Cyber security has been an ongoing concern for a number of years, and it’s affected companies of all shapes and sizes across a variety of sectors. As data becomes increasingly crucial to the core business activities being carried out by those companies, cyber security has rapidly evolved from a mere afterthought to the chief risk concern of many organisations – particularly across the banking and financial services sectors.

According to the 2018 half year fraud update compiled by researchers at UK Finance, which represents almost 300 UK-based, banking, mortgage, markets and payments services providers, financial services firms have been facing an unprecedented level of cyber attacks in recent months. In many cases, those increasingly sophisticated attacks are proving very successful.

Although banks and financial services providers were able to prevent a reported £705.7m worth of unauthorised fraud over the first half of the year, cyber criminals still managed to steal more than £503m from UK financial institutions through authorised and unauthorised fraud in the first 6 months of 2018 alone, equating to a success rate of around one-in-three attacks.

Authorised push payments

Without doubt the most common type of online criminal activity affecting financial institutions at present is the authorised push payment (APP). APP scams are well documented across the media, and essentially see a bank or credit account holder tricked into authorising a payment to be made from their account to somebody else’s account.

Unauthorised payment and banking fraud

Despite the increasing popularity among cyber criminals to deploy APP scams, card payment fraud still poses a seemingly insurmountable hurdle for financial services companies working to tackle cyber fraud. Over the first half of 2018, fraud losses on cards in the UK reached £281.2m.

Call centre scams

Similar to APP scams, call centre fraud is being increasingly deployed against banks and other financial services companies and it can be difficult for outsourced teams to defend against.

As banking call centres are typically considered somewhat separate from their parent institutions. This means that if call centre agents are left with limited identity verification tools at their disposal, criminals are often able to use simple social engineering tactics to impersonate account holders in order to initiate transfers with the assistance of bank staff.

Only by taking the time to recognise each threat, deploy the appropriate processes and infrastructure, and fully establish and understand an FD’s role in cyber security, will banks and financial institutions be well-placed to overcome the globe’s most common cyber crime risks.

Source: Financial Director