IBM Software Thought Leadership White Paper. Financial malware explained – Explore the lifecycle of fraudulent transactions and how to take action against emerging threats. December 2014.

“Financial malware—that is, malicious software designed to enable fraudulent transactions—is a growing concern for line-of- business executives, heads of retail and commercial banking, readers of global compliance operations, and risk management officers worldwide. Fraudsters rely upon increasingly sophisticated techniques to steal the credentials of online banking customers, and then reuse them to take over the victim’s account and perform fraudulent transactions such as transferring money to new destinations. And often, the victim is not aware that anything is amiss. What’s more, today’s cybercriminals are aware of the fraud prevention technologies deployed by most financial institutions, and they design attacks to circumvent these controls. For example, fraudsters can bypass various forms of authentication by using social-engineering campaigns to convince users to divulge their credentials online. Transaction anomaly detection and device ID approaches can also be highly inaccurate, generating a large number of false positive alerts that can overwhelm IT resources and may negatively impact the user experience.”