Protecting Apps Against Cyber Fraud

June 16, 2017//Ellen Neveux

Last Updated: November 18, 2020

Marco Essomba is a Certified Application Delivery Networking and Cyber Security Expert with an industry leading reputation. He is the founder of iCyber-Security(formerly AMPS), a UK-based firm that enables organizations in banking, financial technology, healthcare, retail, and the insurance sector to safeguard their digital assets.

Cyber-crime is fast increasing and costing the global economy approximately $445 billion a year. Welcome to the lucrative world of cyber fraud!

E-commerce is the backbone of businesses in the digital economy. It is almost unthinkable not to have instant access to services such as online banking, online shopping, etc. Defending e-commerce applications against fraudulent activities from cyber-criminals is a challenging task. Whatever your cyber fraud defense strategy, an Application Delivery Controller (ADC) should be part of your Defense in-Depth arsenal.

The challenge is not going away
A common attack vector for web transactions is the ability of an attacker to inject malicious malware in a victim’s browser. This type of client-side browser attack is generated real-time within a browser session where malware is loaded.

The infected machine can then be tricked to carry out malicious activities, such as background financial transactions, password collection, browser redirection, etc. As the number of ‘zombie’ devices increase worldwide with always-on connectivity – provided by home and mobile broadband – the risk of online financial fraud is much greater.

Sophisticated online fraud transactions using a broad range of attack methods across mobile and desktop devices are on the rise. With an estimated forecast of 6.4 billion connected devices by the end of 2016 according to Gartner, this challenge is not going away, and will only get worse.

How to tackle attacks
Businesses with internet-facing e-commerce systems that handle financial transactions must deploy a range of cybersecurity measures at all layers. From the physical to the application layer. A dedicated web fraud prevention system is required to deal with sophisticated attacks targeting web browsers and transactions.

Such security systems, unlike web application firewalls, are specifically designed to combat e-commerce and financial fraud by screening client side financial transactions, file transfers, web browser code execution, etc.

At the minimum, a robust web fraud prevention system should provide effective and comprehensive protection against commonly used web fraud attacks.

Some of the key protection includes:

  • Generic malware
  • Web injection
  • Credential-stealing
  • Man-in-the-browser (MITB)
  • Man-in-the-middle (MITM)
  • Session hijacking
  • Phishing
  • Website integrity

Several security vendors are joining forces to combat these types of threats that are increasing dramatically. By using Security Operations Centers (SOCs) located around the globe, this provides an effective “honeypot” of capabilities to collect, analyze, and mitigate against the most advanced financial web fraud attacks.

Cyber fraud is rising exponentially. Enterprises with e-commerce systems are particularly vulnerable, as cyber-criminals are always looking for ways to get quick financial gain.

About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

Read Marco’s original post here.

close close