Web fraud threats a growing concern for financial firms

Financial services organisations across Europe, the Middle East, and Africa, are facing significant financial and reputational hits due to a rise in web fraud threats, according to a new survey commissioned by F5 Networks.

Such online threats, which include malware, phishing, credential grabbing and session hijacking attacks, have caused financial losses of between £50,000 and £500,000 in the past two years for 48 per cent of organisations, the study revealed. In addition, 9 per cent forfeited more than £500,000 and 3 per cent over £1 million.

Malware was the main culprit of the attacks at 75 per cent, followed by phishing and credential grabbing both at 53 per cent and session grabbing at 35 per cent.

Apart from financial loss and reputational damage, other major negative impacts included decreased customer confidence and loyalty, and potential fines by regulatory bodies.

“More than ever before, it is vital to understand the nature of the threats and to implement solutions that eliminate attacks before they do real damage. Those that get it right will be rewarded with customer loyalty and profit. Those that don’t risk incurring the very thing that they are most concerned about: damage to their reputation,” Gad Elkin, EMEA Security Director at F5 said.

Aming the available solutions, 55 per cent of respondents claim to have adopted multi-layer fraud prevention solutions, where endpoint embedded solutions were the most popular at 62 per cent.

Other solutions cited were; page navigation analysis to identify suspect navigation patters, entity link analysis of relationships between users, accounts and machines to detect criminal activity and/or misuse, and solutions yielding user behavior analytics and comparison for specific channels also featured prominently.

Elkin further explained that there is a growing appetite for solutions with clientless online fraud protection capabilitie to allow organisations to arm any device in real-time against all varieties of online threats without the user having to do anything, extinguishing the danger of instances like malicious HTML code or script injections.

“Organisations are advanced in their approach to protecting the data centres, implementing multi-factor authentication and protecting applications via server-side controls. Nevertheless, many have failed to effectively secure the end-point where users interact with web applications," he said.