How fraud and breaches of cybersecurity impact financial institutions

President and CEO, Berkeley Varitronics Systems, Inc.

Cyber criminals are extremely creative. They always look to exploit cybersecurity vulnerabilities for new ways to steal money from banks and their customers. Many consumers and businesses have migrated away from paper statements and passbooks to embrace online banking using computers, tablets and smartphones. With this move toward so many points of failure and risk, the vulnerabilities only increase. Financial institutions and banks need to prevent, measure, identify and report security breaches and fraud quickly to protect their financial data and, ultimately, the consumer.

The impact of cyber disruptions on banking institutions

Fraud detection and prevention is critical, but the banking industry needs to see beyond just fraud. Banks need to broaden their cyber perspectives. Through effective use of cybersecurity assessment tools, everyone from banking regulators to banking institutions and the financial service industry as a whole can adapt to the rise in cyber threats.

Because many critical systems are shared among financial services providers, they need to monitor and prevent the activities of cyber thieves who are looking to disrupt and destroy the banking industry’s backbone. When the financial services sector is disrupted, it can quickly cause instability for banking institutions and weaken public and consumer confidence overnight.

The importance of protecting critical information

The headlines over the past three years have been peppered with cardholder data compromises at several prominent retailers and restaurant chains. And customers are being reissued new credit cards at an alarming rate. For example, several widely publicized breaches have impacted more than half a billion identity records in 2015 that contained personal card data, email, addresses, names and so on.

Cyber criminals will always gravitate toward easy money that usually comes in the form of compromised credit cards. From there, they expand their crime using the credit card information in conjunction with the victim’s other personal information. They obtain this information through phishing attacks, dumpster diving or social engineering to get enough information to steal identities and take out a loan in victims’ names.

As cyber criminals move up the ladder in search of growing their illicit empires, they usually set their sights on the financial sector for an even bigger payout. Financial institutions should not underestimate the patience of cyber criminals and their intent on stealing corporate secrets within the financial sector. These secrets could be used down the road to bribe executives, or the information can be sold oversees to state-sponsored hackers looking to cause massive disruption within the financial sector.

The safety of mobile banking?

I am still one of the holdouts who have not migrated over to mobile banking. Banks know that consumers are connected to their mobile devices 24/7/365, whether they are using their smartphone for Global Positioning System (GPS) navigation, playing Pokémon Go or mobile banking. If financial institutions want to stay competitive and retain customers (and their money), they need to stay connected to their customers and make them feel secure.

This expansive migration to mobility opens up many conveniences but just as many cyber risks. Mobile banking needs to contend with malware, lost or stolen mobile devices and flawed authentication. Because all smartphones and tablets are just portable but powerful computers, users need to protect their mobile devices just as vigilantly as they would their home and office computers.

Some of the security onus falls on application developers and end users, who unwittingly create even more points of weakness. One of these points is mobile malware that comes in many forms including malvertising, ransomware, spyware, Trojan virus and other viruses. Fortunately, mobile banking apps have been designed with security in mind and are typically safer than banking with traditional computers. For banks, carefully and continually updating the security of their mobile banking apps is important. Also vital is customers updating their mobile apps to maintain this security to help ensure emerging vulnerabilities cannot be exploited. Several considerations apply:

  • Customers should not use third-party financial apps that are not approved by their bank.
  • Permissions should be given sparingly because many apps tend to leverage user data from other mobile applications.
  • Consumers love complimentary WiFi, and hackers exploit this preference with man-in-the middle attacks. Today’s 4G hotspots are extremely secure and should always be used in lieu of free public Wi-Fi.
  • Consumers need to avoid using remote-deposit capture because fraudulent use of this method is a big problem. Hackers have found ways to access remote-deposit databases and copy check images to perform fraudulent activities.

Learn how you can fight cyber attacks

The ongoing cybersecurity discussion

I’ll be part of a panel of experts to discuss some of these issues in an upcoming episode of Cyber Beat Live. Here are some key questions that will be part of that discussion: 

  • What are the key cybersecurity problems that challenge the financial services industry?
  • Pundits say that the most common way hackers break into a network is by stealing valid login credentials. Are increasing numbers of cybersecurity gaps promoting more fraudulent acts?
  • How do we minimize the possibility of insiders deliberately or willfully sharing their credentials with would-be hackers?
  • Are millennials more likely to create cybersecurity and fraud risks?
  • At what point should the fraud prevention planning team involve the cybersecurity team? Why?
  • How should financial institutions address the implications of ever-rising Internet and mobile usage by customers?
  • What are some best practices that can be employed to mitigate cybersecurity risks and counter fraud?

Watch live on the Hub at 12:30 PM ET on July 26, 2016