By Charley Brooke Barnett (Digital Editor)
Financial service organisations accrue a frightening amount of data, making them the perfect target for exploitation by calculated cyber criminals. As the security of our digital world is under siege, the banking sector finds itself manning the ramparts.
The National Cyber Security Centre (NCSC) published a survey in April this year revealing that the British public’s greatest concern is having their money stolen (42% believing it likely to happen by 2021).
The government agency also found that 23.2 million people were hacked after using the password ‘123456’. Other easily guessed passwords on the list included ‘qwerty’, fictional characters such as Superman, and the names of the majority of Premier League football teams (a few of us here at TFT may have to change our passwords!).
One banking scam to be wary of involves Authorised Push Payments (APP) in which the victim is tricked into transferring money from their account. Although banks tend to refund stolen money, it can be a different story if the customer authorised the payment themselves.
The consumer group Which? found that £354 million was lost in bank transfer scams last year. Banks like Barclays, HSBC and Starling have all signed up to a new voluntary code, which offers customers reimbursement in the event of money falling into the wrong hands.
So who’s the best bet when it comes to protecting your money? The tech savvy challenger potentially growing too fast for its own good or the legacy, whose expiring technologies threaten its defences?
Revolut ran into trouble earlier this year when it was reported that the challenger had allowed lapses in its anti-money laundering protocol for three consecutive months. Even though Revolut reported no security breaches, it doesn’t put the mind at rest to know the juggernaut challenger failed such basic compliance.
In 2016, the digital bank N26 was shown as having security holes in its app by a researcher, leaving users exposed to fraudulent activity. Metro Bank recently fell victim to a cyber attack that involved hackers intercepting codes sent via SMS text messages to customers in order to authorise payments.
The big banks have also scooped up their fair share of shameful headlines.
TSB made a £330m blunder last year when they attempted to move customer data to a new IT system, which locked users out of their accounts. Payouts, fraud and operational losses thus followed.
Meanwhile at HSBC last October, US customer bank accounts were hacked causing data breaches.
The Financial Ombudsman Service, set up by Parliament to handle complaints between finance companies and their customers, revealed that NatWest was the most complained about bank for fraud this year.
who’s the best bet when it comes to protecting your money? The tech savvy challenger potentially growing too fast for its own good or the legacy, whose expiring technologies threaten its defences?
Ashok Vaswani, Barclays’ head of consumer banking and payments, believes the legacy’s vast experience still trumps the dexterity of their younger competitors:
“We’ve been doing this for 328 years, we are even older than the Bank of England and we are older than the United States of America. So we’ve been at this for a long period of time and we’ve weathered a lot of change.”
Curtailing the ‘old is better’ mentality and fighting the challenger’s corner, Anne Boden, CEO of Starling Bank, commented to TFT:
“We have a lot of knowledge about what’s good and bad about the incumbent banks. I came to the conclusion that it was easier to start a new bank with new technology, with new values, new ethics and new beliefs about how you should treat customers. It was easier to do it in a new entity than change the old.”
Bodens out-with-the-old approach to banking is certainly gaining traction, as more consumers crave the transparency new technology affords fintechs.
Whatever the size, age or technological ability of the bank, once criminals infiltrate the system it’s a matter of damage control. So, how best to prevent attacks from happening in the first place?
At Cyber UK 2019, the creation of partnerships to encourage collaboration between organisations was lauded. The reason being a single organisation can’t tackle the problem alone, so raising awareness is fundamental.
The Financial Conduct Authority (FCA) run cyber coordination groups to provide a platform for the industry to unite and share information on the latest developments in areas like governance, protection, response and recovery.
A single organisation can’t tackle the problem alone, so raising awareness is fundamental.
The FCA also released a report in March 2019 which shed some much needed light for businesses in the dark. One key theme addressed was education. Executives need to put cybersecurity at the top of their agenda and learn from previous attacks. This can pinpoint next steps that are relevant for the whole business to adopt and identify cyber risks accordingly.
Thinking about who your attackers might be, their goals and motivation, can help to establish a long-term strategy. The report encourages ongoing security training in organisations and frequent testing to expose security limitations before attackers get the chance to exploit them.
Whether you’re a Barclays or a Starling, security needs to be addressed through collaboration and by promoting awareness. Cybercrime is an industry-wide problem on the rise that demands immediate and ongoing attention to ensure that banks and customers aren’t the ones who have to pay.