By Karen Wheeler, Vice President and Country Manager UK, Affinion
It’s fair to say that a stereotype of cybercrime victims has been formed in recent years. Through the media we hear lots about unsuspecting elderly people who aren’t very tech-savvy handing over their personal details to con artists or investing their life savings in schemes that don’t exist.
If this sounds familiar, then you may be surprised to discover that it’s actually young adults aged 18-25 in the UK who are the least aware when it comes to cybersecurity risks and how to protect themselves according to the government’s Cyber Aware campaign.
Although young people are generally more tech-savvy and spend more time online, it seems that this can sometimes be detrimental to them in terms of protecting their details in the digital world.
Online passwords are one of the most common areas of concern. The Cyber Aware research revealed that 52 per cent of 18-25-year-olds are using the same password for multiple online accounts due to naturally having more of an online presence than older generations. This means that if a hacker has just one password, they can easily hijack a victim’s entire personal and financial data. There’s an argument to be had here around convenience overshadowing caution.
Then there are the situations where fraudsters target victims by contacting them directly, often through social messaging platforms where there are very few measures in place to prevent unsolicited contact from strangers unless the user is prompted to review their privacy settings. This method is on the rise, so much so that fraud prevention agency Cifas recently reported a 30 per cent increase in the amount of victims of identity fraud under the age of 21 in 2017.
WhatsApp is currently leading the fight against identity fraud on its software. It’s currently trialling its peer-to-peer payments system in India, which allows users to securely transfer and receive money with their contacts using UPI (unified payments interface) without having to disclose bank details.
It’s encouraging to see the government and other large organisations taking control on cybersecurity, but in terms of education and raising awareness amongst young people, banks also have a large role to play. So what more can they do and where does their specific responsibility lie?
The ups and downs of contactless
It’s no secret that the introduction of contactless to debit and credit cards has revolutionised the way we make small payments and heightened that all-important convenience that young people value so much.
But as we’ve already established with passwords, with convenience comes risk, and a problem that has plagued young consumers in recent years is the rise in contactless fraud. This works in two ways – through bank cards being stolen and used for multiple small purchases by the thief, or by devices scanning the details of bank cards using the contactless technology through the owner’s pocket. These card details are then sold on the dark web.
Recent figures from UK Finance show that contactless fraud has overtaken cheque scams for the first time in the UK, as £5.6m was stolen in the first half of 2017. As the provider of contactless cards, the onus should be on banks to advise customers on how to use it safely and protect themselves from fraud.
Reaching out to young adults
In terms of directly reaching out to people with cyber awareness and training, Barclays has led the way thus far with its Digital Eagles rolling outStaying Safe in Cyberspace workshops to communities and families. The workshops cover various topics including how to spot phishing scams, advice on downloading software, effective password practice and being more aware of tricks that fraudsters will use to target individuals with the intent of poaching bank details.
Other banks can take a leaf out of Barclays’ book and adopt similar initiatives for young adults specifically, tailoring the content for their needs and lifestyle habits. Simple advice on contactless fraud would need to play a huge part in this, such as not keeping contactless cards in trouser pockets or keeping them in a wallet lined with protective material that blocks fraudsters’ attempts to download details.
As the drivers behind contactless payments, banks could also encourage young people to switch to mobile payment systems like Apple Pay and Google Pay, which are more secure against thieves as the user’s smartphone must be unlocked for it to be used for a payment. MoneySuperMarket recently revealed in a report that 23 per cent of Generation Z predict that physical cards will soon become obsolete with the rise of mobile payments, which could result in a significant decline in contactless fraud.
Dark web scanning and customer support
There are tools available to banks that can help young people more broadly online with increasing their cyber awareness. Affinion works closely with banks to provide ID theft detection services that can scan the public and dark web and warn customers in advance of possible threats.
For customers that do fall victim to an attack, banks may be the first port of call, perhaps to cancel a debit card or transfer money elsewhere. Banks can up their game in this regard, going above and beyond to offer things like an ID theft helpline, legal assistance and a resolution process as a value-added service. Not only does this help customers in a time of need, but it also improves the customer engagement journey and the customer’s perception of the bank.
The risk of young people falling foul to cybercrime is increasing as technology continues to advance, so to safeguard customers’ money, banks must be at the forefront of empowering them to protect themselves.