According to S&P Global, the COVID-19 pandemic caused a “perfect storm” for financial services companies, which witnessed a 238 percent increase in cyber attacks in a few short months. Risks that we always knew were there have been spotlighted and accentuated. Now, a report from BAI Banking Outlook shows the scale of the cyber fraud issue and outlines what banks can do to minimize risks and build cyber resilience into their business.
Losses from cyber fraud have been rising for many years. According to PwC, losses from 2018 to 2020 amounted to $42 billion. In an environment of ever more digital financial products and services, both banks and their customers struggle with criminals using fraudulent identities to steal funds. Yet the BAI Banking Outlook’s survey of four generations of customers paints a picture that’s worse than many banking executives might have expected.
Customer’s fraud fears aren’t unfounded
The nightmare of identity theft is a clear and present danger. In fact, when asked in August 2020, every generation of customer said that their fear of fraud had increased over the previous six months. This was particularly acute among Millennials, 55 percent of whom said their concerns had grown.
It’s clear from the research that these customers had good reasons to worry—every generation reported having been a victim of fraud or identity theft in the previous 12 months. Again, Millennials had it the worst, with more than two-thirds saying they had been affected. As a result of this, fraud has become the number-one barrier to customers using digital banking tools, the BAI Banking Outlook reports.
However, there is some good news for banks and financial services companies: many customers are currently satisfied that their banks are doing the right things to handle cyber security threats. Gen X, at 76 percent, had the most positive response, while Boomers, at 63 percent, were the least positive. While this is encouraging, there’s also a note of caution: when asked what type of fraud the bank had experienced, 16 percent of bank executives said they didn’t know.
Cyber fraud puts focus on customer data
Like all perpetrators of cyber crime, fraudsters are becoming more sophisticated. Where we once saw “blunt-force” attempts to fool banks, criminals are now more likely to exploit data breaches to gain access to customers’ personally identifiable information (PII) and use this to establish fraudulent accounts.
With the rapid uptake of digital channels during COVID-19, bank security teams must be agile and pragmatic to prevent data breaches. This means automating routine processes and addressing basic cyber security hygiene.
This focus on customer data is reflected in the BAI Banking Outlook findings about what banks consider to be the most serious fraud risks. At the top of that list was hacking (26 percent), followed by malware attacks and credit card fraud (15 percent each).
Toward cyber resilience: Fighting a war on many fronts
As the financial services industry accelerates its digital transformation, particularly in light of the COVID-19 pandemic, many new information security challenges are emerging that impact cyber fraud activities:
Remote working increases potential for data leaks
To avoid health risks during the COVID-19 pandemic, bank employees are working from home—and they sometimes share sensitive customer data on insecure networks, potentially exposing their organization and customers to fraud.
Open Banking increases risk of supply chain attacks
As Open Banking becomes more established, banks are using APIs to connect with partners and customers, exchange information and broaden service portfolios. However, this increases points of vulnerability. While banks might be protected, their partners and vendors might not have the same levels of security. This could open a “back door” to the bank’s systems—the so-called supply chain attack.
More endpoints mean more vulnerabilities
Financial services organizations have thousands, even hundreds of thousands, of points of vulnerability. Known as endpoints, these include smartphones, tablets, PCs, servers and ATMs. These threat vectors are involved in just about every breach scenario observed today.
Banks must tackle such threats in a coordinated manner. The core of their response must include technology to protect data on endpoints or in the cloud, as well as to protect against criminal behavior—both inside and outside the organization.
The BAI Banking Outlook research shows this is already happening. The most-cited tactics in banks’ multi-layered security strategies includes multifactor authentication (57 percent), privacy policies (56 percent), automated fraud protection (56 percent), encryption (41 percent), anti-spyware (36 percent) and identity theft services (35 percent).