August 7, 2018
Dondi Black, FIS | Vice President of Payment Strategy
A recent Krebs report of how employees at a regional community bank fell victim to phishing emails serves as a $2.4 million reminder of the difficulty in fighting cyber fraud. The breach began with an email that enabled installation of malware on an employee’s computer. This led to the compromise of a second computer with access to the STAR Network. From there, the hackers disabled and altered anti-theft and anti-fraud protections, allowing them to wreak havoc for three days, dispensing cash from ATMs across North America.
In response, the bank hardened its defenses. But eight months later, it was hit even worse. Fraudsters accessed its Navigator system, fraudulently transferring credits to customers’ accounts so they could withdraw more money from ATMs.
During the first quarter of this year, 210 million cyberattacks occurred globally – a rise of 62 percent year-over-year. Attacks like that have left billions of records open to compromise as hackers use the so-called “dark web” to share personal identification information (PII), including social security numbers and payment card numbers.
Unfortunately, financial services suffer the highest cost of cybercrime, according to a joint Accenture/Ponemon study. Most costly are denial of service, phishing, social engineering and insider attacks – the latter often engineered through phishing or social engineering that cons unsuspecting employees.
For every action, there is an equal and opposite reaction. - Sir Isaac Newton
Fraudsters seem to live by a version of this rule as they continually discover new ways to circumvent roadblocks.
In response to diminishing transactional card fraud opportunities at POS, fraudsters have eagerly pursued card application fraud. A recent Javelin report sponsored by FIS says the problem costs $1.7 billion worldwide. The number of victims of fraudulent card accounts also has exploded, growing 78 percent YOY to reach $1.6 million globally in 2017. Meanwhile, the time taken for consumers to resolve fraud more than doubled to 100 million hours between 2015-2017.
With no liability protections, consumers spend the most time – 17 hours, on average – to resolve card application fraud. As a result, its victims are most likely to flee from their financial institution to another provider.
What happens when billions of records exposing PII are sold on the dark web? Account takeover attempts rise to astounding levels – increasing tenfold in 2017.
Financial institutions cannot afford to take on the role of the “weakest link” for hackers. When it comes to card customers, fraud protection is the most influential driver of top-of-wallet status.
Overall, cybersecurity investment is projected to rise by nearly 10 percent annually between 2015 and 2020 to reach $120 billion globally. Although financial institutions are increasing investment in security, it’s critical to use resources where they count most today while recognizing that cyber fraud is dynamic.
Solutions to consider for the remainder of 2018 and 2019 include ones that:
Look for a partner that will review risks specific to your financial institution and deliver best-in-class technologies to bolster “weak links”. Also, consider the value in outsourcing to a provider that offers risk as a service. An outsourcing model spreads costs among clients who benefit from access to up-to-date solutions to combat ever-shifting cyber fraud.
FIS | Vice President of Payment Strategy
Dondi brings creativity and more than 20 years of experience in the financial services industry to the FIS Payment Strategy team. Dondi leverages her experience in product development, portfolio management and community development to develop long term product strategies for the marketplace served by FIS. Dondi is also a passionate advocate for financial inclusion, diversity and promoting awareness on the positive impact financial service providers have on the communities they serve.