John Wilson, Field CTO at Agari
Financial institutions (FIs) are among the biggest spenders when it comes to cyber security -the financial sector has the second highest investment in security in the UK.
However, there is a key area of continued weakness for FIs, and that is advanced email attacks that bypass traditional cyber security technologies and target employees and customers.
Earlier this year reports uncovered an 80% increase in cyber-attacks against FIs, and now intelligence gathered from fifty top banks and FIs in the States and Europe shows a massive increase in Dark Web activity linked to targeted attacks on these institutions. While such attacks take different forms, they almost always start with an email – in fact 93% of successful breaches begin this way.
The most dangerous form of email attack, Business Email Compromise (BEC), occurs when criminals impersonate a trusted contact in order to persuade an employee, customer, or partner to transfer funds or divulge sensitive information. According to the FBI,BEC has led to more than $12.5 billion in losses for US businesses since October 2013. Beyond the direct financial losses, BEC has resulted in the dark web being flooded with stolen data including account details, logins, credit card numbers and other vital PII.
This increase in dark web activity suggests that banks and FIs are in for a digital blitzkrieg over the next year. Despite the mounting evidence of the coming storm, 80% of FIs lack the proper technologies to detect and block sophisticated BEC attacks.
Most financial organisations still rely on traditional anti-spam/anti-malware/anti-virus systems, which were never intended to stop modern email-based social engineering attacks. Meanwhile, the attackers have learned to evade these traditional defences by utilizing low-volume highly targeted attacks rather than the spray-and-pray techniques the defenses were designed to prevent. It’s as though financial institutions are still relying on barbed wire, while the attackers have traded their horses for tanks.
Social engineering isn’t new. The famous hacker and social engineer Kevin Mitnick used to go diving in the rubbish bin to prepare for his exploits. Armed with just enough credible information, Mitnick could walk into just about any company and get access to their computers and phone systems. Today it’s much easier and far less risky, due to the wealth of information available on our corporate websites and social networks just as LinkedIn and Facebook. Add to that the enormous volume of PII aggregated from hundreds of high-profile data breaches, and suddenly attackers from every corner of the globe can target an individual, department, or corporation.
Using tactics such as display-name fraud, domain spoofing, lookalike domains and, when possible, previously hijacked email accounts, a typical BEC campaign has a success rate of 3.7%. The most successful attackers will spend weeks or even months to gain the trust of an unsuspecting mark before going in for the kill. Patience is clearly a virtue for attackers, as a successful BEC attack can score $130,000 or more, according to CNBC.
In 2016 hackers pulled off an $81 million heist against the Central Bank of Bangladesh. It is believed that hackers infiltrated the systems needed to transfer funds through BEC attacks against low- and mid-level officials.Crime syndicates such as the Carbanak crime network, armed with $1.2 billion in loot from malware and phishing attacks, continue to hone their techniques to increase their success rate.
When it comes to customer targeting by the fraudsters, fake fraud alerts, account confirmations and suspension emails are among the top 10 most effective lures scammers use to hook their prey.
Like the Carbanak operation, many cybercriminals use “work from home” scams to recruit money mules to help them launder money. Others use the victims of online romance scams to help them move money. Despite some recent headlines touting multinational law enforcement actions against organized cyber criminal gangs, cyber crime continues to be a $2 trillion scourge on the global economy, amounting to a whopping 2%-5% of global GDP.
Traditional approaches to fighting BEC and other email threats haven’t proven effective at countering schemes that use identity impersonation and social engineering.
Machine learning is nothing new in the anti-spam space. Traditional solutions are trained to find a needle in a haystack by understanding what a needle looks like. It’s pretty easy to design a needle that doesn’t match the machine’s definition. Some financial institutions are finding success using modern machine learning technologies that assess people, relationships and behaviours in order to prevent malicious messages from reaching their targets. To continue the analogy, these modern machine learning algorithms learn what hay looks like so they can ignore it to find the needles.
Every company that receives mail also sends mail to their customers, partners, and employees. Protecting external parties presents its own set of challenges, as you have zero control over the protections in place outside your own organisation. Fortunately, there’s a standard known as Domain-based Message Authentication Reporting and Conformance (DMARC) that can prevent exact-domain spoofing. While it’s heartening that most financial services organisations have deployed a DMARC policy, only 20% of financial institutions have published a strong policy that goes beyond monitoring to actually prevent spoofing.
