The pandemic has caused a major upheaval in the financial services industry, with lockdowns and social distancing causing everyone to move online. With this shift to digital has come an increase in the potential of cyberattacks, leaving many thinking that the financial industry needs to raise awareness of the importance of data privacy.
Someone well versed in this is Frederik Mennes, Director of Product Security, Security Competence Center at OneSpan, providers of digital identity and anti-fraud solutions.
Here he shares his thoughts on how banks can fight back against fraud and build trust this Data Privacy Day.
The pandemic has caused the financial industry and its customers to urgently shift to digital platforms to perform everyday financial activities such as opening new bank accounts and applying for loans. However, it isn’t just financial institutions (FIs) going digital. Cybercriminals targeting the financial sector have followed suit, seeking to prey upon increased risk to compromise bank accounts.
New fraud campaigns emerged in 2020 which banks and FIs had to act quickly to counter. A prime example of this was the mobile fraud campaign which took millions from US and EU banks as recently as December using mobile emulators to automate their efforts. Additionally, phishing attempts throughout 2020 increased exponentially, many using lures to steal personal information such as the pandemic and now the vaccine rollout. It’s estimated that more than 15 billion exposed credentials are now circulating on the dark web, and all this leaked personal identifiable information (PII) allows criminals to commit fraudulent activity in the name of consumers.
This is all putting a bigger emphasis on data privacy and protection than ever before. Banks and FIs must show that they are able to secure customers’ personal data, to build trust, transparency and maintain compliance with regulations. This Data Privacy Day, the onus is on banks to protect customers from fraud and minimise the risk of personal data being exposed.
The Rising Threat: Digital Fraud and Account Takeover Attacks
The introduction of strict lockdown measures across the UK and much of the globe forced consumers to take up digital forms of banking. With transactions taking place almost entirely online, cybercriminals have made a conscious effort to increase their attacks on digital channels.
It’s commonplace for criminals to take advantage of trending conversation and fear in an attempt to lure victims into scams. The coronavirus pandemic turned out to be the perfect storm, thanks to the abundance of communications surrounding the topic. As a result, criminals are using the pandemic to launch phishing campaigns to steal PII, along with other campaigns designed to trick individuals into downloading malicious files such as malware. According to Kaspersky, the mobile channel has seen an upsurge in mobile banking trojans which highlights cyber criminals’ shift in strategy.
These types of attacks allow criminals to commit all sorts of fraudulent activity, including Account Takeover (ATO) attacks, where criminals manage to seize control of bank accounts in order to steal money. With numerous phishing and malware campaigns, as well as billions of exposed credentials, there are countless ways for criminals to do exactly that. It’s up to banks to harden the last line of defence by adopting technologies better equipped to identify and stop fraud in real-time.
Risk Analytics & Fighting Fraud
Undoubtedly consumers need to know about the threats they face and are targeted with daily. Since the beginning of the pandemic, consumers have received various communications that try and bait them into giving up their sensitive information. Everyone needs to be suspicious of receiving these communications and should not click on any links or give out any personal information over phone or email.
Yet, the responsibility of protecting against fraud cannot be entirely on the individual. The security of banks is an important barrier that requires an agile and multi-layered approach to detecting and stopping fraud using compromised credentials. By implementing machine learning powered risk-based systems for fraud detection, banks and FIs can maintain or even enhance their user experience, and also spot and block any fraudulent activity in real-time.
Risk analytics technology utilises vast sets of data from various sources, such as device used, location, and transaction history. The machine learning algorithm continuously monitors banking sessions using key data points such as time of day, length of a session and spending patterns. The data allows banks to build up a detailed overview of a user’s regular behaviour. Any activity that appears to be abnormal or fraudulent can be spotted in real-time using risk analytics and additional security measures can be implemented accordingly.
Using risk analytics and machine learning makes fraud detection systems more proficient at identifying easy signs of a phishing attack. The probability that the HTTP referrer comes from a phishing page can be recognised by the algorithm, and also accompanied with expert rules to determine how the system should respond in each given scenario.
As more data is collected over time and a more detailed picture of each account activity is accrued, these security mechanisms will get better, further improving bank security systems. It keeps customer and their accounts safe by adding necessary security steps to any abnormal or risky activity detected. Meanwhile for any low-risk transaction, little to no friction is added to the customer journey.
Ensuring Data Privacy
Spearheaded by the likes of the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR), more and more financial regulations are now focusing on data security and privacy. Indeed, data privacy and protection emerged as a top concern for financial regulators in 2020.
This means banks and FIs must demonstrate that they are using customer data in the right way, and do everything they can to ensure that sensitive data is safeguarded from today’s cyber threats. As security and trust are paramount for maintaining consumer confidence, banks and FIs must lean on technologies such as multi-factor authentication, digital identity verification and dynamic linking to demonstrate their commitment to data protection.
They can also build trust by providing transparency into their data-sharing practices, implementing access controls to prevent unauthorised access to customer information, and making it easy for customers to opt-out of having their information shared with certain third-parties.
As digital banking becomes more firmly embedded in individual’s daily lives, banks and FIs will be challenged with creating a seamless user experience, while maintaining data privacy and fighting off sophisticated, ever-changing threats of fraud. FIs can use risk analytics to achieve the required strong security without needing to sacrifice the user experience – thereby building trust and peace of mind among customers.