Our lives today are entrenched in the digital space. Transacting online is a big part of this. Be it paying bills, booking tickets, shopping online or doing bank transactions; the list is endless. We might assume that all our transactions are intrinsically safe, but alas, that is far from the truth.
Combating cybercrime continues to be a priority, especially with the rise in digital transactions leading to potential threats such as UPI frauds, phishing, OTP access and more. Leading technology and financial institutions are relooking at their security systems on the back of their digital India promise. The only way to counter this is for the banking sector to take a close, hard look at how they are being defrauded and take immediate yet well-thought-out steps to prevent it.
Today, fraudsters are turning to newer technologies to defraud customers. Frauds like the SIM swap, fake KYC threats and conning customers by installing malware, banking password hacks and screen recorder attempts are all done with the help of the latest technologies available. To counter this, banks need to turn to cutting-edge technology and ensure the safety of their customers. The need of the hour is to employ cybersecurity firms who know exactly how fraudsters operate. These firms spend their time and resources in inventing new technologies to ensure safety in the banking sector.
Large banks in India have taken stringent steps to secure digital transactions for their customers, thereby setting examples for their peers and smaller institutions. Banks who do not take security seriously are putting a lot of things at risk including their reputation, the customer’s trust and their finances. On a macro level, it also hurts the economy as lakhs of crores are siphoned off, never to come back into the system. Plus, with banking processes becoming increasingly complex, bank systems are even more vulnerable. Millennials (aged 24-37) were the most targeted group who fell prey to tech-support scams. This clearly shows that it is not always up to the bank’s customers to safeguard themselves. The onus is first on banks and financial institutions to ensure they use the best and most cutting-edge technology solutions available to safeguard their customers.
The type of banking frauds that we witness today are as diverse in nature as they are dangerous. The most common of them, yet quite harmful, is when a customer’s password is hacked. Mobile phone are quite vulnerable to all kinds of attacks given that a large number of customers transact through their devices. SIM swap is a fraud where a customers’ SIM is cloned without them being aware. This fraud usually leads to large amounts of money being transferred into several bank accounts which might not be so easy to trace. Keyloggers, too, directly attack customer’s bank account and put their finances at risk. Social-engineering attacks and transaction authorisation and account-takeover fraud are also serious risks that affect the banking sector. These threats affect customers and banks directly and make a strong case for employing cutting edge cybersecurity measures.
The technologies developed by cybersecurity firms are very advanced and can help secure complex transactions; eSignature solutions for retail banking help digitise internal as well as consumer-facing agreement processes with electronic signatures. This helps deliver better experiences to both employees and customers. There’s also passwordless authentication that frees customers from relying on passwords and make it easy for them to do business with the bank.
Account takeover fraud can be countered by employing a multi-layered security approach provided by cybersecurity firms. Man-in-the-middle attacks, too, can be avoided by using out-of-band authentication options which include user-friendly SMS and push along with visual cryptogram technology to authenticate transactions. Cybersecurity firms can aid banks to meet the ever-changing compliance requirements. Banking transactions can be defended by using transaction signing services which are extremely effective to thwart social engineering attacks. These are just some of the important, sophisticated methods to beat fraudsters at their own game.
At the end of the day, it’s the bank’s responsibility to not just offer security but also an easy, user-friendly experience, and technology can enable that quite effectively. There is no reason why fraudsters cannot be defeated and the banking infrastructure can be strengthened by applying the right tech solution.
The Article has been authored by Pinakin Dave, country manager – India and SAARC, OneSpan Inc. He is a cybersecurity expert who works with international organisations that protect banks across the world from serious online fraud.