Defending Your Bank Against Cybercrime

Fraudsters always look for the path of least resistance.

Recently, the most vulnerable targets have been government funded pandemic relief programs. According to recent research from several academics, 15% of Paycheck Protection Program loans were fraudulent in the 18 months leading to August 2021, totaling $76 billion. And the U.S. Department of Labor reported $87 billion in unemployment benefit scams during that same period.

As Covid-19 relief programs wind down, fraudsters are redirecting their focus from government-backed programs to bank customers and employees. The latter half of 2021 saw an uptick in traditional types of cybercrime: identity fraud, ransomware, social engineering and money laundering. So, what can a bank do to keep itself safe?

Arm employees and customers with knowledge.
Share resources and stories to help employees and customers understand the risk of cybercrime, defend their devices and detect suspicious activity. Employees are the first line of defense; it only takes one breach to compromise an institution. Provide training programs to educate staff about the different types of financial crimes and detection mechanisms. In addition, take steps to heighten customers’ awareness of fraud trends through campaigns and educational programs. For example, it is important that employees and customers know how to verify host files and certificates, determine the difference between valid and scam websites, store confidential information and private data on their devices and set-up their devices on different network servers to minimize damage in case of an attack.

Build financial crime programs.
Investing in fraud, anti-money laundering and cybersecurity tools without a long-term strategic plan is a futile and expensive proposition. It’s common for organizations to have strategic initiatives for digital delivery channels and customer experience, but lack a financial crimes strategy. Many financial institutions do not realize they need one until it is too late: they suffer a large loss that could have been prevented. Banks should first identify, evaluate and classify assets and risks and then build a program as part of the long-term business strategy rather than a disconnected component. This approach helps to recognize an institution’s vulnerabilities and launch the most effective defensive strategy.

Invest in modern defense technologies.
Encryptions, patching software, firewalls, multi-factor authentication and real-time monitoring systems are all part of the complex, multifaceted defense that mitigates the risk of an attack. There’s not a single solution that can do it all. For instance, early breach detection mechanisms act as a strong defense, sending alerts and implementing backup and recovery programs in the event of an attack. Artificial intelligence and machine learning technologies can go on the offense, analyzing customer behavior, tracking transactions and reporting on deviations from usual behavior in real-time. Adding workflows to automated alerts allows accountholders to be involved with challenging transactions, reducing the risk for errors down the line. The foundation of any security program is continuous monitoring and evaluation of vulnerabilities, defense technologies and risk plans.

Test your incident response plan.
It is vital to test the resiliency of plans with simulated fraud or cybersecurity attacks. Don’t underestimate the chaos that a breach will cause. Everyone at the bank, from directors and the C-suite to the branch managers, must understand and be comfortable with their role in mitigating loss.

Banks spend plenty of resources building sticky customer relationships, but fraud immediately breaks that bond. A research paper by Carnegie Mellon University found that 37% of customers leave their financial institution after experiencing fraud. When a customer account is compromised, the user needs to completely modify the information on that account, including direct deposits and utility payments. The lack of trust in their financial institution, coupled with the need to rebuild their account from scratch, pushes customers to shop for another institution.

As new technologies emerge and the financial services industry becomes increasingly digitalized, the risk of financial fraud also grows. Fraudsters are constantly evolving their strategies to take advantage of new vulnerabilities. To keep safe, banks need a top-down management approach that focuses on education, long-term defense programs, modern technologies and continuous testing. Customers expect a high level of security and fraud protection from their financial institution; if they don’t get it, they will look elsewhere. In order to grow and retain their customer base, banks need to have an upper hand in the war on bank fraud.