A leader in online banking, BoursoBank has built its success on a comprehensive banking offer and a highly competitive pricing strategy. With more than five million customers accessing nearly 1,000 online features, the bank’s fight against fraud has become a major focus.
The fight against fraud now has two additional requirements: to protect the confidentiality of personal data and to ensure an optimal customer experience. To assist it in this mission, BoursoBank has chosen to work with the IBM Security® Trusteer® solution.
Online banking customers are increasingly vulnerable to fraud. Although security barriers have been strengthened with tactics such as two-factor authentication, the methods used by hackers are constantly changing. Phishing represents more than half of all cases. Customers receive an email that looks like an official document from their banking institution. This email actually leads to a fraudulent website that will steal the customers’ access codes when they try to log in. Hackers can also make phone calls. They use personal information gleaned from the internet to persuade customers to reveal their personal codes or perform operations that allow the hackers to gain access to their victims’ accounts or personal computers. A study published by the National Institute of Statistics and Economic Studies (INSEE) at the end of 2021 has shown that 35% of European internet users have been exposed to phishing and 30% have found malicious software on their internet access equipment.
With more than five million customers, BoursoBank has prioritized the fight against fraud and customer protection. These are issues that impact operations, finances and the company’s image in terms of both customers and partners.
Implementing anti-fraud measures is a complex process: with nearly 1,000 account management actions accessible online at BoursoBank, the monitoring area is very extensive. For confidentiality reasons, BoursoBank does not allow the anti-fraud solution to access customers’ personal data—the analysis is therefore based on technical or behavioral criteria secured during connection. In addition, the deadlines must be very short—both to avoid inconveniencing customers who are legitimately consulting their accounts and to quickly counter any attempts at fraud.
BoursoBank offers about 1,000 online features, all of which should be checked.
Alerts based on the identification of blacklisted devices account for 97% of proven fraud.
BoursoBank has chosen IBM Security Trusteer, a solution that detects fraud across the omnichannel customer journey. More than 500 leading organizations trust IBM Security Trusteer to secure their customers’ access.
This solution analyzes each connection to BoursoBank services in order to assign them a suspicious activity index. The higher the index, the more likely the connection is fraudulent. To do this, IBM Security Trusteer combines several types of data: information from threat intelligence databases that reference fraudsters’ devices or hosting services often used by hackers, the technical characteristics of the current connection, the behavior during the connection and many other variables. By cross-checking these data, the solution can identify suspicious operating modes and therefore raise an alert.
IBM Security Trusteer can, for example, detect the origin of a SIM card. When it is different from the IP address country, the trust index is lowered. IBM Security Trusteer can also detect suspicious extensions installed on browsers, smartphone applications infected with malicious code or jailbroken systems more exposed to attacks.
“It is important to note that BoursoBank has chosen not to communicate any information about the user or the data entered with IBM in order ensure confidentiality. IBM Security Trusteer knows how to avoid this, which makes it stand out from other competitors,” underlines Pierre Blanchier, CISO of BoursoBank.
BoursoBank then examines the alerts identified. A dedicated internal unit, based in France, studies these incidents in greater detail, determines whether the fraud is real and takes the necessary measures.
The main objective behind the solution is, of course, to decrease fraud. But for BoursoBank, three key aspects allow it to stand out from other players in the banking industry, subject to the same pressure from hackers.
Decrease in “false positives”
As each alert is examined by a human employee, the multiplication of false positives can be very penalizing in terms of finances and human resources. “We worked hand in hand with IBM to improve the success rate and significantly reduce false positives,” says David Godat, CIO of BoursoBank. “In fact, we know that for certain types of alerts, we have a proven fraud rate of up to 97%.” confirms Blanchier. Moreover, alerts that can be trusted open the door to automating their processing, which “is one of the projects that the BoursoBank teams are working on,” adds Godat.
Anticipation
It is often said that hackers are always one step ahead. IBM Security Trusteer, a solution used by a large number of banks, monitors millions of sessions every day around the world and pools information about how hackers operate. As a result, the rapid integration of new techniques and data into IBM Security Trusteer’s recognition models keeps hackers on their toes.
Safeguarding the customer experience
By working on the behavior of hackers at the time of connection, IBM Security Trusteer makes it possible to shorten the identification and reaction time. The hacker can be identified extremely quickly, even before he has been able to complete his fraud. BoursoBank’s immediate reaction makes the attempt absolutely painless for the customer, who is spared the stress of a blocked account or the wait for a fraudulent transaction to be regularized.
BoursoBank (link resides outside of ibm.com), a subsidiary of Société Générale, is a pioneer and leader in its three main activities: online banking, online brokerage and online financial information. BoursoBank offers a wide range of products and services to meet its customers' banking needs: Everyday banking, loans (real estate, consumer, renewable), precautionary savings, life insurance, stock market and insurance.
© Copyright IBM Corporation 2023. IBM Corporation, New Orchard Road, Armonk, NY 10504
Produced in the United States of America, January 2023.
IIBM, the IBM logo, IBM Security, and Trusteer are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on https://www.ibm.com/legal/copyright-trademark.
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
All client examples cited or described are presented as illustrations of the manner in which some clients have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual client configurations and conditions. Generally expected results cannot be provided as each client's results will depend entirely on the client's systems and services ordered. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.
Statement of Good Security Practices: No IT system or product should be considered completely secure, and no single product, service or security measure can be completely effective in preventing improper use or access. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.