Actimize, a provider of transactional risk management software for the financial services industry, and NICE Systems, have warned banks and banking customers of a new attack vector – Man-in-the-Phone (MitP). Actimize said that MitP blends new and old fraud techniques to trick banking customers into authorizing transactions via the phone channel.
MitP builds on the successes realized from Man-in-the-Browser (MitB) attacks, in which criminals use Trojans to infect a users’ Internet Browser to modify transaction content or insert additional transactions.
Actimize recommended banks to combine cross channel behaviour profiling and anomaly detection technologies. Call center employees should be trained to listen more closely and ask who originated the call. Attacks may be thwarted or losses minimized, if bank employees ask simple security questions at various points in the phone conversation when confirming personal credentials. Fraudsters are less likely to trick customers into sharing answers to several security questions.
Paul Henninger, Director of fraud solutions at Actimize, said: “We help many of the largest retail banks, investment banks and brokerage firms protect themselves and their clients from all types of cross-channel fraud attacks. With our unique perspective into the operations of financial institutions around the world, we can spot trends as they occur. We’ve noticed an accelerating trend in Man-in-the-Phone attacks. We hope that by publicizing this new trend, we can help reduce its impact on individuals and our banking clients.”