Last month London played host to the Future of Cards and Payments conference which showcased the latest developments in mobile banking across Europe. Discussions focused on strategies to leverage the numerous opportunities presented by mobile technology but also how people can protect themselves from fraud via a device they already have, their mobile phone.
Delegates from leading organisations including Visa, HP Cards, PayPal UK, O2 and Barclays were on hand to provide their thoughts, in addition to ValidSoft, a global supplier of fraud prevention, authentication and transaction verification solutions. ValidSoft has developed a range of products which enable banks to leverage the customer’s mobile phone to detect, prevent and resolve fraud in real-time. VALid-POS®, their flag-ship solution, uses telecommunications-based technology to combat fraud related to ATM and point of sale (POS) transactions. This is done by using proximity correlation logic (PCL™), which assesses the proximity of a card transaction to the cardholder’s mobile phone, in a privacy sensitive manner, in order to decide whether or not a transaction is likely to be fraudulent.
With the ever increasing convergence trend towards application functionality on the mobile phone, and the evolution of the mobile phone itself into a powerful mini-computer, it is not surprising that fraudsters will increasingly target this device, and the underlying telecommunications layer, to commit fraud. One such fraud vector to emerge in recent times is SIM swapping.
With SIM swapping, the fraudster impersonate the chosen victim (Spear Phishing), and contacts the victim’s mobile network operator (MNO) whereby they can convince the MNO to port the victim’s mobile phone number ported to a SIM owned by the fraudster. Fraudsters use standard social engineering techniques to facilitate this with the MNO. Using the new SIM Card, the fraudster can gain access to the one time passcode (OTP) that many banks transmit via SMS or voice to authorise an online financial transaction such as a funds transfer. ValidSoft refer to this type of fraud vector as being in the category of “pseudo device theft”. Other types of telephony fraud vectors also fall into this category, such as Call Forward Unconditional (CFU), where the fraudster convinces the MNO to “forward” calls from a victim’s phone number to a number of their choice thereby subverting the authentication process.
Because such fraud vectors are potential “blind spot” to an institution that relies on the integrity of the underlying telecommunications layer, it is difficult to quantify the scale of the problem today, but one can anticipate that whatever the penetration rate at present, we can expect to see this as a major issue going forward. ValidSoft’s VALid® OOB (Out-Of-Band) platform is the only OOB multifactor authentication and transaction verification solution that can detect pseudo device theft at the network layer and adjust the authorisation process accordingly.
ValidSoft is currently working with banks to roll-out its solution known as Pseudo Device Theft System which can be seamlessly integrated into the institution’s current technology architecture as an additional layer. Of the technology, ValidSoft CEO, Pat Carroll, said: “With the current reliance on the integrity of a mobile phone account to ensure out-of-band transactions, it is absolutely crucial banks can be sure the SIM they are dealing with is genuine and belongs to the account holder.”
Tel: 0203 170 8125