Trends in Cybercrime

Nov  09 
Ricardo Font  Director, Product Management, SecureNow™ 

How financial institutions are responding to top cybercrime threats

As consumers accelerate the speed at which they conduct their lives, financial institutions move quickly to support seamless online access to financial services. At the same time, financial institutions must protect accountholders. Although mobile and laptop devices grow more resilient with each new model, malicious actors remain relentless in developing increasingly sophisticated attacks.

Cybercrime is a business after all, with interests in direct opposition to the financial services industry. According to Cybersecurity Ventures, criminals inflict approximately $6 trillion in cybercrime damage annually, with a potential increase to $10.5 trillion globally by 2025.

Continued and advanced vigilance is crucial in keeping ahead of the next threat. Here’s a look at the latest risks to the industry, measures financial institutions are taking in response, and practices your accountholders can adopt to keep safe online.

Top Four Cybercrime Threats

Ransomware
Since its inception in the late 1990s, ransomware has remained an enduring formidable cyber threat. Ransomware is malware that blocks access to a computer system or data, often through encryption, in an attempt to extort ransom payments. Perpetrators might also threaten to publish sensitive data. Ransomware attacks disrupt daily operations, can cripple systems for extended periods, and require costly and time-consuming recovery.

Phishing
Manipulating human behavior is at the heart of this fraud tactic. Attacks are carried out by impersonating legitimate company webpages, emails, texts or other communications and requesting personal information like credit card numbers, passwords and other sensitive details. Criminals exploit the stress and distraction of living in an accelerating culture.

Phishing-as-a-Service is a relatively new, growing problem where cybercriminals sell access to phishing toolkits that have everything needed to carry out an attack, including databases of targets, email templates and proxy services. It’s become a highly commercialized dark web industry.

Account Takeover
Identity theft and losses from account takeover continue to plague consumers and financial institutions as fraud schemes become more sophisticated. Unlike card fraud, where the accountholder might quickly notice suspicious purchases and charges, an account-takeover attack can go undetected for an extended period, while criminals change login and contact information to delay the time it takes for the real accountholder to realize they were compromised.

Remote Work Vulnerabilities
Offering remote work is one way to keep employees satisfied and retain skilled talent. But it also opens organizations up to considerably more risk. Human behavior is often the weak link in a financial institution’s security chain, where a minor lapse in protocol such as connection inconsistencies and outdated virus software can create significant vulnerabilities.

How to Protect Accountholders

Update Validation Credentials
Once upon a time, personal information that seemed innocuous was the go-to for multi-step authentication based on security questions. Today, the internet is a veritable clearinghouse for this information – your mother’s maiden name, first street and elementary school, to name just a few. Financial institutions are implementing more secure credentialing methods based on stronger multi-factor authentication (MFA) methods – including biometrics, token-based and time-based one-time passwords – as a more reliable way to confirm identity. 

Boost Fraud Prevention Across Channels
Stronger fraud detection requires multilayered technology that can pinpoint anomalies in consumer behaviors by understanding their patterns. No two financial consumers act the same way. And whenever or wherever consumers transact, financial institutions need to accurately verify who is accessing accounts, making purchases or calling in. These unique patterns can help financial institutions detect and proactively prevent fraud.

Turn to Partners in the Cloud
Financial institutions are moving away from on-site technology stacks managed by in-house security teams to a more agile, outsourced business model which enables both speed and flexibility. Doing business in the cloud with a trusted partner not only maximizes efficiency, it also ensures compliance with data-protection regulations to safeguard data.

What Your Accountholders Can Do

Updating Software and Adopting Stronger Measures
Security vulnerabilities are often exploited through outdated software and password breaches. Updates often contain critical patches to address security holes. And while it can be annoying to remember a string of unintelligible consonants peppered with hard-to-locate symbols, it’s vital to regularly update strong passwords to create a barrier against unwanted activity.

In addition, accountholders need to be open to using even more secure methods of authentication offered by financial institutions, such as biometrics, since it is in their best interests to be protected.

Paying Attention
Distraction and impatience are among a fraudster’s greatest weapons. If something seems off, accountholders shouldn’t focus their efforts on rationalizing it away because they want to move quickly to the next task. Instead, they should take a closer look at the validity of the app they’re about to download or the email they’re about to open.

Knowledge is key. Encourage accountholders to contact your financial institution to verify policies, ask questions or voice concerns.
 

In an increasingly connected and digitally dependent world, cybercriminals have found new, treacherous ways of attacking unsuspecting accountholders. Having the right tools to understand and mitigate these threats helps protect your customers or members while providing the digital engagement they expect.