COVID-19 pandemic has changed the security landscape for banks. Cyber-attacks against Financial Institutions rose to 238% as the COVID-19 pandemic spread across the world. While many customers resolved to use digital channels, 82% of FIs and customers surveyed experienced social engineering and other malicious attacks. Wired fraud increased by 17% from 2019 while ramsomware attacks against FIs have increased by 9-fold from February 2020 to date, a recent report from Carbon Black states.
Despite strategies put in place by financial institutions, criminals are using sophisticated methods to take over customer accounts. Scammers are using mass cyber-attacks, such as phishing, smishing (phishing by SMS) or sharing malicious links on social networks, and bank transfer fraud. Also, a recent Javelin Strategy survey found a total $16.9 billion (USD), was lost to identity fraud in 2019. To combat fraud and ensure data privacy, monitoring and securing activities would need to expand to ensure information is secured before it is stolen.
Proactive measures include:
- Using a multi-layered approach to securing the enterprise. Strengthen access policies by implementing two-factor authentication (2FA) across the enterprise. Incorporate secure and highly complex passwords. With 2FA, a user is granted access after providing two pieces of evidence to the authenticating mechanism (like JPrivacy).
- Customer awareness of the importance of securing online and mobile devices, such as installing anti-malware protection on all devices.
- Customer awareness of the importance of placing a transfer limit on their bank account, to reduce risk, in case their mobile device is linked to their account and has been compromised.
- Providing guidance and awareness of various social engineering scams to your customers, will go a long way to help them spot the difference between trusted and fraudulent communication, for instance, a HSBC representative usually asks customers if adequate verifications have been done before completing a financial transaction.
- Customer awareness of the importance of signing up for transaction email and sms notification alerts on their account.
- You might consider utilizing biometric systems to effectively confirm customer identity, to simplify your verification processes, if not already in place.
- Customer awareness of the importance of keeping their private information up to date (such as, changes to contact phone number and address) so that they can be easily contacted.
- Machine Learning (ML) systems provide real-time tracking and insight to detecting suspicious activities, enabling banks to be ahead of the ever evolving fraud landscape. Also, ML allow banks to comply with regulatory measures and manage the operational costs of fraud detection and prevention without solely relying on a rule-based approach.
- Apart from using security solutions, it is equally important to have a dynamic information security culture within the bank. Continuous security audit and monitoring is important to ensure regulatory compliance and to meet the challenges of an ever changing cyber threat landscape. This helps to identify vulnerabilities for prompt actions to be taken, before an exploitation occurs.
In conclusion, company-wide vigilance is required to ensure the protection of customer data. Continuous employee training and retraining is required to be able to detect the changing face of scams and fraud before they get beyond curtailment.