HomeKnow-HowThe Surge of On Device Fraud (ODF) in 2024 and why you...

The Surge of On Device Fraud (ODF) in 2024 and why you should care about it

On-device fraud is the number one topic that should keep you up at night if you run a digital business. A burgeoning threat which has grown significantly in the last 12 months in the digital landscape, ODF is driven by several key factors which we’ll look into below before delving into some of the best ways to combat it.

But first, what is ODF?

You might have heard of the Copybara campaign a few weeks ago, which infiltrated a handful of Spanish banks, stealing customer data for malicious purposes.

On-device fraud in the context of online banking refers to fraudulent activities that occur directly on the user’s device, such as a computer, smartphone, or tablet. This type of fraud involves unauthorized access, manipulation, or exploitation of information and transactions carried out on the user’s device. Here are the two main ways this happens.

Firstly, malware and spyware; Criminals may use malicious software to infect a user’s device, allowing them not only to monitor and capture sensitive information, such as login credentials, personal identification numbers (PINs), or account details, but to take control of the device entirely. Over 10 terabytes of data are stolen monthly, ransomware is one of the leading cyber threats in Europe, and more specifically phishing is now identified as the most common initial avenue for these attacks.

Secondly, device compromise; If a user’s device is compromised, either through hacking or physical theft, the perpetrator may gain access to sensitive banking information stored on the device to perpetrate fraud directly from it.

What factors explain the rapid growth of ODF?

Firstly, advancements in anti-fraud defences employed by banks are met with corresponding developments in fraudster tactics. ODF fraud is designed to bypass strong controls and checks that banks do when you are enrolling a new device. It’s akin to remote access.

Banks continually evolve their defences during onboarding and device enrollment processes, leveraging improved device intelligence to pinpoint suspect devices associated with multiple accounts. This cat-and-mouse game of technological advancement underscores the need for constant vigilance and adaptation.

Secondly, the accessibility of artificial intelligence (AI) has lowered the barrier for fraudsters to develop targeted technology. The proliferation of AI tools empowers fraudsters to craft sophisticated schemes, exploiting vulnerabilities and circumventing traditional security measures. As such, combating on-device fraud demands proactive strategies that keep pace with emerging threats.

So what do we do to fight on-device fraud?

To effectively combat the rising tide of on-device fraud, organizations must implement a multifaceted approach. App and content integrity checks serve as a frontline defence, detecting any tampering of content transmitted by app servers.

Similarly, identity checks such as two-step verification (2FA) are essential to identify unauthorized modifications such as rooting or dangerous access rights granted to third-party apps. You would think that investing in 2FA is essential when you know that a hacker can crack 90% of passwords with six tries or less. But ODF malware bypasses 2FA altogether. The deceptive use of a remote access trojan (RAT) known as SpyNote, allowed cybercriminals to gain unauthorized access to devices, steal sensitive information, and control device functions remotely for malicious purposes.

Furthermore, looking for known or existing malware is crucial for swiftly identifying and neutralizing threats. However, the landscape of malware is dynamic, meaning businesses need to equip themselves with measures for detecting “zero-day malware” anomalies—signs of compromise from malware not yet classified.

Accurate behavioural profiling is essential in this regard and allows to spot anomalies in user behaviour and spending patterns, which are indicative of fraudulent activity. Moreover, predictive mule account identification enhances security by preemptively flagging suspicious accounts and transactions. This is why leveraging data analytics and machine learning algorithms can be game-changing, and organizations can proactively identify and mitigate risks associated with on-device fraud.

By staying abreast of evolving threats and adopting proactive defence mechanisms, organizations can fortify their defences and safeguard against the ever-evolving landscape of digital fraud.

The threat of on-device fraud underscores the critical need for robust security measures and proactive strategies. As technology continues to advance, so too must our defences evolve to counter emerging threats. By leveraging the latest advancements in AI, behavioural analytics, and predictive modelling, organizations can stay one step ahead of fraudsters and protect both their assets and customers from harm

Matteo Bogana
Matteo Bogana
Matteo Bogana has over 20 years of experience in the IT and high-tech markets. He has held multiple positions in global corporations and academic institutions, focusing primarily on the development and go-to-market strategies of disruptive technologies and products. Currently, he serves as the CEO and Co-Founder of Cleafy, a recognized global market leader in enterprise cybersecurity and fraud management.
RELATED ARTICLES

Most Popular