Fraud and scams and in particular, scams perpetrated via SMS, are problems on a worldwide scale, with customers in almost every country in the world being caught out by the actions of cybercriminals.
The Philippines is no exception. The numbers are startling: 85% of people received a scam message in the last year via SMS, and 44% saw scammers attempt to defraud them via messaging apps.
These messages might be the attack vectors of choice for bad actors targeting the Philippines, but they’re only the starting point for scams that can be very sophisticated – and in many cases, very successful.
An invisible threat?
At the simplest level, the messages might just prompt the user to click a link to download a document or an anti-virus package; these invariably contain malware such as Remote Access Trojans (RATs) that can give a fraudster the access that they need to the victim’s device in order to steal credentials or clean out their accounts. Even mobile devices are at risk – there has been a marked rise in mobile RATs, or mRATs.
Often however, the message will be the precursor to a social engineering attack, where the scammer builds a relationship with their victim, culminating in convincing them to make a funds transfer themselves. They may masquerade as a trusted operative from the bank, or even the police, telling the legitimate customer that their account has been compromised, and that they need to transfer their funds to a new account.
Armed with an intimate knowledge of the user journeys of the customers’ banks, these fraudsters can appear very convincing indeed. And by the time the customer has realised what’s happened, it’s too late.
The challenges for banks
Preventing these scams is no easy task. Because the customer has been coerced into actioning a seemingly legitimate transfer, it’s difficult for the bank to identify that a fraud has taken place – if anything, it’s more likely to appear that it’s the victim who is trying to initiate a first-party fraud.
It’s a situation made more difficult by the fact that many banks and financial institutions are still reliant on legacy systems and infrastructures, subsequently finding themselves behind the curve in terms of the digital transformation necessary to put the solutions in place that can stop the fraudsters dead in their tracks.
As a result, there is frequently a reliance on passwords and usernames for authentication, a form of security that bad actors have few problems with bypassing. Even when additional authentication factors are used, the method of choice is usually SMS OTPs – which can be bypassed by SIM swap attacks or by the social engineering approaches outlined above.
Infocentric – the leader in identity access management and governance
Fortunately, there are organizations who are taking the initiative in helping businesses evolve and in doing so, protect their customers. Infocentric Solutions Inc. is leading the charge in the Philippines.
With years of experience in the cybersecurity space, Infocentric has an unparalleled track record in helping Filipino banks and financial institutions navigate the complexities of digitalization, ensuring that organizations can confidently move into the digital space. And in doing so, those businesses are able to take advantage of a digital authentication, fraud prevention and intelligence solution such as Callsign.
Callsign – balancing UX, fraud prevention and compliance
Callsign’s industry-leading solution is already used by some of the biggest banks and organizations in the world. The only solution that considers both security and user experience, Callsign’s sophisticated technology gives businesses the ability to let their customers get on with digital life with the minimum of friction but the maximum of safety.
That safety comes from layering device intelligence with Muscle Memory Technology – Callsign’s best-in-class behavioral biometrics. Callsign passively analyses thousands of data signals ranging from location and hardware addresses to how a person types, swipes or even holds their device.
Even if a fraudster attempts to use social engineering techniques to scam a would-be victim – a strategy that’s at the heart of the majority of SMS and message scams – Callsign’s Detect, Intervene, Protect approach can stage a dynamic intervention in real time, presenting the customer with a tailored warning that scammers can’t anticipate, or talk their way around.
A partnership for security – and success
Callsign and Infocentric are aligned on the all-important mission of stemming the tide of scams and fraud in the Philippines. As a key player on the global stage, it’s imperative that the Philippines is able to defend itself against the malicious activities of the bad actors who prey on businesses and their customers.
Equally, it’s important that the solutions adopted by organizations align with the compliance requirements of the Central Bank of the Philippines. And that’s exactly why Callsign are partnering with Infocentric, who bring not only their technical expertise, but also their vast experience of the regulatory requirements of the region to the table.
Learn more about Infocentric’s successes, and discover Callsign’s world-leading solutions for yourself.