Will any of this help? There are certainly signs of progress. In fact, organisations seeking solutions to advanced email threats can take a cue from companies that are blazing trails against these and other emerging challenges.
With Dark Web activities pointing to increased attacks on major banking system transfer platforms such as SWIFT, as well as stepped-up assaults on consumers, FIs need to heed the warnings and deploy effective solutions against email-borne social engineering attacks.
With 30% of UK companies reporting that they have sacked an employee for negligence around data breach, it is not just money and reputation on the line. It is careers too.
New digital first bank – Monument – announces its key technology providers
- Monument selects Mambu, Salesforce, Amazon Web Services, Persistent Systems and Accenture as key providers for its technology build
- Monument is the first challenger bank in the UK to service the unmet demands of more than 3.5 million mass affluent clients: professionals, property investors and entrepreneurs
- It is building a modern, unique, lego-like technology platform which takes best of breed SaaS providers and integrates them in a cloud based microservices architecture
- This will deliver an exceptional client experience and enable Monument to innovate and to introduce new components on a frequent basis
- Monument today announces that Mambu will be the central core banking engine in the platform alongside Salesforce for CRM, and AWS for cloud services
- Monument has also engaged Persistent Systems and Accenture Interactive to support the platform build
Following receipt of its banking licence with restriction on 6 October 2020, Monument has now signed agreements with a number of key technology providers to enable the build of its bespoke technology platform.
Monument wants to deliver exceptional client experiences by using technology solutions that are modern, flexible, easy to integrate and ultimately, if necessary, able to be replaced should the need arise. The design of its lego-like technology platform is Monument’s solution to the huge challenges faced by the legacy systems of established banks. Having assessed the market over many months, Monument concluded that no appropriate single solution existed in the market for the products and services that Monument will launch in 2021.
In addition, Monument only wishes to develop its own technology where it can deliver significant competitive advantage, for example in the mobile and web services to be used by clients. Much of the technology platform is therefore based on best of breed solutions from modern, cloud-based providers.
Mambu has developed the leading cloud banking engine which is an excellent fit for the platform that Monument is building. Similarly, Salesforce provides an industry leading CRM (customer relationship management) solution which can easily be integrated with Mambu and other solutions. AWS, as a leading provider of cloud-based infrastructure, provides a range of components to ensure the platform is reliable, scalable, secure and flexible.
To support Monument in building and integrating a platform with more than 18 different components/providers, Monument has chosen to work with Persistent Systems, a leading global solutions provider specializing in digital with extensive experience in software as a service (SaaS) solutions. To support Monument in rapidly building its mobile app and web-based channels, Monument has chosen to work with Accenture Interactive, which has significant expertise in building innovative digital experiences in both the financial and non-financial sectors.
Steve Britain, Monument’s Chief Operating Officer said:
“We have been working closely with our chosen providers for some months now, to lay the foundations for the build of our platform. We are delighted at how much we have already achieved, particularly as much of the work has been done by a highly distributed team because of COVID-19. We are now focused on completing the work to build a unique configuration of best in class software components that will make us highly flexible for the future and deliver market leading client service.”
More announcements will be made shortly as other key components of the architecture are confirmed.
Sudip Dasgupta, Monument’s Chief Technology Officer added:
“It was essential to me that we selected the strongest providers available. Those that offer us modern technology solutions with the best degree of integration that we need, together with flexibility for the future and proven operational reliability. In Mambu, Salesforce and AWS we have certainly achieved that objective and we are excited about our future engagement with them. Equally, as we rapidly build our platform for launching with clients in early 2021, we wanted support from providers who have been on this journey before and in Persistent and Accenture Interactive, I am delighted to say we have found that.”
Monument will be the only bank to offer its clients an entirely digital journey for buy-to-let and property investment lending of up to £2million. It will offer market leading, top quartile savings rates and its model is designed to reward loyalty. So, if a saver deposits money for a subsequent fixed term, they will get a better rate than a new customer. And a borrower who renews their loan will also be offered a favourable rate.
UKRSIBBANK, part of BNP Paribas Group, announces a strategic partnership with financial wellbeing startup Dreams, to enhance the digital user experience of its 2 million customers in Ukraine
- The technology powering popular consumer app, Dreams – which has helped 460,000 users save over 440M EUR – will be made available to UKRSIBBANK’s users in Ukraine.
