Cyber Fraud Prevention
Due to new regulations such as General Data Protection Regulation (GDPR) and Payment Service Directive 2 (PSD2), Deutsche Bank introduces DB Secure Authenticator to ensure it is strengthening the security around clients' data online. DB Secure Authenticator is a new app available on iOS and Android which allows users of Global Transaction Banking online systems (e.g. the Autobahn App Market) to perform secure log-in and authorising transactions.
Furthermore biometric authentication is supported on the DB Secure Authenticator app. This functionality allows you to log into the DB Secure Authenticator using your fingerprint or facial recognition (on supported devices) without having to enter your PIN.
Please click here to find out more information on DB Secure Authenticator.
Click below to watch a video which explains the easy process to upgrade to DB Secure Authenticator.
Deutsche Bank has established a comprehensive information and cyber security program with a high standard financial industry security governance framework and organization to implement control and adherence to security policies and standards in conjunction with evolving business requirements, regulatory guidance and an emerging threat landscape.
Nevertheless it's important that you protect yourself by understanding the evolving fraud schemes and that you follow the best practices to mitigate internet payment fraud.
Internet fraud and cybercrime schemes
Scheme 1 - Business executive scam
- Email account of a high-level executive within a company (usually the CEO or CFO) is exploited.
- Fake email is sent to the company's controller requesting a significant amount is wired to a foreign bank account.
- Fraudulent email asks the wire be executed on an urgent basis to facilitate a foreign transaction.
Scheme 2 - Bogus invoice scheme
- Fraudsters email a business with an invoice purporting to be from a regular supplier or trusted source.
- The invoice appear a normal looking document, but to view the file, the recipient has to enable a macro which installs malware into the computer.
- The malware will then log the company's online banking credentials, along with other financial information, before sending it back to the criminal. The data is then used to steal money from the bank account of the business.
Scheme 3 - Employee´s personal email hacked
- An employee of a business has his/her personal e-mail hacked.
- Requests for invoice payments to fraudster-controlled bank accounts are sent from this employee's personal e-mail to multiple vendors identified from the employee's contact list.
- The business may not become aware of the fraudulent requests until they are contacted by their vendors to follow-up on the status of the invoice payment.
Scheme 4 - Phishing email with fake links
- A criminal sends an email to a payment operations employee in the targeted corporation. These emails appear to be from the financial provider asking informing about an update on payment system software.
- The phishing email will ask you to fill-out a form or click on a link or button that take you to a fraudulent website. The fraudulent website mimics the company referenced in the email, and aims to extract your personal data including user-id and password from the targeted online banking application.
Scheme 5 - Rogue phone calls
- A fraudster phones in (either as "hotline", with the "need" to ensure proper functioning and asking for one time passwords, which is then followed up by a email with the fake account details, to lure the company to transfer money to an incorrect account).
Best practices to mitigate internet payment fraud
Delete spam
- Immediately delete unsolicited e-mail (spam) from unknown parties.
- Do NOT open spam e-mail, click on links in the e-mail, or open attachments.
- These often contain malware that will give criminals access to your computer system.
"Forward" vs. "Reply"
- Do not use the "Reply" option to respond to any business e-mails.
- Instead, use the "Forward" option and either type in the correct e-mail address or select it from the e-mail address book to ensure the intended recipient's correct e-mail address is used.
Check all requests with a false sense of urgency
- Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.
- Also be alert if you receive an urgent email from you CEO or CFO asking you to execute a confidential transaction within a short period.
- Always call back the CEO or CFO for verification.
Check emails requiring system upgrades
- Always contact your bank relationship manager when you receive an email requesting you to upgrade your online banking application.
Cyber Security Measures for Global Transaction Banking clients on the Autobahn App Market
Secure Inbox to protect confidential communications
- Deutsche Bank provides a centralized feature to enable clients to securely receive confidential communications including reports, emails, alerts, product updates and other important information.
Strong authentication
- Strong customer authentication, a method of verifying the identity of a user via two independent factors, is highly recommended by Deutsche Bank both at log-in to online systems as well as at the point of authorizing a particular transaction. Deutsche Bank offers GTB clients Strong Authentication via a range of solutions including Digipasses, SWIFT 3 Skey, as well as DB Secure Authenticator - see above.
IP (Internet Protocol) Filtering for secure accessibility
- Clients can select a range of IPs to access GTB's payment systems. Users attempting to access the clients' accounts outside the pre-set IP range will be denied access.
Payment Change Alert to ensure consistent payment flows
- Deutsche Bank recently introduced a payment change alert to ensure that any changes in payment flows are not missed. The authorizer is informed when a modification of a critical field has taken place.
Get in touch
Please contact your Deutsche Bank representative
