Introduction
As the conduits of digital presence and payments diversify with expanding assets, perimeters, and interconnected systems – vulnerabilities grow by the minute, putting more pressure on financial institutions in the APAC region to uphold security.
Cybercriminals are becoming increasingly active in APAC networks—this isn’t a mere hypothesis but a fact confirmed by Group-IB’s recent threat monitoring and joint operations. Given this activity surge, the region is clearly strongly inclined towards developing proactive regulations, transactional monitoring, and digital asset recovery mechanisms.
In the face of such a hyperactive threat landscape, how can reactive cybersecurity measures keep up with the escalating challenges? The need for proactivity is uncompromisable and immediate. However, pre-existing fraud prevention teams are now burdened with the immense and often uncharted task of reducing fraud. Proactiveness alone won’t suffice—they must also focus on upskilling and building advanced and robust anti-fraud defenses while managing costs. Naturally, for teams that were originally established in large banks to handle transaction monitoring and flag compliance irregularities, leading a digital trust and safety agenda is a significant leap.
Fraud prevention teams are now tasked with creating proactive policies to protect brand integrity, user experience, and online transactions. The question is—are they ready to rise to the unending requirements?
The challenge of new fraud vectors seems to be insurmountable
Cybercriminals have increased their appetite and tactics for laundering money, crafting automated and manual attacks, maligning digital assets, and hijacking networks.
Deepfakes have been reported to bypass Know Your Customer (KYC) checks, bots are masquerading as real users and creating fake accounts, malware and Remote Access Trojans (RATs) can take access to customer devices and credentials, mobile banking apps are being reverse-engineered and added to play store, increase in mule accounts with users renting their national identity and bank accounts via telegram – are all some of the fraud challenges Group-IB’s teams have encountered in APAC over the last 6 months.
These challenges include scam calls – there have been innumerable cases of individuals targeted by fraudsters posing as immigration, customs, or police officers and forcing these petrified users to share their bank information and credentials. The challenge posed by cyber fraud is increasing by the year. The overall economic loss reported due to online fraud is anywhere between 1% to 3% of the country’s GDP, as reported by the Global Anti Scam Alliance in Global Scam Report 2023. (1)
Singapore Police Force, in their 2024 midyear report (2), gave a detailed account of the continued increase in fraud loss and volume over the last year. If one of the globally leading city-states with high digital security and threat awareness is facing the challenges of digital fraud, it is easy to understand why other countries in the region are overwhelmed with a much higher caseload of cyber fraud and the public scrutiny that comes with it. The reported fraud cases are growing across each Asian country when compared with 2023 estimates of fraud loss.
Cyber fraud slips through: Fraud prevention is nobody’s core work
Cybersecurity has clearly defined starting and ending points. An Enterprise CISO needs to secure applications, data, APIs, infrastructure, manage access, cloud, etc. The points of ingress and egress are known, and roles, responsibilities, and compliance have evolved into neatly delimited areas for clear ownership, execution, and accountability.
Cyber-enabled fraud can start with a data leak or credential highjack. Well-protected mobile and internet banking applications are used with a malign intent to clean an unsuspecting user’s account balances. Fraudsters break past one-time passwords and 2FA (Second Factor Authentication) controls via social engineering and other techniques. The bank’s transaction monitoring system often ignores several early fraud signals.
Cyber-enabled fraud is difficult to detect and prevent. Banks often pass the liability back to consumers where they can, especially when central bank guidelines are not strictly enforced. If bank legal teams can pass responsibility to another entity, they will – banks can point to telcos not doing enough to stop sim swaps and blame social media giants, who are beneficiaries of advertised phishing link sites. Ironically, banks can often squarely set 100% liability on petrified and now resource-depleted consumers themselves for delving out their credentials to a scam caller.
Taking on responsibility for cyber fraud is a lot of work that no one wants to do or has the authority and governance to lead singularly. However, there is a silver lining—many banks across the region recognize the need to be part of shared coalitions and national initiatives to mitigate the scourge of online fraud and forms of cyber extortion.
Transaction Monitoring: Necessary but not sufficient
Banks require transaction monitoring systems to meet risk and compliance controls, protect banks from anti-money laundering (AML) sanctions, and ensure compliance with international banking guidelines. Ultimate beneficiary checks, transaction country of origination and destination checks, currency denomination and value checks, IP geolocation, Office of Foreign Assets Control (OFAC), and other database checks are all standard practices to meet compliance requirements and prevent financial fraud owing to money laundering.
