Act fast to stem the COVID-related rise in cyber frauds

By Mike Hampson, CEO, Bishopsgate Financial

As the world becomes more digital, rising cyber fraud is set to disrupt businesses more than ever. What prescriptive approaches can financial companies take to fortify their defences? Mike Hampson, CEO at Bishopsgate Financial, looks at how banks can act fast and defend themselves and their customers.

Cyber-fraud has rocketed, becoming even more widespread and sophisticated during the pandemic.  As millions of people have shifted their banking and shopping to remote online networks and mobile devices, a new wave of cyber threats has emerged, targeting banks, e-commerce and other daily financial activities. And, as more banks switch to remote working, this opens security challenges to both insider attacks and outside ones.

A recent report by professional services firm Nexor, shows UK businesses lost over £6.2 million to cyber scams over the past year – with a 31% increase in cases during the height of the pandemic (May-June). Examples include fraudsters using strategic phishing campaigns to lure unsuspecting victims into disclosing personal information; and micro-deposit fraud, where bots attack numerous accounts simultaneously.

Criminals have also sought to target staff working remotely through impersonation fraud, phishing and cyberattacks. This has created both primary risks for banks – as they may unwittingly process payments or even provide financing on behalf of fraudulent traders – and secondary risks, as perpetrators attempt to launder the proceeds of crime through the financial system.

Given the increasing frequency of cyberattacks, financial regulators identify cybersecurity as one of the most pressing risks to the financial services industry. It’s clear the banking sector needs to fight back. We’ve picked out four ways to counter the continuing threat to banks’ cybersecurity.

1. Let Artificial Intelligence (AI) take the strain

So far, cybersecurity strategies have focused on reacting quickly after problems occur. But strategies need to be more anticipatory than reactive; after all, prevention is better than cure. Preventative measures already in use include firewalls, anti-malware applications and vulnerability scanning. However, implementing other intelligence-driven measures, such as Artificial Intelligence (AI) can boost up those defences.

One example of AI is the use of fingerprints to verify payments from digital wallets such as Apple Pay or Google Pay, strengthening authentication methods via biometric logins for multi-factor authentication (MFA). According to MasterCard, the company has two billion credit cards across 210 countries and territories. This equates to processing 165 million transactions per hour.   Banks can use the technology or anomaly detection to combat credit card fraud and loan application fraud that is outside the norm of a particular customer and their bank account. AI will play a key part in the prevention of cyber-attacks, and improve on monitoring to prevent financial crime.

2. Blockchain will shake things up

According to a recent EY research report, 20-40% of financial service providers are investing in Blockchain now and are planning to increase investment, while approximately the same percentage are investing now but planning to reduce expenditure.

Financial services companies such as Deutsche Bank, HSBC, Barclays and Bank of America Merril Lynch have invested in blockchain technology to help secure their financial services. The main attraction of Blockchain is that it creates an indelible audit trail which is distributed across multiple servers, so there’s no single weak link for cyber attackers to target. This provides banks with unparalleled transparency and increases trust.

Blockchain also has the potential to make a complex global financial system less complicated and reduce the number of middlemen involved in the transferring of money.

3. Boost Robotic Process Automation (RPA) spend
   

   Mike Hampson

RPA reduces the time it takes to detect and respond to fraudulent activity, through real-time alert notifications. Perhaps not surprisingly, a recent survey confirms 40% of financial institutions expect to increase their RPA spend in a bid to secure data and protect customers. However, it is not a solution that should be relied upon in isolation. RPA should always be backed by constant monitoring to stop persistent fraudsters from discovering sensitive data.

To date, implementation of RPA has been more challenging than expected although success stories are filtering through. For example, Zurich Insurance Group has achieved savings with automation of manual back-office processes.

4. Secure all VoIP networks and set to record

Internet service providers are seeing a surge in Voice-over Internet Protocol (VoIP) usage driven by the increased adoption of working from home. With this in mind, it’s important to remember that whether VoIP systems are maintained internally or outsourced to a third-party vendor, they remain an extension of organisations’ attack surface that can fall victim to attackers.

Configuration weaknesses in VoIP devices and underlying operating systems can leave organisations vulnerable to threats including denial-of-service, metadata theft, traffic interception, and premium number scams, for example.

It’s important to ensure that the lines used for voice calls are adequately secure and set up for recording, particularly for staff in trading or client communication roles. Recording all interactions is not just a regulatory requirement for many situations but also acts as an audit trail in case of any disputes and as a constant deterrent to fraudulent activity

So, what are the next steps?

As bank leadership teams focus on investing in the relevant people and technology to enhance cybersecurity – and it is the combination of both that’s crucial here – the big challenge will be ensuring existing workforces have the skills to keep up.  A commitment to digital upskilling is essential.

And it’s worth mentioning that innovation is not completely tech-centric. Customer needs during the COVID crisis sparked a widely-welcomed community spirit, and banks revealed their human side. For instance, Lloyds Banking Group launched a dedicated telephone helpline for vulnerable customers during the early stages of the pandemic.

Banks would do well to build on these support activities. Raising customer knowledge of the technology available to help stem the tidal wave of cyber threats is a key requirement for banks. Clear, empathetic communication will help prevent defences being breached in the long run.

With a structured approach to cyber-security, financial institutions will also be more prepared as threats evolve. This will help them to avoid financial damage, negative publicity, and loss of customers’ trust. The value of any financial institution depends increasingly on how well it guards its data, the strength of its cybersecurity, and its level of cyber resilience.

For more insights into the challenges facing the financial services sector this year, download our Change Perspective 2021 report here.  

(1,032 words)

Links:

• https://www.delltechnologies.com/en-us/collaterals/unauth/white-papers/services/mastercard-fighting-fraud-the-smart-way.pdf
• https://due.com/blog/payment-platform-fraud/
• https://www.delltechnologies.com/en-us/collaterals/unauth/white-papers/services/mastercard-fighting-fraud-the-smart-way.pdf
• https://due.com/blog/payment-platform-fraud/
• https://blogs.blackberry.com/en/2018/07/will-blockchain-improve-financial-cybersecurity