Step 1. A customer was infected by malware via an attachment to an email. This malware was used to trick the intended victim into disclosing their Customer ID, User ID, PIN & password to the fraudster, along with smartcard challenge & response codes.
Step 2. The fraudster used this information in real time to access the customer’s Bankline profile and key payments.
Step 3. Dual authorisation was turned on for all external payments, so the transaction went into the authorisation queue where the second authoriser queried why their colleague had seemingly made a series of large payments, to previously unknown beneficiaries in both in the UK and abroad.
Step 4. The attempted transactions were confirmed as fraudulent and were reported to the bank and law enforcement. The dual authorisation control effectively thwarted the malware attack, preventing the loss of a six figure sum.