Banks and other financial institutions both large and small are finding it tougher to recognise and combat cyber crime, with criminal elements growing increasingly sophisticated in. Kaspersky Lab and B2B International conducted a survey of major financial institutions, with 38 per cent reporting that they are finding it increasingly difficult to determine whether a transaction is genuine or fraudulent.
With a marketplace that is becoming more reliant on electronic payments and transactions, and technology advancing at a rapid rate, firms are being forced to put their best foot forward in combating crime. While many firms employ their own security measures, many are also using third-party security firms in an attempt to protect their customers. However, with cyber criminals exercising more finesse, security is less than perfect. Many security programmes produce false positives in their search for fraud, tying up genuine customers, and potentially harming the bottom line. Indeed, fraud is expensive; the Annual Fraud Indicator 2016 estimates that it costs the UK as much as £193bn ($240bn) annually across all segments of the economy.
Ross Hogan from Kaspersky Lab highlighted that cyber-attacks could be contagious. “The interdependence of the digital relationships between all financial services market players also means that if any one organisation in the value chain experiences a digital service issue – whether due to fraud, breach or cyber attack – the damage can quickly spread to the other organisations in that digital financial service value chain. As the already high volume of customer demand for online transactions continues to increase, all companies (its customer-facing digital platforms, infrastructure, data and employees) should be secure, convenient and prepared,” Hogan said.
Despite the cost of fraud and the growing existential threat of cyber criminals, corporate treasurers reported to Kyriba and the Association of Corporate Treasurers (ACT) that they are still overwhelmingly reliant on traditional cash monitoring measures. While firms are doing what they can to shore up their security gaps, PwC found in their own cyber crime survey that just 37 per cent of organisations across the economy have a security incident plan, leaving large segments of the economy completely exposed. Meanwhile, 14 per cent of organisations reported that they don’t have any plan to implement a security plan to prevent a cyber attack.
Although 61 per cent of CEOs reported that they were concerned about cyber security, less than half of board members have any clue about their organisation’s cyber readiness. The PwC report is indeed troubling, and illuminates all the reasons why cyber criminals may feel emboldened in an increasingly electronic world. So what do organisations and treasurers have to look forward to in the coming months and years when it comes to fraud? For one, a criminal element that is using technology to its advantage, but also thinking outside the box in how best to utilise the marketplace to find opportunity for criminal enterprise.
For example, when one thinks of the colossal human tragedy that is the migrant crisis from the war-torn Middle East, we often do in terms of cultural and political ramifications – criminal elements, many of which have ties to organised crime and terrorist links, use the plight of migrants and refugees to launder money through some of the world’s foremost financial institutions. While these institutions did not sign up to solve a key component of an enormous global political conundrum, they are a key ally in the fight against human trafficking, money laundering, and fraud through electronic means.
The journalists that worked on The Criminal Migrant Shipping Network Project, a six-month investigation into companies profiting from selling journeys to migrants and refugees, were granted access to Accuity Fircosoft’s compliance data and from this, found that Europe’s financial systems were supportive of this exploitation.
“Their presentation, entitled ‘How Europe’s Migrant Crisis Finances Terror’, will expose the dark shipping network and the logistics behind the exploitation of migrants, as well as exploring the financial circuits supporting human traffickers and their links to Europe’s financial systems. It will emphasise the need for financial institutions and corporations to be aware of the risks of doing business with entities which could be connected to these extremely profitable criminal organisations,” GTNews reported earlier this year. As the threat of financial crimes through electronic processes evolves, the way organisations combat it needs to as well. However, some statistics show that just understanding the key threats is an issue for a startling percentage of firms.
In the 2015 Accenture Global Risk Management Study, a vast majority of firms admitted they were beefing up their risk management spending; perhaps the most inviting statistic for financial criminals is the fact that a third of respondents admitted they were hiring risk management firms in order to better understand cyber crime. In other words, criminals looking to exploit gaps in protection are finding very fertile ground from which to work. That said, risk management is a steady enterprise, with a need for understanding complex, ever-changing threats at a critical mass.
What this threat also might entail is far greater interbank cooperation, as best to prevent overwhelming losses, particularly in fragile parts of the world. Banks in Bangladesh, Vietnam, and the Philippines have all recently been targeted, generally by a criminal organisation known to law enforcement agencies and financial institutions as Lazarus. With multiple banks targeted, Symantec, the cyber security firm, revealed the existence of a cooperative measure dubbed Operation Blockbuster, which seeks to limit the scope of damage that enterprises like Lazarus can carry out.
Attacks by Lazarus and cyber gangs like them also prompted organisations like SWIFT to recalibrate their thinking in terms of security, once again promoting cooperation between banks across the globe. SWIFT subsequently installed a new two-step authentication system and greater system of standards to detect fraudulent acts.
Perhaps this is the future of cyber-security: great partnerships between banks and other firms, in conjunction with security firms like Symantec and Kaspersky, as best to protect their interests and the interests of their clientele. The days of firms going it alone on security seem to be coming to an end – this might make it all the more difficult for cyber criminals to steal money, information, and in a very real sense, lives.
With 57 per cent of respondents of global corporations in a survey carried out by Strategic Treasurer and Bottomline Technologies admitting they have no framework in place to combat payment fraud, it would appear that it is risk management firms making the best of the situation by getting themselves hired by corporations seemingly one step behind savvy criminals.
Corporations and banking institutions sharing critical security measures, particularly in an increasingly interdependent world, might be the ticket toward getting out in front of the latest and most elaborate threats. But it may take a calamitous event, or a terrible public relations hit before we see a truly interconnected security standard in place (how many firms dread being exposed as the one utilised by those wishing to carry out terrorist attacks in their grab for funds?). Until banks and other corporations get serious, cyber crime and fraud represent a cottage industry for criminal actors, and a threat to institutions heavily relied upon to preserve the overall health of the global economy.
By Keith Sonia