Fraudsters And How They Bypass Tough Security Systems

By Author: eccuni
Total Articles: 211
Comment this article

In reality there are rules that are meant to be broken and also rules that can be bent around; this truth also applies to solving difficult computer problems. In solving computer related issues and problems, playing by the set rules would take longer; it would be easier to circumvent around the problem than solving it. A perfect example would be the installation of a certain file; if you don’t have the right disc for installation or the drive won't open then it would be easier to browse the web and look for the file you want to install. Well it can't change the fact that you don't have the right disc or the tray is still broken but you still have the software you want – isn't that good enough?
Sadly, the same thing is applicable to identity theft. Even if there are many kinds of anti-fraud measures and security systems, these problems that fraudsters encounter can still be bypassed by them so that they get what they want. Rather than passing through these security measures, fraudsters would often avoid these defenses which is easier for them. Although, with a system that was manned by a professional who has ...
... undergone pen test training, it would be more difficult for fraudsters.
Out of Band Authentication is an anti-fraud measure that is implemented on most banking services in the Web. A customer who wants to make banking transactions on the web will first receive a phone call or SMS message from the bank to their mobile phone. The bank will then give them a TAN or a password that can be only used once that has to be entered on the bank's website; it is needed so that the banking transaction will be completed.
For fraudsters, this method seems to be a challenging ordeal for them but they still have ways to bypass this challenge. A common method used fraudsters is using a sophisticated MITB or Man-in-the-Brower Trojan, which they install into the desktop of the victim. When the target victim logs into his or her online banking account to initiate banking transactions, the Trojan will instantly execute its pre-defined script that makes the transaction automatically transferred to the fraudsters mule account. The victim would be fooled into giving his or her TAN password that was given by the bank because of certain scams fraudsters make-up, for example a pop-up question that is said as a new security feature of the bank and will ask for the password.
Hijacking text messages is another way how fraudsters circumvent around security measures. Although it is not common, there are still some fraudsters who are capable of doing this. This only happens when fraudsters are connected to communication companies or those who can exploit mobile cellular phones. However, most fraudsters are not technically savvy when it comes to hijacking text messages or operating MITB. Even some invest a lot just to secure a transaction without any authentication.
But some fraudsters would try to take advantage on the enrollment procedure of the banking service just to around many out of band authentication. Enrollment services are sometimes done online and most of the times don't need any authentication – a perfect chance for a fraudster. If the client is not enrolled yet, a fraudster would enroll the client to the bank's service using the fraudster's phone number. Once it is registered, fraudulent transactions can take place with the fraudster's mule account.
Out of band Authentication is a good tool in preventing any fraudulent transactions, but still it is not 100% perfect. Implementation is still a necessary key for this tool to become successful to end up as a failure. So that this security feature to become more effective, enrollment processes must be more secured so that banks can ensure that their clients that are choosing the service are legit clients and not the frauds. One good example would be adding more anti-fraud measures, automatically enrolling all bank users or implementing a tougher authentication stage during enrollment processes. The questions have to be secured so that they can never be obtained by keylogging, phishing or other fraudulent methods. Along with that, proper pen testing is needed in order to improve the security even more while being conducted by one who has finished a pen testing training.
The chances of fraudsters going extinct would be impossible, so banks and their clients have to be extra careful when it comes to their online bank transactions. Indeed, there are methods to keep lines and transactions secure, but still there are some who are not perfect. But if fraudsters can never circumvent the security feature, they would just simply target others instead of you.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in penetration testing.
More information about EC-Council is available at www.eccouncil.org.