by Dr. Anand Singh, Chief Information Security Officer, Alkami
Social engineering and fraud events continue to be major issues for financial institutions (FIs). Attackers continue to focus on the weakest entry point: the user. To defend against ever-evolving cybersecurity threats, banks and credit unions must secure their users as much as their internal systems.
In our latest Gold Standard Series event, Alkami Senior Sales Engineer, Jimmy Miller and I sat down with First Tech Federal Credit Union Vice President of Cyber Security and IAM, Grant Gaines, and Appgate Director of Sales Engineering – Americas, Josh Schleicher to explain key steps that will help FIs increase user security.
Training to combat escalating fraud attempts
Over the last few years, incidents of fraud have escalated rapidly — PwC’s Global Crime and Fraud Report calculated the total loss volume related to fraud at $42 billion.
With such a high dollar amount, the need for a security program is apparent. Many FIs have dedicated investigation resources to identify fraud and recoup losses, but banks and credit unions can take a more proactive approach to prevent loss by implementing a security program.
With a security program, FIs can drive security consciousness through awareness training for their employees and users. Training should provide education on creating effective passwords, expand users’ understanding of the threat landscape by presenting examples of phishing sites, or even involve sending test phishing emails to users so they can better understand how phishing looks and works. Some FIs have also found it effective to educate their users through dedicated sites.
Internally, security teams can run tabletop exercises to prepare for the various fraud scenarios that FIs face, like social engineering, proximity fraud, and distance fraud.
Fight cybersecurity with your digital banking platform
The ways FIs experience fraud is unique, but all can mitigate threats by utilizing the latest innovations in fraud solutions. FIs can use a forward-thinking digital banking platform to protect users.
Security features, like risk-based authentication, can be built into a digital banking platform to balance ease of access and security. The following are some examples of risk-based authentication on the Alkami Platform:
- Machine authentication – Driven by a cookie and other device information collected through the platform to identify that device
- Geo IP authentication – Identifies the transaction’s IP and city/state information
- Velocity evaluation – Traces IP logins between locations to determine a user’s true location
Ultimately, a secure platform must have the capability to utilize data that comes from user behavior to learn and identify routine use.
New trends in cybersecurity threats
Fraud schemes that rely on classic methods are still prevalent, but they also continue to evolve. For instance, some phishing has shifted from email to text messages, and fraudsters still seek user credentials through social engineering, but access funds through new methods like P2P instead of ACH or wire.
Fraud actors are growing more sophisticated in how they manage those accessed funds as well. They are now using synthetic accounts and their own networks of online banking systems to manage funds. Rather than the usual direct face-value phishing site that tricks users into sharing their credentials, subdomains of legitimate sites are being compromised, making for increasingly potent fraud scenarios.
Increasing fraud during the pandemic
Attackers are leveraging the chaos of the pandemic to confuse users. Wide-scale financial events like the release of stimulus checks and PPP loans were targeted heavily. Since March, the financial industry has seen between 350-700% increase in phishing and scam emails. These communications covered airline refunds or status changes, charitable opportunities, and COVID testing or vaccine programs and directed users to spoofed domains.
While communicating this trend to users is important, remember that this is no different from any other event that users should be aware of. New tactics to acquire user credentials and breach accounts will always appear.
There will always be fraud, and there isn’t a silver bullet to eliminate it, but creating a secure environment with the right tech partners and user security training greatly helps prevent losses.
Thank you to First Tech, Appgate, and attendees for another great Gold Standard Series event!
You can watch Securing Digital Banking Users on demand by clicking the link below.