By : Dena Hamilton
July 28, 2017 12:00 AM
The ongoing development of digital technology has created unprecedented choice and freedom for consumers in how they manage their financial affairs. Consumers today can open accounts, make payments to other people (P2P transactions), pay bills, check account balances and complete various other tasks, all with a device small enough to fit in their pocket.
This convenience offers many advantages to the consumer, but financial institutions and consumers need to recognize one of the biggest disadvantages of this technological expansion: the increased risk of digital banking fraud.
As people complete more financial tasks and transactions via digital channels, there is more scope for fraudsters to exploit the weakest links in security. These weaknesses range from customer bad habits like using weak passwords, failing to protect passwords and other sensitive data to a bank’s security vulnerabilities.
Research has shown that fraud has become a bigger threat as consumers and businesses have moved more of their financial processes into the digital space.
The UK’s Office for National Statistics (ONS) recently included questions about cybercrime and fraud in its Crime Survey for England and Wales (CSEW) for the first time. ‘Experimental statistics’ showed that, during the first full year in which the topics of fraud and computer misuse featured in the survey, there were 3.6 million instances of fraud and two million computer misuse offenses in England and Wales alone.
ONS crime statistics analyst John Flatley said: “When the CSEW started, fraud was not considered a significant threat and the internet had yet to be invented. Today’s figures demonstrate how crime has changed, with fraud now the most commonly experienced offense.”
Metropolitan Police Service commissioner Bernard Hogan-Howe said “warning lights are flashing”, with the full extent of online crime and fraud only just becoming clear.
Discussing the action the financial services industry is taking to combat online fraud, Katy Worobec, director of Financial Fraud Action UK, said banks are “continually evolving” their responses to fraud, investing in the development of new detection and verification tools. However, she also warned that, while the financial services industry is investing in new systems to stop the criminals, “fraudsters are increasingly targeting people directly”.
In South Africa, 19 percent of consumers have suffered losses to digital banking fraud in 2017, according to the latest SITEisfaction online banking survey from Columinate. Digital banking fraud affected 14 percent of consumers in 2016, up from 12 percent in 2015.
Similar trends have been identified in the US. The 2017 Identity Fraud Study from Javelin Strategy & Research highlighted recent growth in identity fraud and account takeover – two of the biggest threats facing the digital banking sector. The number of identity fraud victims in the US increased by 16 percent to 15.4 million people over the past year, marking a record high since Javelin began tracking identity fraud in 2003.
One of the most significant recent trends in the US has seen criminals shift their attention to fraudulently opening new accounts. This is partly a result of the expanding rollout of EMV cards and POS terminals, which will reduce card present transaction and counterfeit card fraud.
Al Pascual, senior vice president, research director and head of fraud and security at Javelin, said: “This year’s findings drive home that fraudsters never rest and when one area is closed, they adapt and find new approaches.
“The rise of information available via data breaches is particularly troublesome for the industry and a boon for fraudsters. To successfully fight fraudsters, the industry needs to close security gaps and continue to improve, and consumers must be proactive too.”
In addition to identity fraud and account takeovers perpetrated online, there are a number of other kinds of digital banking fraud that financial institutions and consumers should be aware of.
Social engineering to gain sensitive customer data through phishing, where fraudsters send fake emails, or ‘smishing’ – SMS messages claiming to be from a trustworthy provider – are common attacks used by fraudsters. Fake, fraudulent and scam websites are also used to steal information or lead users to sites that are infected with malicious software.
Viruses and malware are commonly used to gain access to private computers to obtain sensitive information or to monitor activity. One trend financial institutions have been advised to track is the spread of malware into the mobile banking space. Javelin has estimated that 7.7 million consumers in the US with $221.5 billion in assets are at risk from mobile malware, which has already “created chaos” in China and India and could soon become more pervasive in western markets.
Fraudsters continue to use well-known strategies such as phishing and malware attacks, but they are also quick to deploy new methods to exploit weaknesses in emerging services and sectors. In February 2017, ThreatMetrix released its Cybercrime Report Q4 2016, which warned of organized fraud rings targeting alternative lending and emerging payment models. More than one million cyberattacks on online lending transactions have resulted in losses of more than $10 billion, the study found.
Financial institutions and their customers already face a wide range of fraud risks in the digital space, and the threat landscape is only set to become more expansive in the years to come. However, just as fraudsters are always coming up with new methods of attack, banks and technology firms are constantly innovating and developing new safeguards against digital banking fraud.
Look out for the second part of this guide to learn more about the various strategies and systems that can help you keep your customers, your business and your sensitive data safe.