In banking, customers are enjoying seamless services via digital platforms to the extent that it sounds absurd in this era to say you are going to the bank to conduct certain transactions. Digitization is now a necessity in the banking sector, especially in this time of a pandemic where physical and social distancing are an imperative. Banks have altered their systems to respond to the changing demands of the times and the expectations of customers. All banking services can be accessed online. As innovative and forward looking as this is, moving the entire banking echo system online poses some challenges relative to cyber security.
As a bank extends its services online, it also opens up itself to threats online. Whereas in traditional banking systems the threats of fraud or robbery is confined to the locality or the catchment area of the bank, digitization makes the bank susceptible to worldwide fraudsters irrespective of their geographical location. Once a bank goes digital, it expands its threat landscape. In other words, the more the bank makes it easier for customers to access banking services, in the same light, it is also making it easier for fraudsters to also get on to the same platform and do whatever they want to do.
Research from Federal Bureau of Investigation (FBI) IC3 2019 Internet Crime Report indicates that more than $3.5 billion was reported lost as a result of cybercrimes (business email compromise, phishing, ransomware etc) in 2019 alone. This figure is expected to increase exponentially to $25 Billion by 2024. In Ghana, a report issued by the Bank of Ghana (The 2019 Banking Industry Fraud Report) indicated that cyber, ATM and e-money fraud accounted for the highest value of attempted fraud amounting to about GH¢ 63 million.
Marrying security and usability, therefore, is one key thing that any organization, particularly banks must get right.
The modus operandi of cybercriminals are many and complex. For customers, the most common detection mechanism is to check the alerts on every transaction. Once you receive a notification about a transaction that you did not authorize, you should immediately contact your branch or your relationship manager to rectify any anomaly. This is the most common way a customer will be able to identify whether or not there has been any indication of compromise on their platform.
From the bank’s perspective, there are a plethora of tools that are deployed to detect suspicious activities. There are solutions that are specifically designed for digital platforms including some that can obstruct transactions flowing from background analytics. These are quite common on card transactions where transactions can be blocked on the basis of geographic analysis.
Banks also do a lot of know your customer (KYC) checks and try to extend that physical KYC into the digital platform. Other measures include, the issuance of One Time Pin (OTP) to authorize online payments.
While Banks are constantly putting in place mechanisms that mitigate the incidence of cybercrimes, when it comes to security, the core mandate are three things: 1. To protect the confidentiality of the information we have; 2. To protect the integrity of the information; and 3. To make sure that it is available every time.
Banks exist to provide services and therefore must conduct themselves in ways that find a fine balance between providing the promised service in innovative ways while at the same time protecting the customer.
By Albert Yirenchi Danquah
The writer is the Chief Information Security Officer at Stanbic Bank]]>