Yapı Kredi Fraud Monitoring System
As Internet and mobile banking channels become widespread and transaction volume grows in Turkey, the associated risks and threats are also soaring. Today’s criminals use much more complicated techniques than simple and easily avoidable attacks, thus giving rise to the need for specialized solutions. Malicious software designed for targeted attacks in the banking sector have become highly sophisticated over time, and are now being marketed as attack kits in the world of fraudsters. Fraud techniques that involve malicious software such as trojans top the list, posing threats for banking channels. Once infecting users’ computers and mobile devices, this type of malicious software, also called banking trojans, creates screens to capture user information and fixed/one-time passwords.
Using the information collacted through such screens, fraudsters perform transactions outside customers’ knowledge. Although Trojan activity varies by country, the number of trojans is growing by the day, the most common banking trojans being Zeus (variations) and SpyEye. Recognizing this emerging threat, Yapı Kredi launched a comprehensive Trojan Detection Project in 2014, in partnership with IHS Technology, in order to protect customers using Internet and mobile banking channels.
With the cooperation between IHS Technology Corporate and Yapı Kredi Fraud and Abuse Prevention Unit, the project was rapidly rolled out in just two months to monitor trojan risks in Internet and mobile banking channels in real-time, and to prevent fraud activities before a financial transaction is performed. Yapı Kredi is now able to effectively prevent advanced and sophisticated attacks thanks to the trojan detection system working in integration with other fraud layers.
Yapı Kredi Fraud and Abuse Prevention Division analyzes and blocks detected trojan activities in real-time, preventing any interaction with customers. Thanks to this transparent technology, the customer’s Internet banking experience continues without interruption.
Yapı Kredi expresses the following: Digital banking is a huge world in terms of the diversity of transactions, number of customers, types of technologies used and investments made. Banks can now provide customers with all services, except cash deposit, on PC, tablet, smart phone or even wearable technologies, with the electronic banking infrastructure developed over 15 years of experience in alternative distribution channels.
Digital channels will remain important in the future for banks that have already invested in this infrastructure, as long as they want to reinforce their reliability and prestige and expand their product sales. Most customers prefer digital channels as they offer fast, easy and unlimited access, lower transaction fees and high quality service. Figures show that the number of Internet banking users has soared by 350% to 15 million compared to 2006 thanks to high quality, low-cost service in the sector.
Structural and functional advances in Internet and mobile channels have led to the evolution of fraud tools. Simple keyloggers or SIM-card thefts are replaced by sophisticated fraud activities. Therefore, banks develop various security measures for different layers to keep their digital structures and processes safe.
A risk evaluation conducted by Yapı Kredi showed that customer devices constitute a key security gap. Although technology consumers in Turkey follow the latest device models, they have not acquired sufficient awareness about security measures they can incorporate in their daily usage habits. Bad consumer habits include using unlicensed operating systems on PCs, failing to use original and up-to-date anti-virus software, and rooting or jailbreaking the operating systems of mobile devices.
When Internet banking transactions are performed on such devices with low security levels, various malicious software can steal customer passwords and behavior models stored by banks, resulting in fraud. The project that we implemented in cooperation with IHS Technology helped our bank continue to provide customers with high quality services on more secure digital banking platforms, and protect them from financial losses.