A group of attackers succeeded via social engineering to target several customers and obtain individual credentials (including OTPs), bypassing the MFA process. The attackers then logged into the application as legitimate customers and succeeded to perform (several) money transfer transactions (even receiving the OTP required to approve money transfer transactions from targeted victims).
Rule-based systems employed by the bank were not able to detect many of these attacks, and in fact generated several false positives.
The sequence of activities performed by a customer in an application session (a journey was created per application session).
TrackerIQ learned typical journeys in the e-banking application for each customer, and each customer journey was compared to typical journeys learned for this customer. The underlying assumption is that the attacker’s journey in the e-banking application is different from a customer’s typical journeys.
Banking, publicly traded.
An e-banking application (web and mobile) used by the bank’s customers to manage accounts. The application enables customers to perform money transfer transactions to a 3rd party account.
application audit logs describing user (i.e. customer) activities in the e-banking application.