One of the recent cyberattacks against Latin American financial institutions, this one targeting Mexico’s central bank, resulted in the theft of a reported $15.2 million. Another one, against Banco de Chile in May, cost about $10 million via fraudulent SWIFT wire transfers.
Latin American seems to be making new progress toward more digital payments, and major payments firms — TSYS, just this week, and Visa in late May— are making notable moves and investments toward that future. But the recent thefts, along with other attempted and completed cyberattacks, demonstrate why payments officials in the region are expressing fresh concern about financial security there.
Fraud is a Top Worry
Evidence of that comes from Swift’s Latin America Regional Conference, held earlier this month in Miami. A poll of attendees found that fraud stands as “the main compliance concern of 31 percent of delegates, closely followed by correspondent relationships (27 percent), and OFAC and sanctions (23 percent).”
Yet a blasé attitude about cybersecurity still reigns in Latin American, according to Federico De Noriega, a partner in the finance group at Hogan Lovells in Mexico City. Discussing the recent spate of bank hacking attacks with a reporter, he said “online security hasn’t been taken seriously in Mexico’s banking sector” — which itself presents a business opportunity for firms who sell cyberattack insurance, he added.
But that may now change, he said. “There was a lot of ignorance. That tells you people aren’t aware of this risk, or they’re not taking it seriously. I think they’ll start taking it more seriously now.”
The root causes for those thefts remain a source of controversy, with some observers blaming former or current bank employees for opening the door to criminals, and others pointing their fingers at inadequate, out-of-date or weak cyber defenses. The lack of security cooperation between bankers and regulators also comes up for blame. Payment authorities in the region have generally kept their mouths shuts about the causes and potential fixes.
The Wider Costs of Cyberattacks
Mexico suffers the most cyberattacks in Latin America, followed by Brazil, according to the latest analysis from the Wilson Center. No matter where they hit, though, cyberattacks on banks in Latin American have cost them more than just losses from theft.
After cyberattacks, banks have had to switch to slower payment connection systems, according to a recent summary of those digital bank robberies, and try to placate customers unable to withdraw cash from ATMs for as long as a day because of the technology failures that can arise in the wake of those thefts.
Another risk — and another opening for criminals — concerns older, legacy technology, as attendees at the SWIFT conference in Miami discussed.
“Using mobile as a channel to reach the unbanked has certain issues,” noted the World Economic Forum’s Head of Latin America Marisol Argueta de Barillas, as some people use old mobile phones that do not have secure connections to the financial system, according to conference organizers. “She commented that these weak links in the system need to be addressed in order to protect the ecosystem.”
APIs — the software vital for the development of digital payment products — also present challenges. That’s because APIs without adequate security, or which do not run on closed-loop systems, can present easy targets for criminals seeking customer and other data that will enable digital thefts.
Passwords, too, often create a hole in the cyber defenses of financial institutions. At the conference, Nelcy Martinez Padilla, director of information security and cybersecurity at the Colombian Stock Exchange, said that during the organization’s “hacking drill” five years ago, officials learned that 33 percent of the staff had “virtually identical passwords.” Yet that recently was reduced to virtually 0 percent, thanks in part to increased awareness of cyber risks.
Overall, that awareness appears to be increasing — if, for some people, only because of the barrage of recent news about those digital thefts. The potential for the type of fraud that can result in significant losses in just seconds, leaving few clues behind, is coming into focus as Mexican banks investment meaningful capital into faster payment systems, conference attendees said. And as regulators in Latin America update FinTech regulations to help drive digital payment development, security issues more often become part of discussions surrounding those efforts.
Very few things happen overnight, and that holds especially true for Latin America’s slow embrace of digital payments, and putting up the requisite cyber defenses to protect funds and consumer trust. But the region has two of the most significant economies of the world — Brazil and Mexico — and presents many juicy targets for digital criminals. Awareness could go a long way toward making life hard for those thieves.