Recent reports from The Wall Street Journal (WSJ) regarding a sizable increase in the number of cyberattacks on big banks may have been greatly exaggerated. Some industry experts believe that financial services companies have not seen a rise in cyberthreats at all.
Bill Nelson, CEO of the Financial Services Information Sharing and Analysis Center (FS-ISAC), told PYMNTS that these rumors are likely the result of an overzealous watchdog, or security vendors that are hoping to create a market for their offerings. That said, financial institutions (FIs) aren’t out of the woods yet. There hasn’t been a surge in the amount of fraud specifically targeting financial services firms, but the overall fraud rate is climbing, particularly as consumers embrace mobile banking applications and digital banking channels.
“We saw that report, and it was news to us … but attacks are always increasing,” he said. “So, I think [banks] need to be vigilant. I think organizations need to invest in new technologies and [make] sure they’re catching any critical systems vulnerabilities. … They have to know what [and who] the biggest threats are.”
Banks seem to be following that advice and have ramped up fraud prevention efforts in recent years. The technologies implemented for this purpose have a wide range of applications and uses, and they each share and rely upon data.
Using Data To Fight Fraud
One of the biggest challenges for banks is the sheer amount of attack methods. FS-ISAC officials have seen fraudsters use a wide, and expanding, range of techniques. These attacks are not just growing in number, though — they’re becoming more adept at wreaking havoc.
“Cybercriminals remain a threat, particularly those who steal money, because they go after banks and their customers — companies like retailers,” Nelson said. “The number of different attacks has really increased over time, and they’re more sophisticated. There’s more malware and more variance emerging all the time.”
The ever-growing list of cyberattack methods, paired with the surge in digital transactions, means that banks and FIs that want to avoid becoming the latest victim of cybercrime need to invest in systems that can detect cyberattacks. Modern fraud prevention solutions are built around new, emerging tools and technologies, like machine learning (ML) and artificial intelligence (AI).
“Detection is really important,” he noted. “Ultimately, it’s about how you respond if and when you do detect something. You need to make sure you have the right software to clean that malware off not only your systems, but customer systems as well.”
Nelson also mentioned solutions like two-factor and knowledge-based authentication as powerful tools that banks could deploy to ward off cyberattacks.
Newer, sophisticated attack methods are becoming more difficult for banks and FIs to detect and prevent. When cybercriminals work together, they learn from each other’s successes to create more effective malware.
“There are a number of different threat actors and cybercriminals. We’ve seen as many as 78 different forums for cybercriminals, where they can share information about how to launch an attack, and how to make an attack successful,” he said. “They have a huge network of people.”
Banks and FIs can collaborate in the same way, however, which is a crucial weapon in the fight against fraud. If these institutions share data on cyberattacks, fraudulent transactions or other incidents, they can provide more ammo to AI and ML systems, which rely on information like this to detect and prevent fraud.
Sharing information can also help banks differentiate between unsubstantiated attack rumors, like the one seen in the WSJ, and legitimate increases in cybercrime. This allows FIs to spend less time preparing for threats that never come to pass, and more time focusing on fighting the attacks that do impact their organizations. As more banks and FIs adopt AI and ML solutions, real-time information sharing on both successful and failed attacks, as well as the properties that separate legitimate transactions from suspicious ones, will likely become more important.
“This isn’t just executives getting together for a nice dinner and discussing what’s happened over the past quarter,” he said. “This requires banks to say ‘Hey, I’m being attacked, and this is what I’m seeing,’ and share that information with other banks so they can protect their infrastructure and, more importantly, their customers.”
Collaboration will become key in fighting fraud in the coming years, particularly as banks continue to face increasingly specific types of attacks.