Powerful fraud prevention for financial institutions.
Use cases | Digital banking and payment fraud prevention
Prevent phishing, man-in-the-middle (MitM) attacks, and SIM-swaps that could lead to account takeover (ATO) fraud. All with a multi-layered, context-based authentication solution.
Powerful fraud prevention for financial institutions.
Use cases | Digital banking and payment fraud prevention
Prevent phishing, man-in-the-middle (MitM) attacks, and SIM-swaps that could lead to account takeover (ATO) fraud. All with a multi-layered, context-based authentication solution.
If history has taught us anything about digital banking and payment fraud, it’s that criminals follow opportunity, stopping at nothing to push past the boundaries put in place to thwart their efforts. The benefits of advances in digital security may work at first, but fraudsters are continually adapting their tactics, necessitating continuous innovation from banks and fintech companies around the world.
The Entersekt Secure Platform, hosted behind a bank’s firewall, forms the foundation of Entersekt’s multi-layered, context-based approach to digital banking and payment fraud prevention. It allows financial institutions to uniquely identify customers and secure their banking and payment transactions using the most modern, multi-factor authentication (MFA) methods with the least amount of friction.
What this means is that even when criminals compromise one layer of security, they are highly unlikely to breach all of them. Multiple layers of defense used in various combinations arm financial institutions to prevent these dangerous fraud types:
Account takeover (ATO) is a form of identity theft in which fraudsters gain access to a victim’s bank or credit card accounts through a data breach, malware attack, or phishing attempt. The aim of an ATO is to make non-monetary changes to an account that will allow an attacker to gain future access.
Entersekt's solution:
Entersekt’s authentication uses digital certificates to create unique device and browser identities, thereby establishing trust. When a sensitive transaction is initiated, strong customer authentication is used to obtain the correct biometric or knowledge factor, ensuring that consent is always received from the correct person on a trusted device.
Man-in-the-Middle (MitM) attacks are a common type of fraud, also known as hijacking attacks, which rely on interception. Typically, an attacker will send a phishing email or text prompting a user to click on a link to a fake website. Believing they are logging in on their bank’s website, the user enters their credentials, which the fraudster then captures and uses on the real banking site. When an OTP is sent to the accountholder, they input it on the fake website, giving the fraudster the ability to gain full access.
Entersekt's solution:
Entersekt’s authentication defends against these attacks in many ways – active authenticators like biometrics cannot be faked by a fraudster. Further to that, Entersekt authenticates via a trusted device that sends a push notification with context of the attempted transaction for the user to easily spot any discrepancies. Entersekt’s silent authenticators are also MitM-proof – they cannot be phished.
Phishing is a type of social engineering fraud based on human interaction. An attacker will typically pose as a legitimate entity, like a bank employee, and, using emails, text messages, or voice calls, fool their victims into sharing sensitive information in order to gain access and move money.
Entersekt's solution:
Entersekt’s solution eliminates phishing by using secure push-based, phone-as-a-token authentication. Consumers are required to authorize their transactions on their physical devices in real-time and are therefore always made aware of suspicious activity on their accounts.
SIM-swap fraud uses stolen or cloned SIM cards inserted into other devices to intercept messages containing sensitive information like SMS OTPs. Because OTPs are an old technology, they’ve become easier to compromise.
Entersekt's solution:
Entersekt’s solution binds the banking app to a user’s device. Even when a fraudster performs a SIM swap and transfers the legitimate number to a new device, authentication messages will only ever be sent to the correct, registered device.
Card-not-present (CNP) fraud refers to unauthorized e-commerce payment transactions made without the physical presence of a customer’s payment card. Usually, a cardholder's card details are used without their knowledge or consent.
Entersekt's solution:
Entersekt’s 3-D Secure ACS prevents CNP fraud by adding an extra layer of security tied to a user’s registered device at checkout. Risk-based authentication enables frictionless processing of low-risk transactions and low-friction step-up methods of authentication for higher-risk transactions.
Friendly fraud that results in chargebacks can take many forms, some of which can be difficult to prevent. The most common forms of friendly fraud are when a customer claims they did not order goods, or they did not receive the goods.
Entersekt's solution:
While Entersekt cannot provide proof of receipt of goods, we can provide the tracking details that allow the bank to prove that the customer authenticated the transaction.
Stolen payment card details allow fraudsters to make online purchases without the physical card in their possession (CNP fraud). Card details can be stolen through hacking into a network storing the credentials, phishing to trick the cardholder into sharing their details, skimming the details with a device at the card-present point-of-sale, or installing malware on the victim’s device that allows them to record keystrokes to steal the data.
Entersekt's solution:
If the transaction using stolen details is not submitted for 3-D Secure authentication, it is likely to be authorized without any challenge. If the fraudster anticipates a challenge, they could try to use these credentials in conjunction with a SIM-swap or hijacking attempt to intercept the OTP used for authentication. By requesting the cardholder use biometrics or authentication on a trusted device to authenticate, Entersekt can detect and prevent the fraudulent transaction.
Triangulation fraud is a sophisticated form of e-commerce fraud that involves three parties: The fraudster, the unsuspecting buyer/cardholder, and the legitimate online retailer. Plus, there’s a passive fourth party: The victim of stolen credit card data.
Here’s how it works: The fraudster sets up a fake online storefront that sells items at very low prices. When a legitimate buyer makes a purchase, the fraudster uses stolen credit card data to buy the same item from a genuine e-commerce store and have it shipped to the buyer’s address. In the end, the legitimate buyer gets their product, the real e-commerce store makes a sale, but the credit card owner becomes a victim of fraud.
Entersekt's solution:
Entersekt's 3-D Secure and authentication solutions work together to prevent triangulation fraud. In the example above, if the legitimate store had submitted the transaction to 3-D Secure authentication, and if the issuer used an effective authentication method, there would be a high likelihood that the transaction using stolen data would have been declined.
In merchant identity fraud, scammers create a fake e-commerce site that looks just like a legitimate one. When customers make a purchase on the fraudulent site, they provide their credit card information, which the scammer then uses to make fraudulent transactions elsewhere. The cardholder, issuer and subsequent legitimate merchants become victims of this fraud.
Entersekt's solution:
Considering that a fraudster may only have a brief window of opportunity to use the card before it is discovered to be stolen, 3-D Secure authentication is a means to stop merchant and issuer losses for even the first fraudulent transaction attempted. If the subsequent online stores where the fraudster uses the stolen card are submitting their transactions to 3-D Secure authentication, and if the issuer is using an effective authentication method, there would be a high likelihood that the transactions using stolen data would be declined.
Ready to learn more? Complete the form below.
