Online Transactions at Risk!
|Cybersecurity firms have revealed recently that it discovered stolen credentials from some 360 million accounts available for sale on the underground Internet. And now fraudsters have demonstrated how they reset passwords to increase their success in using this hoard of data to access online bank accounts.Fraud intelligence groups have tracked an ongoing series of attacks against our customers that have victimized hundreds of retail clients and a smaller number of commercial accounts at fifty or more banks and credit unions of all sizes. The attacks all include the use of the “forgotten password” feature to defeat authentication, and each institution had multiple victims signaling that once the criminals realized they could compromise one account successfully, they immediately went after more.
Prevention Tips — Prioritize layers of security that protect against all of the ways that criminals compromise accounts, not just malware. — Look beyond the transaction and evaluate all online activity in your client accounts for unusual behavior, including the pattern noted above. — Check with your clients to confirm fraudulent access as quickly as you can. Taking action early will save time and money later. In our experience, clients love the proactive outreach – it is a trust and relationship building event. — If you find fraudulent activity, look for other accounts with similar characteristics. — When you confirm fraudulent online account access, place alerts on the accounts and watch for fraudulent activity in all channels, particularly faxed wire requests, fraudulent checks, and the call center. Finally, be sure to check with the appropriate staff at your financial institution to determine if you need to provide a breach notification to your client and report the incident to credit bureaus.