Banking – a fruitful platform for cybercrime
By Riaan Badenhorst, managing director of Kaspersky Lab Africa
Much attention is being placed on the growth of malicious software and threats, and the financial implications that these pose to one’s IT systems – especially if they are not effectively protected. Yet, it seems that the more traditional ways of misusing financial systems by cybercriminals, such as for the purposes of fraud, is not getting the attention it deserves.
In fact, according to a survey* conducted by Kaspersky Lab together with B2B International in 2014, 52% of financial companies globally reimburse customer losses caused by Internet fraud without actually investigating the circumstances. Almost a third of companies believe the costs incurred by cyber threats are less than the cost of protection. But is this really the case?
It is obvious that there are significant cost implications for financial/banking institutions when it comes to fraudulent activity. However, it goes beyond that. In an increasingly connected world, the reputational impact of a financial services organisation not protecting its customers from such activity, is often worse.
Despite their reputations being built on having some of the best cyber security systems in place to avoid this, it is often the customers of financial institutions that get compromised and that suffer the damage too. Even the most tech-savvy of users can still fall prey to organised cybercrime and cyber gangs who are becoming more devious in their tactics, using increasingly sophisticated techniques to compromise the security of online and mobile banking services.
According to another Kaspersky Lab report**, the number of mobile banking Trojans almost doubled from 1 321 to 2 503, for the first quarter of 2014. It also found that 33.2% of user computers worldwide were subjected to at least one Web-based attack during this period. A strong indication of the growth in cybercriminal activities and threats to consumers – who use their mobile devices for almost everything – including banking.
So with threats evolving and new technologies emerging to exploit changes in user behaviour – such as a growing reliance on mobile devices to shop and bank online – not installing security software on these devices and not being able to ‘force’ customers to do this, means that the financial services sector needs to be asking themselves how they can ensure their customers are protected, as well as their reputations.
Traditional financial security measures that range from one-time passwords and tokens are not able to absolutely defend against social engineering, banking Trojans and some forms of cybercrime techniques.
To manage this, most banks employ highly-skilled fraud analysts and IT security administrators and managers. However, their focus is often on bank-related security issues and they may not always have detailed knowledge of emerging cybercrime techniques, new malware threats, and the latest innovations in IT security that consumers are making use of.
It is therefore essential for banking institutions to use a cyber-security solution designed for fraud prevention. The solution has to be able to deliver multi-layered security for online and mobile banking and meet the security needs to protect the customers at the endpoint, to be able to analyse and report on transactions and threats, and provide users with special services that continuously help to improve security.
Further to this, banking institutions, as with the IT security sector, should also place a focus on educating their customers about the realities of banking cybercrime and what preventative measures can be taken to not fall victim to this.
The investment in such an anti-fraud solution and educational measures will help banks and other financial services institutions prevent costly security incidents and help ensure that they remain compliant with regulatory bodies – while also maintaining a good reputation among their customers.