KASPERSKY FRAUD PREVENTION PLATFORM COVERING ONLINE AND MOBILE BANKING RISKS
ONLINE PAYMENTS ARE VERY POPULAR BUT NOT SECURE of people regularly use online banking, online shopping or 98% e-payment services 38% of people carry out financial transactions from their mobile devices of people worry about online 59% banking fraud 2 Source: Consumer Security Risks Survey 2013, B2B International
ATTACKING THE BANK VS. ATTACKING THE USER Attacking the bank is as difficult as breaking into a physical bank vault Attacking the user is much easier: A person is not as well protected as corporate servers One attack can result in tens of thousands of home computers becoming infected A good chance of going undetected 3
4 HOW FINANCIAL FRAUD WORKS
FINANCIAL RISKS USERS ENCOUNTER ONLINE 42% of users encountered malware attacks in 2013* 62% of users experienced financial threats online** $ The big four banking Trojans* 15% 62% 38% 4% 4% 7% 70% 1 in 5 malware attacks result in a loss of personal data** About 1.9 mln users faced banking malware in 2013* Zeus-related SpyEye Other Carberp Shiz 5 *According to Kaspersky Security Network data for 2013 **According to Consumer Security Risks Survey 2013, B2B International
ONLINE BANKING THIEFS: BREAKING BAD Online banking site: targets banking websites to harvest logins and passwords Carberp Authorization: Steals the 3-4 digit CVV2 number on credit cards One time passwords: bypasses SMS, Token, printed receipts, TAN generators Transaction approval: changes the mobile phone number in a victim s online banking account Zeus Carberp, SpyEye, Zeus for mobile, Lurk SpyEye 6 For more details: http://www.securelist.com/en/analysis/204792304/staying_safe_from_virtual_robbers
MEET ZEUS: MORE THAN 1 MLN USERS ATTACKED IN 2013 Most widespread online banking Trojan so far Capable of keylogging and screen-grabbing Uses web injections Performs man-in-the-browser attacks Bypasses 2-factor authentication systems 7
SMARTPHONES AND TABLETS: TROJANS GO MOBILE Many mobile Trojans work in tandem with their big brothers to intercept data from phones: Carberp-in-the- Mobile, Zeus-in-the-Mobile, etc. Mobile Trojans are capable of mobile phishing They use stolen credit card information by transferring money from the credit card to the mobile account and finally to a cybercriminals e-wallets 98% of mobile Trojans in 2013 targeted Android OS *http://www.securelist.com/en/analysis/204792318/kaspersky_security_bulletin_2013_overall_statistics_for_2013#02 8
KASPERSKY LAB MEETS AND ANTICIPATES THESE THREATS Financial malware and cyberattacks are getting more targeted New protection measures introduced by banks are quickly cracked/bypassed There is a lot of space for vulnerability exploitation Banks customer are under attack so effective security software to prevent losses is a must Introducing Kaspersky Fraud Prevention 9
MATURE TECHNOLOGY PROVED BY MILLIONS OF USERS Technology for protecting online transactions was first introduced by Kaspersky Lab in 2011 in its flagship product for home users and was named Safe Money In 2013, Kaspersky Lab was presented with the INNOVATION AWARD 2013 by AV-TEST for securing online transactions The key innovations included in Safe Money were strengthened and augmented in the new Kaspersky Fraud Prevention platform 10
TRUSTED BANKING Website Anti-phishing Database of trusted sites Connection Kaspersky Security Network SSL certificate database in the cloud Environment Vulnerability scan Self-protection Secure Browser Secure Keyboard 11
FRAUD PREVENTION IN ACTION BANK Social Engineering Screengrabs Code Injection login BANK PAGE login Account #1 Account #2 Malicious Accounts Logging Phishing + Stolen Certificates $$$ 3 days Driver killer DNS Change PHISHING PAGE MALWARE 12
KASPERSKY FRAUD PREVENTION PLATFORM Management User protection BANK Kaspersky Fraud Prevention for Endpoints USER Kaspersky Fraud Prevention Clientless Engine Kaspersky Fraud Prevention Console Kaspersky Fraud Prevention SDK + KSN Services Kaspersky Fraud Prevention Professional Services Kaspersky Fraud Prevention Intelligence Services Kaspersky Fraud Prevention Education Services Kaspersky Fraud Prevention Management Services 13
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS An endpoint protection application for user devices that is easy to install and use Provides dynamic and real-time protection against specific threats targeting online payments Ensures online transactions conducted from user devices are safe from fraud and sensitive data isn t intercepted/modified Supports Windows, Android, Mac & ios Is compatible with other security solutions installed on users devices Rebranding or white labeling upon request 14
KASPERSKY FRAUD PREVENTION SDK Comprehensive set of mobile SDK technologies by Kaspersky Lab which can be combined upon request: DNS Checker URL Reputation Certificate Validation Web Anti-Virus Safe Input Secure Storage Root/Jailbreak Detect and Firmware Verification Suspicious Applications Wi-Fi Safety Analysis Secure SMS Banking (for Android only) Anti-Virus (for Android only) Helps to create a fraud-proof mobile applications for Android and ios devices 15
KASPERSKY CLIENTLESS ENGINE Can be used in case endpoint protection application is not an option Works in company s IT infrastructure and provides antifraud protection to 100% of banks customers who access online banking services: Advanced Risk Engine based on comprehensive rules Behavioral analysis to detect anomalies All functionalities are available separately Includes Management Console which provides banks with a comprehensive view of online fraud incidents and fraud prevention efficiency 16
KASPERSKY FRAUD PREVENTION SERVICES Bi-monthly and quarterly reports Customized reports Raw data feeds Human interface to Kaspersky Lab knowledge 8x5 support Intelligence Services Management Services Education Services Professional Services Cyber security Banking threats Incident investigation/forensics Incident investigation Malware sample analysis 17
MAJOR BENEFITS FOR BANKS Preserves bank s business reputation Prevents costly security incidents and saves the banks money Provides with Kaspersky Lab global security intelligence on financial threats Flexible solutions, quickly customized to the needs of each bank Boosts customer satisfaction & loyalty Increases adoption of high-margin and high-retention services like online banking, mobile banking, and automated bill pay Brandable so customers associate the organization with secure payments Works with all popular platforms so customers are protected everywhere Supports most compliance and regulatory objectives 18
LET'S TALK? www.kaspersky.com/fraudprevention