- Through the integration of the Dreams platform within UKRSIBBANK’s own digital tools, customers of the bank can set and achieve money-saving goals, track and improve their financial lives.
Dreams (https://www.getdreams.com/en/b2b/), the Stockholm-born fintech empowering millennials to save and feel better about their money, today announces a strategic partnership with Ukrainian commercial bank UKRSIBBANK, a subsidiary of French international bank BNP Paribas Group.
This partnership follows the announcement earlier this year of Dreams’ first enterprise partnership with banking software provider Silverlake Symmetri, and the recent unveiling of a new department in Stockholm dedicated to the development of Dreams’ B2B partnerships. The announcement marks an expansion of the company’s business model as it consolidates its B2B offering and evolves its services as a provider of white label solutions for financial institutions.
Through the integration within UKRSIBBANK’s own digital tools of the Dreams Platform – which is rooted in scientific principles – customers can set and achieve money-saving goals through clever, automated saving features, in addition to nudges and saving hacks.
The Dreams Platform will be included as part of UKRSIBBANK’s digital banking offering for its 2 million+ customers, and is set to grant millions of potential consumers across Ukraine access to products which will help keep their finances on track and improve their financial lives.
The rise in digital self-help tools has long been anticipated by Dreams and forward-thinking financial institutions. The current global economic uncertainty brought about by the COVID-19 pandemic has also placed significant strains on people’s finances, and the demand for better personal finance tools has only accelerated. The partnership with Dreams is welcomed by UKRSIBBANK which is currently striving to equip its customers with the best possible banking solutions whilst helping them achieve a more sustainable lifestyle.
Dreams is firmly established as an authority in its industry, having launched its consumer-facing app in its native Sweden in 2016 and Norway in 2018 – where it has already achieved a 16% market share of all 20-39 year olds.
Henrik Rosvall, CEO and founder of Dreams, comments: “It’s a true honour to be partnering with UKRSIBBANK and BNP Paribas Group, and we’re incredibly excited to be introducing the Dreams solution to UKRSIBBANK’s customers and the wider Ukrainian market.
“Dreams and UKRSIBBANK can now lead the charge, with BNP Paribas Group’s corporate strategy having shifted in recent years to focus on guiding customers towards responsible consumption and sustainable personal finance management. I’m confident that our mission of helping millennials save more and feel better about their money makes us the ideal partners.
“Our financial wellbeing platform – which is built upon behavioural science and personal finance management principles – will provide the perfect tool for UKRSIBBANK to help its customers make better financial choices and become more sustainable in the way they handle their finances. This partnership will also help UKRSIBBANK safeguard the loyalty of its customers and futureproof its digital banking offering against a growing number of challenger banks and fintechs.”
Konstantin Lezhnin, Head of Retail at UKRSIBBANK BNP Paribas Group, comments: “I believe that banks have a role to improve their customers’ lives. Planning and saving for important life events improves our quality of life by reducing stress levels, and we wish to make our customers feel more confident and in-control of their lives.
“UKRSIBBANK has always applied innovative ways to assist our customers in financial planning, so we are very happy to now be working with Dreams, the best European player in behavioural savings. They have an extremely solid track record in Sweden and Norway based on scientific research, so we are confident that this partnership will work positively for our customers in Ukraine. This also demonstrates our strategy to cooperate with startups and innovative companies that seek ways to expand their operations.”
Three times as many SMEs are satisfied than dissatisfied with COVID-19 support from their bank or building society
- More SMEs are satisfied (38%) than dissatisfied (13%) with their COVID-19 banking support
- Decline in SMEs using personal current accounts for business banking as more seek access to the Government-backed lending scheme
- Fewer SMEs believe nearby branches are important when choosing a bank or building society
- 15% of SMEs use mobile or online banking more often than before the COVID-19 pandemic
- When SMEs do look to switch, low or no charges for business banking remains the most important factor (47%) in selecting a new account
Three times as many SMEs have been satisfied than dissatisfied with the COVID-19 support available from their bank or building society, according to YouGov research commissioned by the Current Account Switch Service.