However, when it comes to Cyber-enabled fraud, transaction–level checks are necessary but insufficient. At Group-IB, our experts vehemently encourage banking customers in the APAC region to go beyond transaction monitoring and use telemetry and signals in real-time to prevent online fraud.
Traditionally, application access is given based on three fundamental security questions: Who are you (username)? What do you know (Password)? What do you have (2FA)? A three-way check on new fraud prevention questions based on user sessions provides rich telemetry and insights into each transaction origination and application interaction.
Our approach comprises solving the following questions:
- Can I trust the Device My application is running on?
A quick technical analysis of the device can enrich transaction monitoring controls at the login stage. These signals include:
– Do rogue apps take any camera or other preferences?
– Augmenting IP with longitude and latitude-based geolocation.
– Have I seen this unique Device ID before?
– Are many new users registering using the same Device ID?
– Is the device jailbroken or rooted?
– Is there a malware on the device?
– Is there a remote access trojan?
Image source: Group-IB device-based fraud detection and prevention
- Can I trust the way my application is being used?
Going beyond username, password, and 2FA requires checking for other behaviors that signal users’ intent to abuse the application. Rich telemetry and signals that can benefit transaction monitoring tools include:
– Do the gyroscope and accelerometer data indicate human interaction?
– Can I detect the presence of bots coming from the device?
– What is the time taken to complete the transaction?
– Can I create a profile for each user based on behavior biometrics?
– Can I detect if the user’s device is in the hands of a new user?
Image source: Keystroke dynamics of users coming from devices
- Can I confirm the user is not at Risk?
Identifying risk behaviors without a view into any user PII data (personally identifiable information) is essential to meet Data Privacy guidelines. With GROUP-IB’s Threat Intelligence feed and dark web monitoring, we actively identify users, cards, and devices at risk and enrich transaction monitoring solutions without compromising user PII data. Some key telemetry signals we can leverage are:
– Is the Device ID on a known blacklist?
– Is the Credit Card information part of a large leak?
– Are the user credentials part of a data leak?
– Is the user being guided to make a transaction over a scam call?
– Is the user coming from an anti-detect browser?
Image source: Difference in legitimate and suspicious/ fraud-hinting account activities
Image source: Fraud protection profiling, detection, and protection capabilities
Unite to take action: Prevent exploitation of consumers and brand reputation
Enriching transaction monitoring solutions with session information allows fraud and risk teams in banks to significantly improve their ability to prevent fraud and prepare against new fraud vectors. The solutions allow teams to configure, manage, and deploy new policies based on their own requirements, such as a new fraud mitigation policy before the new holiday season, a policy to specifically raise checks on transactions from a geo-location, or even a policy based on a host of other device and behavior signals; all can be achieved quickly by combining the information brought forward via the Group-IB Fraud Protection solution.
Image source: Group-IB Fraud Protection telemetry and session information
Group-IB Fraud Prevention solutions bring the best cybersecurity telemetry and session information with the advanced fidelity and usability expected from a transaction monitoring solution. With easy integrations with various transaction monitoring solutions, we aim to augment existing controls by enriching them with Device ID, Behaviour Biometrics, Malware, Geo-Location, Scam Call Alert, and Mule Account Prevention insights.
At a major bank in the APAC region, our team of anti-fraud experts and technology capabilities have shown significant savings by preventing new fraud vectors from bypassing existing thresholds and transaction monitoring controls. At another bank, we have rolled out a new mobile application securing one of the country’s largest Fintech and Wallet apps.
Want to build overarching defenses against fraud? Learn all about our dedicated anti-fraud and cybersecurity solutions for the challenges inherent to banks and financial institutions.
As digital economic activity and growth sharply inclines across the APAC region, it is crucial for banks and financial institutions to enhance their cybersecurity regulatory and technical strategies and capabilities to keep pace with the rising opportunities for cybercrime. Group-IB’s multi-faceted approach to combating fraud in the region involves offering next-generation fraud detection and prevention capabilities while making the most of partnerships with law enforcement agencies such as INTERPOL, security forces, and other key stakeholders. These collaborations provide critical insights and field intelligence, enabling fraud teams across APAC to work with Group-IB for local action and global threat insights, staying ahead of evolving threats.
Beat every nuance of fraud to defend your business and customers.
Contact our experts for advisory or collaboration engagements on cyber fraud prevention, trust, and safety.
