multifactor authentication (MFA) should be the new standard.
Partner with Cybersecurity Experts: Collaborate with companies like HiTRUST to implement cutting-edge fraud prevention tools. This partnership will help you stay ahead of emerging fraud trends.

Global Insights on Fraud Prevention

Different regions have varying approaches to fraud prevention. Countries like China and Singapore have already embraced biometrics and public-key cryptography. In Southeast Asia, Vietnam is starting to catch up, with HiTRUST actively guiding institutions in implementing Passkeys and 3DS.

These technologies are shaping the future of banking security worldwide, with AI and machine learning leading the charge in identifying fraudulent activities in real-time. For financial institutions, now is the time to integrate these advanced solutions.

Conclusion: Securing the Future of Digital Banking

Financial institutions face an ongoing challenge of fighting fraud. However, banks can significantly reduce risk and strengthen customer trust with solutions like 3DS, AI-powered fraud detection, and Passkeys Authentication.

At HiTRUST, we believe that staying ahead of emerging fraud trends requires more than technology—it requires a commitment to customer awareness and a proactive approach to security.

By adopting these innovations, your institution can enhance both security and customer satisfaction, building a foundation of trust in the digital age.

Share this article