Banks cannot tell customers from fraudsters
Banks cannot tell customers from fraudsters

Kaspersky Lab has announced that 38% of financial companies cannot tell the difference between customer behaviour and a cyber attacker. The details are contained in a survey conducted by Kaspersky and B2B International although the details were not available for independent review.

The news should send shock waves through banks, financial services companies and regulators. This is probably one of if not the most highly regulated industries in the world and it cannot tell fact from fiction or fraudulent and genuine transactions. The problem is being blamed on the explosion of e-payments and new technological advances.

This report comes at a time when banks and other financial institutions are working hard to open up their systems to third-party developers. They are doing this to take advantage of exactly the new technology approaches that they are blaming for obfuscating the difference between customers and attackers.

According to data from the survey contained within the press release, 50% of financial services organisations believe that online financial fraud is increasing. This rate of increase shows just how large the problem is.

What are financial institutions doing about it?

The report states that:

  • 41% of businesses have implemented an in-house cybersecurity solution
  • 45% rely on third-party solutions from their banks to mitigate the risk
  • 46% have either only partially implemented a solution
  • Only 57% of financial organisations have a dedicated anti-fraud solution

Assuming that these numbers are representative, no access to the data means it is hard to know how many people took part in the survey, it seems that fraudsters are having an easy time. Security conferences regularly feature people from major financial institutions talking about how comprehensive their security is. It’s hard to square that against these numbers.

It is also difficult to understand why financial institutions and businesses involved in e-payments are not securing their systems better. Over the last few years there has been a significant rise in Business Email Scams (BES). These include CEO fraud which has already claimed the job of one CEO in Europe this year. The types of attacks that come under the BES banner focus on getting companies to agree to fraudulent actions which are made easier if the controls are not there.

There has also been a lot of concern over the attacks against the Bangladesh Bank and a Vietnamese commercial bank. These attacks targeted the client-side software used to connect to the SWIFT payments network. In the two cases that have been publically admitted to, cybercriminals are alleged to have detailed insider knowledge of the systems in place. The question that now has to be asked is how much were the attacks aided by the inability of banks to detect fraud?

Ross Hogan, Kaspersky Lab Global Head of Fraud Prevention
Ross Hogan, Kaspersky Lab Global Head of Fraud Prevention

Ross Hogan, Kaspersky Lab Global Head of Fraud Prevention commented: “Considering the aggressive competition in today’s fierce financial services market and the extreme disruption from non-traditional providers, a trusted relationship between customers and their financial institutions is a decisive factor for the long-term prosperity of any company. The interdependence of the digital relationships between all financial services market players also means that if any organization in the value chain experiences a digital service issue (whether due to fraud, breach, cyber-attack, etc.), the damage can quickly spread to the other organizations in that digital financial service value chain.

“As the already high volume of customer demand for online transactions continues to increase, all companies (its customer facing digital platforms, infrastructure, data, and employees) should be secure, convenient, and prepared. It’s crucial, therefore, to use specialized fraud prevention solutions that will provide customers with the most convenient and safest service possible.”

Conclusion

Banks are still repairing the damage to their trust relationships with customers after the last global economic debacle. To discover that they are unable to tell the difference between friend and foe when it comes to transactions will do nothing to improve that trust. It will be interesting to see if there is any comment from regulators on both sides of the Atlantic after this news from Kaspersky or whether they will stay silent and hope it all goes away.

LEAVE A REPLY

Please enter your comment!
Please enter your name here