A recent Krebs report of how employees at a regional community bank fell victim to phishing emails serves as a $2.4 million reminder of the difficulty in fighting cyber fraud. The breach began with an email that enabled installation of malware on an employee’s computer. This led to the compromise of a second computer with access to the STAR Network. From there, the hackers disabled and altered anti-theft and anti-fraud protections, allowing them to wreak havoc for three days, dispensing cash from ATMs across North America.
In response, the bank hardened its defenses. But eight months later, it was hit even worse. Fraudsters accessed its Navigator system, fraudulently transferring credits to customers’ accounts so they could withdraw more money from ATMs.
As Cyberattacks Accelerate Globally, Financial Services Take the Biggest Hit
During the first quarter of this year, 210 million cyberattacks occurred globally – a rise of 62 percent year-over-year. Attacks like that have left billions of records open to compromise as hackers use the so-called “dark web” to share personal identification information (PII), including social security numbers and payment card numbers.
Unfortunately, financial services suffer the highest cost of cybercrime, according to a joint Accenture/Ponemon study. Most costly are denial of service, phishing, social engineering and insider attacks – the latter often engineered through phishing or social engineering that cons unsuspecting employees.
Card Fraud Migration Threatens Banks’ Reputations
For every action, there is an equal and opposite reaction. - Sir Isaac Newton
Fraudsters seem to live by a version of this rule as they continually discover new ways to circumvent roadblocks.
In response to diminishing transactional card fraud opportunities at POS, fraudsters have eagerly pursued card application fraud. A recent Javelin report sponsored by FIS says the problem costs $1.7 billion worldwide. The number of victims of fraudulent card accounts also has exploded, growing 78 percent YOY to reach $1.6 million globally in 2017. Meanwhile, the time taken for consumers to resolve fraud more than doubled to 100 million hours between 2015-2017.
With no liability protections, consumers spend the most time – 17 hours, on average – to resolve card application fraud. As a result, its victims are most likely to flee from their financial institution to another provider.
Account Takeover Fraud Rises Rapidly
What happens when billions of records exposing PII are sold on the dark web? Account takeover attempts rise to astounding levels – increasing tenfold in 2017.
Invest Wisely in Prevention
Financial institutions cannot afford to take on the role of the “weakest link” for hackers. When it comes to card customers, fraud protection is the most influential driver of top-of-wallet status.
Overall, cybersecurity investment is projected to rise by nearly 10 percent annually between 2015 and 2020 to reach $120 billion globally. Although financial institutions are increasing investment in security, it’s critical to use resources where they count most today while recognizing that cyber fraud is dynamic.
Solutions to consider for the remainder of 2018 and 2019 include ones that:
- Help eliminate authentication risks associated with compromised credentials to mitigate account takeover and new account fraud
- Enable consumers to make secure transactions across multiple online accounts through a single registered identity, thereby providing better identity protection
- Enlist cardholders in the fight against fraud and protection of their payment data with real-time transaction alerts
- Use machine- learning technology to differentiate fraudulent from non-fraudulent transactions
- Provide keyword alerting when information relevant to the financial institution is discovered on the deep web.
Look for a partner that will review risks specific to your financial institution and deliver best-in-class technologies to bolster “weak links”. Also, consider the value in outsourcing to a provider that offers risk as a service. An outsourcing model spreads costs among clients who benefit from access to up-to-date solutions to combat ever-shifting cyber fraud.