Banks Reinforce Protections As Cybercriminals’ Tactics Evolve

Banks have long worked to anticipate and protect against emerging tactics of cybercriminals.

Now, with the pandemic accelerating a move toward digital product acquisition, communication, purchases and money movement, financial institutions (FIs) and their clients need to be even more vigilant.

Leslie Ragan manages transaction fraud prevention for Elan Financial Services, a unit of U.S. Bancorp, which is the parent company of U.S. Bank, one of the largest commercial banks in the United States. In an interview with PYMNTS, Ragan said technology developments have enhanced the industry’s fraud-fighting strategies, but customer awareness is still a critical component of preventing bad actors from succeeding.

Pre-pandemic, many banks were already headed on a path toward digital migration. COVID-19-related changes acted as a springboard, prompting further digital enablement and dramatically driving consumer adoption, she said. Consumers, of course, are ever-more dependent on digital connections and correspondence in the midst of economic headwinds and the public health crisis.

“As consumers turn to more digital, rather than customer-present interactions, it changed a lot of the ways consumers are interacting with payment systems,” Ragan told PYMNTS.

But as she noted, fraudsters let no crisis go to waste as they continue to explore new ways to conduct social engineering and other methods to victimize consumers under sometimes dire circumstances.

“We’re seeing a significant uptick in social engineering activity,” Ragan added.

Cybercriminals have sought to exploit philanthropic giving, consumer and small business stimulus payments, unemployment benefits and even the acquisition of personal protective equipment (PPE) as ways to leverage compromised data, steal money and make fraudulent purchases.

As fraudsters have stepped up their attempts to make off with ill-gotten gains, said Ragan, they’ve often turned to more complex uses of cybercriminal-related services and the social recruitment of consumers to receive stolen funds.

Leveraging Advanced Technologies

Ragan noted that advanced technologies like artificial intelligence (AI) and machine learning (ML) can help FIs embed defense mechanisms that glean deeper insights into consumer behavior and recognize anomalous patterns — in the process raising red flags to better prevent unauthorized transactions, identity theft and account takeover.

Ragan said, “We’re able to leverage technology-related capabilities to design programs that use large quantities of data and customer behaviors to identify risk and create protections required in today’s fast-paced payments environment.”

A comprehensive, top-to-bottom strategy tied to the right tools, products, partners and data are paramount for FIs.

“Effective cyber-fraud strategies must be comprehensive, nimble and intelligence-driven,” she said.

The battle never ends, though.

“As soon as we identify and remediate one challenge, they’re moving on to exploit the next one,” Ragan said of the cybercriminals. “It’s all about layers of defense.”

She pointed to Elan Financial Services as leveraging a comprehensive fraud strategy for the benefit of the FI clients for which it provides card-issuing services. From real-time identity proofing and credit line access strategies to online card transaction protections and safer online payment options, firms such as Elan can provide what Ragan termed “layers of security,” which in turn allow cardmembers to use their cards with greater confidence.

At The Consumer Level

At the individual level, said Ragan, it’s imperative that consumers are aware of social media requests to participate in unsolicited financial transactions or to share banking credentials.

Banks won’t ask consumers to share sensitive information such as passwords, one-time codes or PINs where they do not initiate the interaction, Ragan said.

Consumers should also take pains not to re-use passwords and strive to use good credential management. Ragan also said they should use secured (“https”) connections whenever entering payment information.

“It’s also imperative that your device of choice and the software used is kept current with patches and software updates installed frequently,” she added.