LONDON (UK): Trusteer, the leading provider of endpoint cybercrime prevention, has announced the Trusteer Mobile Risk Engine to protect financial institutions against mobile and PC-to-mobile (cross-channel) attacks. Trusteer Mobile Risk Engine detects and stops account takeover from mobile devices by conclusively identifying criminal access attempts. It also identifies devices that are vulnerable to compromise by malware and those that have been infected. Mobile malware is commonly used to bypass strong authentication methods such as SMS One-Time Passwords (SMS OTP).
According to a recent report by Javelin Research[1], mobile banking is now used by 33% of mobile consumers, up from 24% in 2011. Of the top 25 US financial institutions, about half are offering mobile person-to-person transfers and mobile remote deposit capabilities, a figure that has more than doubled since 2011. This steady increase in adoption is putting the mobile channel in the crosshairs of account takeover attacks that are launched using credentials stolen from customers via phishing and malware attacks. The FFIEC guidance for electronic banking requires layered security, continuous risk assessment and complex device fingerprinting to reduce the risk of fraud, and clearly includes the mobile channel.
“Mobile banking is an attractive target for criminal account takeover due to the rapidly growing number of users and limited fraud detection and prevention capabilities. It is also being exploited to circumvent strong authentication systems that use mobile text messages to validate high risk transactions,” said Yishay Yovel, vice president of marketing for Trusteer. “Trusteer Mobile Risk Engine combines a web-based service and dedicated mobile client components with real-time account risk data from Trusteer Pinpoint Malware Detection and Trusteer Rapport to prevent sophisticated mobile and cross channel fraud.”