Security & Fraud

Why Bank Security Is About More Than Preventing Attacks

Nick Shevelyov, chief security officer at Silicon Valley Bank, says FIs can no longer expect, or hope, to stop every incoming cyberattack — and using AI and ML to identify threats isn’t the 100-percent fix. In the latest Omni Security and Authentication Report, Shevelyov tells PYMNTS what is.

The world can be a scary place these days, especially for banks. According to recently released reports, fraudsters are continuously targeting big U.S. banks, and these attacks are increasing in both frequency and sophistication.

Now, security providers and financial institutions (FIs) are working to stop them from impacting banks’ assets and customers by turning to new, emerging technologies like artificial intelligence (AI) and machine learning (ML). Two-thirds of banks and 83 percent of FIs have experimented with the technology already.

Silicon Valley Bank, according to Chief Security Officer Nick Shevelyov, uses AI and ML to rapidly analyze massive troves of data and find signs of suspicious or fraudulent transactions, malware and other indications that fraudsters are afoot.

“We’ve used [AI and ML] on the front side and the customer-facing side of the bank,” he said in a recent interview with PYMNTS. “[It analyzes the] behavior of clients to look for fraudulent and malicious activity, and we use that on the security side.”

The company also uses firewalls to prevent fraudsters from gaining unauthorized access to customer records or bank assets. Yet, even when working together, techniques and tools designed to stop cyberattacks are no longer enough. The cybercrime market is growing more sophisticated, and producing more than $1.5 trillion a year. Therefore, efforts are turning to what can be done when not if — an attack occurs.

“Maybe 20 years ago, the aspiration was really robust security, meaning you could stop all cyberattacks,” he said. “Today, it’s about how you remain resilient when things do impact your organization.”

Preparing For The Inevitable

Shevelyov and his team don’t just focus on stopping attacks before they happen. They also deal with the inevitable risks associated with conducting financial business in the digital age.

“It’s not if the attackers are going to attack, or if they’re going to get through,” he explained. “It’s when they do, and how do you remain resilient.”

Given the sophistication of the attacks and the rising number of incidents, the best defense for modern financial institutions is to be prepared so as to minimize potential damages. This means technology and humans must work in sync to catch attacks as they’re in progress.

“We’ve got layers of technology, and if it doesn’t catch a particular attack because the attack is new, you need to have other layers in place, along with cybersecurity professionals that are always looking for bad things to happen and [can] respond quickly,” he said.

One of the reasons for this change in philosophy is the result of the rapid adoption of smartphones, mobile banking apps and other connected financial management tools. A massive amount of consumers around the globe rely on mobile devices to manage their money and interact with their FIs. While these innovations have given consumers more convenient and faster ways to access financial resources, they are also a top target for cybercriminals.

The demand for faster and simpler interactions with FIs can push some consumers to make poor security decisions, making them more vulnerable to phishing and other forms of fraud that rely on consumers to willingly give away access to accounts or security credentials.

“Today, the very technologies that empower us are also imperiling us,” he explained. “Interestingly enough, most hacks still come through email phishing attacks, since we all use email on a daily basis. We’re going fast, so attackers try to exploit that fact.”

The Future Of Omnichannel Bank Security

Despite the increased risk of falling victim to a cybercrime, most consumers don’t appear eager to reduce their use of online, mobile and other connected banking channels. Younger consumers who have grown up in a connected world tend to be the most common mobile- and connected-banking application adopters, and it’s likely  these tools will become even more popular in the coming years.

Bank customers have some simple steps they can take to strengthen their account security: using two-factor authentication, utilizing biometric authentication over passwords or being more careful when communicating with financial institutions.

“We all want to move faster, we all want to reduce friction,” Shevelyov acknowledged. “But one of the things we can do is just pause to read through emails, validating that the domain is someone that we know and trust, and even that the content of that email is legitimate.”

Those steps may sound simple enough, but many consumers value convenience over security, even when it comes to their money. As a result, banks need to invest not just in AI and ML, but other emerging technologies and solutions that can serve as weapons in the fight against fraud. This is especially important, considering how quickly fraudsters can create new methods that beat the latest cybersecurity defenses.

“You will always see cybercriminals evolve their tactics and focus on an area that has not been hardened or focused on more recently,” he said, “It’s part of the cat-and-mouse game of the industry.”

Fraudsters won’t stop targeting banks, and they’ll continue to create more sophisticated attack methods. In response, banks and FIs would be well-served to not only work toward preventing attacks, but minimizing their potential impact.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.