According to a survey conducted by Kaspersky Lab and B2B International, only 52% of financial companies and 46% of firms engaged in e-commerce believe they need to take enhanced measures to protect financial transactions. Even fewer companies in this sector provide protection for their customers’ devices. So it happens historically that the endpoints are the weakest point of the transaction chains, thus, they’re also favorite targets for cybercriminals. The lack of attention from the businesses to such a vulnerable part is a bit surprising.
Babysit the users or not? – An open question #protectmybizTweet
What is even more surprising is that it is E-commerce companies that are the least focused on protecting financial operations – 16% of them say they are not interested in installing special security solutions against online fraud and just 38% are willing to invest in such tools. And that does not mean they would really invest any time soon.
Overall, some 30% of companies working with money on the internet are providing any protection on customer devices during transaction – and do not plan to do this in future. 28% of companies do not care about installing anti-fraud software on customers’ mobile devices while 30% of companies do not try to protect their own information infrastructure against fraud.
There is a reason for this attitude: Should E-commerce companies babysit their clients? If they are unwilling to protect themselves, why should it be a concern for the e-commerce service providers?
Those are open questions. Some three quarters of users do expect financial companies to take responsibility for safeguarding all their devices and 40% of those surveyed are sure the company will reimburse any lost money.
In other words, if something bad happens, users will put blame upon those companies, no matter what. Hence, the e-payment operators will face consequences, such as bad publicity, users’ discontent, and financial losses.
End users w/o endpoint protection will blame payment services. #protectmybizTweet
Kaspersky Lab statistics show that the number of cyber threats targeting financial data of individual users is growing constantly.
For example, according to Kaspersky Security Network, the amount of attacks using malicious banking software reached 1.4 million during the period between May 19th and June 19th, a 15% increase compared to the period from April 19th to May 19th.
For the criminals there is a direct benefit to rob people of their money quietly, without any fuss. Why shoot the ceiling, yell at people, run with heavy bags – and eventually get caught (because the culprits have forgotten to put on their masks – not all of the robbers are geniuses)?
Committing a robbery via cyberspace requires less physical and more intellectual effort. But at the same time it’s much easier to hide one’s trails on the Web.
“Cybercriminals target banks by going after the least protected links in the chain – customer devices and the online financial transactions carried out with those devices,” says Ross Hogan, Global Head of the Fraud Prevention Division at Kaspersky Lab.
And, again, in a case of a successful robbery, even knowing they have been using an unprotected device, users will put a blame upon the payment service.
The solution? It must be centralized, it should be capable of protecting all transactions from fraud attempts, and it should be capable of protecting even those devices that lack any local security solution. Kaspersky Fraud Prevention does allow for “clientless” protection thanks to the special “clientless engine” it’s built upon.
Introduced earlier this year, it is designed specifically for banks, payment systems, and e-commerce companies. The server side installed in the financial company is used to monitor all transactions for evidence of suspicious activity indicating fraud.
It also allows the installation – with users’ consent – of its applications on the endpoint device, providing a secure environment for online payments.
Deploying a multi-component solution makes it possible to protect all stages of the transaction, while Kaspersky Fraud Prevention’s additional services alert the bank’s security services to any new threats and help to reinforce reliable security policies.
It’s up to the company to decide whether it wants to promote the endpoint protection among its clients, but it’s quite logical to assume that such measures and, namely, investments in the anti-fraud platform may help to avoid lots of problems, including deteriorating relationships with the clients.