Overall, four in ten SMEs (38%) were satisfied with the support they received from their business current account provider since the pandemic began. This contrasts with one in ten SMEs (13%) who were dissatisfied. In general, more than half of SMEs (55%) are satisfied with their current business bank account, compared to 8% who are dissatisfied. However, inertia remains a problem as half of SMEs (50%) said they would not look to switch business accounts even if they were dissatisfied with their current bank or building society.
When SMEs do look to switch, low or no charges for business banking remains the most important factor (47%) in selecting a new account. Advanced digital features (35%), good interest rates (34%), and a personal connection through a relationship manager (33%) also mattered.
The SME banking research was conducted both in February and in September 2020. It also reveals that since the start of the pandemic, the proportion of SMEs using business current accounts has increased from 69% in February to 74% in September as firms are required to have a business account to receive access to the Government-backed lending schemes.
However, one in five SMEs (20%) still use a personal current account for their business banking needs, despite the risk that tax liabilities get confused, and calculations are made incorrectly. These businesses are also missing out on a range of business-only banking benefits such as integrated accounting software or invoicing tools offered by different providers.
In addition, the research shows the importance of branches to SMEs has declined over the seven months. When asked in February, more than a fifth of SMEs (22%) said the availability of nearby bank branches was important when selecting their bank or building society, compared to 17% in September. However, the Post Office could be fulfilling the role of branches in some areas.
The declining importance of nearby branches was most noticeable in the North East region where 35% of SMEs believed branches were important in February, falling to 18% in September. The importance of nearby branches also varies between industries. One in ten IT companies (11%) said nearby branches were an important factor compared to nearly three in ten (29%) leisure and hospitality businesses.
While branches are less important, digital banking use has increased for some SMEs. Several firms have started to use online banking for the first time as 15% of SMEs say they use mobile or online banking more often than before the social distancing measures were introduced.
Maha El Dimachki, Chief Payments Officer of Pay.UK, owner and operator of the Current Account Switch Service, said: “Across the country, banks and building societies have been working hard in difficult circumstances to meet customer needs. Thanks to that work, small and medium-sized enterprises are more likely to say they are satisfied than dissatisfied with the support they received from their business account provider since the pandemic started. But lockdown has changed small business behaviour dramatically, in a way that points to significant changes to their banking needs both now and in future.
“It’s encouraging to see many small businesses are generally satisfied with their business bank accounts. However, even when businesses are unhappy with their bank, some don’t consider switching as an option, despite the many benefits available. We’ll continue to raise awareness of the benefits of switching among small businesses to help them get the most from their bank account.”
Data Unions, fisherfolk and DeFi
By Ruby Short, Streamr In the fintech world it seems every month there’s a new trend or terminology to get...
Deloitte: Middle East organizations need to rethink their workforce in the wake of COVID-19
Organizations in the Middle East have had to take immediate actions in reaction to the COVID-19 pandemic, such as shifting...
One in five insurance customers saw an improvement in customer service over lockdown, research shows
SAS research reveals that insurers improved their customer experience during lockdown One in five insurance customers noted an improvement in...
ECOMMPAY expands Open Banking payments solution to Europe
Open Banking by ECOMMPAY facilitates fast, secure and simple payments International payment service provider and direct bank card acquirer, ECOMMPAY, has...
Bots Are People Too: Robotic Process Automation in Finance
By Tom Venables, Practice Director – Application & Cyber Security at Turnkey Consulting As technology has advanced, Robotic Process Automation...
The power of superstar firms amid the pandemic: should regulators intervene?
By Professor Anton Korinek, Darden School of Business and Research Associate at the Oxford Future of Humanity Institute. Gosia Glinska, associate...
How to drive effective AI adoption in investment management firms
By Chandini Jain, CEO of Auquan Artificial intelligence (AI) has the potential to augment the work of investment management firms...
Democratising today’s business software with integrated cloud suites
By Gibu Mathew, VP & GM, APAC, Zoho Corporation Advances in the cloud have changed the way we interact with...
Why the UK is standing tall at the forefront of fintech
By Michael Magrath, Director of Global Standards and Regulations, OneSpan In recent years, the UK has established itself as one...
How CFO’s can Help Their Businesses Successfully Navigate The Financial Fallout From COVID-19
By Mohamed Chaudry, Group CFO of FoodHub 2020 has been one of the toughest years in recent memory for business....