February this year, when hackers sucked USD 101m from the accounts of Bangladesh Bank by transgressing its systems and also duping the Federal Reserve Bank of New York, Asian banks showed up one of its chilling enemies: cyber fraud.
The robberies of the day are shifting from the physical realm to cyber medium, and a deft-enough hacker does unscrupulous money transactions. While the Dhaka robbery revealed the cybercrime-vulnerabilities, the Asian banks are intensely battling against online/mobile fraud, which deepened in recent years and has led to striking revenue losses and customer trust.
Banks, during their daily business, have much lesser time, often seconds and minutes, to detect and prevent potentially questionable transactions. While processing thousands of transactions, Asian banks brave a major task of detecting fraud across multiple channels.
Focus on customer data
Banks should concentrate on customer data because it can hold crucial information about ongoing and impending fraud. Customer payment data is critical when detecting fraud patterns. If a particular transaction falls outside what is deemed a normal behaviour pattern, alerts can be generated and forwarded to fraud analysts in real-time for further probe.
Develop new detection systems
Banks must invest more in new systems and technology beyond “credit-card” fraud detection, or risk falling prey to the new criminal breed. Develop new fraud detection systems for different transactions and on different levels. Unfortunately, cyber criminals continue to evolve their tactics and attack-methods. The key culprit to the Bangladesh Bank attack was the installation of malicious software in the bank system, which big data and analytics failed to prevent.
In Asia alone, digital bank customers are likely to number “about 1.7b by 2020”. While all of this translates into ultimate convenience for customers, it has also presented fraudsters with a multichannel digital playing field to operate in.
It is no more putting up with the likes of “Nigerian email scams”. Now, it is highly targeted operations that rake in billions of illegally gained money. Attacks arrive in all forms – from web fraud, Point-of-Sale (POS) intrusions, to malware and cyber espionage. Also, there is no defined target spectrum for these cyber criminals.
Are banks really fighting “hactivism”? The financial institutions contain information that spans everything a cybercriminal wants and wrapped up in one place.
Cyber security issues faced by banks
One major issue faced by Asian banks is the prevalence of malware specifically designed to target them and their customers. This means that fraudsters now have the ability to study the internal processes of financial transactions within a bank and look for gaps in approval processes without having to visit the banks. This is an example of the creativity that today’s cyber criminals possess and the effort they are willing to put into refining the process by which they approach their target-victims.
Apart from adopting a time-consuming reactionary approach, or doing minimum compliance just to abide by the regulations, Asian banks also lack sufficient number of cyber specialists.
Values intangible
Earlier, corporate value was derived from tangible assets such as products, buildings, property and people. Today, it is more intangible, as the digital space has made a brand’s reputation its most valuable commodity.
Financial cybercrime not only affects an organisation’s cash flow or payment systems, it also ruins a company’s credentials. Consumers and investors may not trust a bank or a company that has fallen prey to preventable cybercrimes, and brands may suffer losses that they may not be able to recover from. Banks and financial institutions need strategies that offer real-time threat-identification, deep analysis and comprehensive protection, due to the dynamic nature of their operations.
(The views expressed by the author in the article are his/her own.)
