In 2016, reported data breaches increased by 40%. With large-scale security breaches becoming more sophisticated, it behooves businesses, especially financial institutions, to ensure their security is top-notch. After speaking to several banking institutions, here are the top 4 threats we are seeing today:
- Fraud threats / wire transfer scams
- Tax phishing schemes
- Tech support scams
We spoke with several banks recently and heard the top concern right now is wire transfer scams, and with good reason. According to the Association for Financial Professionals’ Payments Fraud and Control Survey, the number of businesses reporting payments fraud has increased to 74%, the largest share on record (previous record-high shares of 73% were reported on both in 2009 and 2015). This is largely due to the quick payment clearing timeline—which is much faster than ACH or check.
Specifically, customers’ email accounts being hacked and online banking accounts compromised, as fraudsters impersonate clientele. Why are such scams on the rise? Wire fraud schemes that rely on targeted email phishing are more common and sophisticated, each year. Your client’s CFO receives a fraudulent email from the CEO (either spoofed or the CEO’s email was hacked) asking the CFO to send an outgoing wire. The CFO, eager to help his boss, prepares a wire and send it to the bank. The bank does the customary call back to the CFO who validates the request. The wire is sent to a foreign country. The next day the CFO learns that the CEO actually never sent that request to him; the bank followed its protocol, but the money is lost for the client. In fact this exact scenario happened to one of our clients. We now work diligently with all of our customers to educate them on how to protect themselves. This cannot be a one-time educational event and has to be built into a company’s core and reinforced on a regular basis.
By finding individuals who haven’t enabled privacy features on their social media accounts and then using that publicly-available data to craft believable, fraudulent emails, criminals trick consumers and businesses into quickly sending funds by creating fake, urgent situations. Frequently, victims don’t realize they’ve been duped until they confirm the transfer of funds with a vendor or manager—when the money is already long-gone, just like the above scenario.
So what can you do to protect your business?
- Assess your internal controls. Do you need to do more to protect your business? Are there any potential areas for breach?
- Ramp up your technology security controls. If you do not have the expertise in-house, definitely search for a firm that can help you.
- Dedicate time to build up employee training and implement rigorous procedures. Ravin Yadav, Vice President for J.P. Morgan Transaction Services and Fraud Expert, says, “Rigorous application of simple procedures such as callbacks and validations go a long way in detecting and preventing a fraud loss.”
If your business falls victim to phishing or wire transfer fraud, you may never regain those customers again.
At iuvo Technologies, security is our top concern. We help protect banks and financial institutions from malicious attacks. In today’s modern world of cybercrime, you need advanced solutions, training, and a qualified infrastructure partner to implement them. Stay tuned to read more on our top security threats for banking institution blog series.