Skip to content
Microsoft Industry Blogs

With 2016 fading quickly in the rear-view mirror and continuing alarming announcements relating to cybersecurity and fraud, it’s a good time to take a look at global trends in online banking fraud and what we can expect for 2017.

Trends in Online Fraud

2016 saw the rise of a number of different types of cybersecurity attacks. Remote administration tool (RAT) attacks saw exponential growth over previous years, according to research presented in Microsoft Azure partner Biocatch’s webinar “Global Trends in Online Fraud: 2016 Year in Re-view.”

One of the main reasons for the increase in RAT attacks is because of the difficulty in detecting them using traditional means, especially in the financial sector. RAT attacks use system-level remote access tools that are commonly used by system administrators or help desk personnel to render technical assistance. As a result, because a RAT attack originates from the customer’s device and uses non-trojan, system-level software, such attacks bypass traditional anti-malware techniques.

The one cybersecurity tool that consistently demonstrated the ability to thwart such attacks was behavioral biometrics. In one international bank transfer attempt in 2016, for example, a fraudster had gained access to a client machine via a RAT attack. Ultimately though, behavioral biometrics flagged the transfer attempt as fraudulent based on the anomalous way the fraudster was interacting with the user’s device via the RAT.

In the accompanying infographic, the green dots on the right side of the first image show that the legitimate user mainly relied on the scroll bars along the right side of the screen, whereas in the second image the red dots show that the fraudster preferred using the mouse scroll wheel to accomplish the same tasks. The biometric analysis also showed that the fraudster used the Caps Lock key rather than the Shift key, as the legitimate user did.


In addition to RAT attacks, voice phishing (vishing), account takeovers (ATO), refund attacks, and mobile banking fraud are just a few of the methods that also saw increased use in 2016.

What to Expect in 2017

As 2017 marches on, many of these attack methods will only grow in popularity. In particular, RAT attacks have proven to be a very reliable and successful way to bypass more traditional means of security and will no doubt continue to grow in use until behavioral biometric security is more widely adopted.

Changes in various industries, such as open API banking in the financial sector, will open up increasing avenues of attack. 2016 saw a rise in ag-gregator attacks, namely attacks on services that allow users to access multiple services through a single aggregator. As these services in-crease in popularity among consumers, they will also increase in popularity as high-reward targets for fraudsters, especially in the financial industry. Social engineering, one of the oldest methods of attack in fraudsters’ arsenals, will also see continued growth in 2017.

The BioCatch solution leverages Microsoft Azure cloud technology. The solution analyzes the interactions of users online and provides real-time risk scores on whether there is an imposter, human or non-human (mal-ware, bots, remote access trojans) in a session. BioCatch uses Microsoft Azure Table storage, Azure blobs, Azure Service Bus, Azure SQL Server and Event Hub.

To learn more about the threats, both old and new, that played a role in 2016, as well as more detailed information about what to expect in 2017, view the BioCatch webinar titled “Global Trends in Online Fraud: 2016 Year in Review,” or download our latest white paper, Protect Online Banking from Remote Access Trojan (RAT) Attacks.

Read more on the Microsoft Banking & Capital Markets and Insurance blogs.