For as long as banks have been around, there has been fraud. Banks and other institutions that provide services that rely on authorized access must protect their clients from fraudulent actors. Given that breaking into a bank physically or electronically is typically more difficult than breaking into an individual user's computer, today's bank robbers often specialize in the “last mile” to the end costumers. Many customers conduct their banking transactions via the internet using banking front ends, mostly running on their own devices such as desktop computers, tablets and smartphones.
In general, bank transactions in a digital environment are facilitated by the establishment of a session between server and client device using secure and encrypted communication protocols, which requires that the user supplies authorization credentials. This is most often based on a username and password and/or a second strong authentication, but it can also be based on biometric solutions such as fingerprint scan, iris scan or techniques using continuous behaviometrics in the background. A “user session” for purposes of this disclosure is defined as viewing and downloading of multiple discrete units of information, such as additional packetized data and/or webpages, being loaded on the basis of user input. Examples include a login page, an overview page, action pages, and so on. Each page may have multiple parts thereof such as fields, forms, lists, sliders and buttons for enabling user input.
Despite the efforts undertaken to make modern internet-based banking more secure, banking transactions are still vulnerable to the broad threat that modern fraud includes phishing, hacking, and stolen account information to crafty social engineering perfected to lure also quite avid and vigilant users of modern internet banking. In a social engineering fraud, it is often the proper user of the account that is lured to login and perform a transaction on a fraudulent front-end system.
In some cases, fraudulent actors use malware, remote access trojans (RATs) or automated programs (BOTs) to disguise their malfeasance. For purposes of this disclosure, use of a RAT, BOT, or other method of intercepting and/or using data which intended for another for a nefarious purpose or simulated nefarious purpose is referred to as “malfeasance” and a person or entity carrying out same is referred to as a “malfeasant” or “malfeasant party.”
RAT attacks can be particularly difficult to detect and counteract because they are usually not found by traditional anti-virus and anti-malware products. They may lie dormant for long periods of time and collect privileged information to enable an attacker to log in using legitimate credentials, or to allow an attacker to access a session that was opened by the genuine user.
U.S. Pat. No. 6,460,848 describes a system which automatically monitors systems to detect fraud. This is carried out by using a number of clients networked over a computer network to a server and a central database which receives raw event data and other data and a graphical representation of contents of a bank. The end user CPU (central processing unit) executes play tracking and image analysis software for each client and can execute a software module for performing surveillance analysis and a software module for performing real-time data transmission. Additional computers can access the information in the central database to perform surveillance monitoring and reporting, respectively. The client communicates via an operations communications port and a diagnostics communication port with external computers and devices over a communications link such as a local area network and/or a wide area network. While some aspects of a casino's security system should be plainly visible as a deterrent, other aspects of the security should be unobtrusive to avoid detracting from the players' enjoyment of the game and to prevent cheaters and thieves from avoiding detection. The disadvantage of this system is that a proprietary program must be executed at each client computing device.
What is needed is a way to better detect malfeasance, fraud, and/or a risk of authenticated data sent to a banking user being compromised by a third party.