Banking Data’s Secret Service
Banking Data’s Secret Service
December 7, 2006: RSA Security has got its spies on to cybercrims and is using a combined industry effort to tackle online fraud through the eFraudNetwork. Launched in Australia a few months ago, they’ve already scored their first major Australian customer.
The network is being pitched by RSA as an industry response to the growing threat of Phishing, Pharming and Trojan attacks on financial institutions. Through the combination of Fraud Action Service, Transactional Monitoring and Adaptive Authentication, RSA says the eFraudNetwork provides for a collaborative store of information.
“Phishing and Trojans are all very hard to stop, but we can obtain information on it,” Geoff Noble, banking and finance specialist for RSA told IDM. “No matter how much you educate, people like to help. So they get a call from their ‘bank’ to help, and they do.”
Their first Australian customer is the Adelaide Bank who will now share and receive their information on online fraud with global RSA clients such as the Bank of America, HBOS, Zions Bank and Alliance and Lester.
“All this information provides the central source for nefarious activity that we at the AFCC (Anti-Fraud Command Centre) gather,” says Noble. “So if the Adelaide Bank finds an IP address that is trying to attack multiple accounts, then it’s identified as a ‘bad guy’ and would go in to the database for other banks to be aware of.”
For the Adelaide Bank, their implementation of the RSA Transaction Monitoring service has paved the way for other financial institutions in Australia to join the combined intelligence force. The bank’s CIO says the program has been implemented to meet the expectations of customers and partners. “We want to ensure customers have no uncertain or security concerns when using the online banking functionality, which is why we have gone to considerable lengths to make the experience user friendly and secure,” he says.
Noble believes it’s a move that has the bank building on their reputation as an innovator in the industry. “A few years ago that was about having a token for authentication,” he says. “But that’s typically only appropriate for high-end transactions. The devices are not free and neither is deploying them.”
With Transaction Monitoring, RSA says that the bank’s online users will be authenticated behind-the-scenes while the system works to detect online fraud. At the core of the Transaction Monitoring system is the RSA Risk Engine, a method using a number of fraud indicators to evaluate online activity in real-time to apply a unique risk score. It’s a method that RSA says has virtually no impact on the user’s online experience.
So with the Adelaide Bank already on board and another Australian non-bank signed up, but not yet disclosed, what’s in store for the eFraudNetwork in the future? “I see representatives across major banks, second tiered banks, credit unions and organisations that don’t necessarily transact on the internet, but have a lot of information based on identities online,” says Noble. “Anyone with an identity accessible on the internet would benefit.”
A number of security vendors have recently release reports warning of the spike in Phishing attacks over the Christmas period. But it’s a warning that Noble is not so sure about. “There used to be huge spikes that you could predict for holiday periods across the world,” he says. “But these spikes have been somewhat flattened, because now there is always something going on somewhere.”