Tackling the Increased Cybercrimes in the Modern Financial Age

With modernization in technology, cybercrime has also reached an all-time high. There is not a single organization that hasn’t suffered a security breach in fact; PwC’s Global Economic Crime Survey 2018 reported 49% of organizations have been hit with cybercrime in the last two years. However, some organizations are more prone to attacks than others like the banking sector.

Why there is a need for Tackling the Increased Cybercrimes in the Modern Financial Age

There are several threats to the banking system and their customers face today. However, one of the biggest threats and also one of the hardest one to detect is data breach on the banks. The employees, contractors and partners are already inside the banks’ secure perimeters and have appropriate access to its sensitive data and IT systems. When these insiders misuse their privileged access or are compromised by external attackers, the valuable data is easily exposed. Technology is evolving day by day, giving banks more authority to expand online and mobile access, it is also exposing them to more cyber threats. Criminals can send phishing emails or set up fake websites that victim consumers engage with, giving away sensitive financial data. They also influence information from social media sites to socially engineer their way into accounts via customer service. 

Technology is evolving day by day, giving banks more authority to expand online and mobile access, it is also exposing them to more cyber threats

We have seen several high-profile breaches against major financial service institutions in the last year, and the volume and complexity of the attacks are on the rise. In October 2018, Bank Islami has reportedly come under what seems to be one of the biggest cyber-attacks in the country’s history. Bank Islami claimed that Rs2.6 million (approximately $19,500) withdrawn from the bank accounts, using its cards, have been credited from the accounts of customers. The hackers used the dark web to sell the data of Bank Islami account holders for $60-70 per account. In November 2018, some Major Pakistani banks have also faced a major data breach. According to the FIA, the ATM fraud scam has targeted hundreds of account holders and in Khyber Pakhtunkhwa only more than 200 people lost millions of rupees from their accounts.

In October 2018, Bank Islami has reportedly come under what seems to be one of the biggest cyber-attacks in the country’s history

In the wake of cyber-attacks, State Bank of Pakistan has issued the regulation of Security of Digital Payments in order to safeguard banks. SBP has made it compulsory for all the Banks/MFBs to immediately carry out extensive vulnerability assessment and penetration testing to identify potential weaknesses in their Alternate Delivery Channels (ADCs) and payment systems including Card Systems, Internet/mobile banking and agent-based/Branchless Banking etc. The assessment reports along with action plans and timelines to address the vulnerabilities shall be submitted to the Payment Systems Department (PSD).

The hackers used the dark web to sell the data of Bank Islami account holders for $60-70 per account

Moreover, from January 01, 2019, SBP also regulated all the banks/ MFBs to send free of cost transaction alerts to their customers through both SMS and email for all international and domestic digital transactions. Such transaction alerts are generated and relayed to customers immediately after the execution of a transaction. For this purpose, registered mobile phone numbers and valid email addresses of all customers were obtained, verified and updated in the bank/MFB’s database well before the deadline. But these regulations are not enough to tackle the increasing rate of cyber-attacks. Making any system 100% secure is not possible. However, there are many security measures to minimize this threat.

According to the FIA, the ATM fraud scam has targeted hundreds of account holders and in Khyber Pakhtunkhwa where more than 200 people lost millions of rupees from their accounts

• The first ever Cyber Crime bill that was passed on August 11, 2016, is controversial in its terms. According to the law, there is 7 years of imprisonment sentence to those planning, recruiting or funding terrorism or propaganda online against the state. But the sections of the Bill does not provide any provisions to protect the privacy and sensitive data of the individuals. So, the government needs to clarify and elaborate its cyber-laws so that decisions could be made properly.

SBP has made it compulsory for all the Banks/MFBs to immediately carry out extensive vulnerability assessment and penetration testing to identify potential weaknesses in their Alternate Delivery Channels (ADCs) and payment systems including Card Systems, Internet/mobile banking and agent-based/Branchless Banking etc

• Improving bank security requires industry collaboration. As more banks rely on detection solutions, it will be important for them to share the insights they learn during the nearly constant stream of hacks they face daily.

Creating awareness among employees and customers alike is particularly important because there have been many cases where an account got hacked by a malicious program after someone clicked an attachment from an unknown source

• All security measures including card operations should continuously be updated to meet any challenges in the future.

Artificial Intelligence and Machine Learning give today’s financial institutions an extraordinary advantage in the fight against fraud

• Banks should share that information publicly, most banks do not prefer to reveal breaches to the public out of fear of damaging their reputation and customer loyalty, but without open communication banks are unable to do security analysis and hence, failing in prevention of future hacks. The banking organizations should bring these incidents to light so that people could also learn the dynamics of cyber-attacks and prepare themselves for the future.
• All customers must be made aware of the dangers of opening or downloading email attachments from unknown sources. Creating awareness among employee and customers alike is particularly important because there have been many cases where an account got hacked by a malicious program after someone clicked an attachment from an unknown source. Also, they should not share their sensitive data with others.
• Artificial Intelligence and Machine Learning give today’s financial institutions an extraordinary advantage in the fight against fraud.

SBP also regulated all the banks/ MFBs to send free of cost transaction alerts to their customers through both SMS and email for all international and domestic digital transactions

The reality is that most hackers collaborate, so banks should do too. Cyber security is no more a run-of-the-mill area. Some banks have started to unite behind closed doors, but the financial industry needs to create a knowledge-sharing standard. Cyber security is a massive issue that requires a strategic re-think by taking it out of I.T. silo and treating it as separate risk equal to credit, compliance, and counterparty. Such approach is crucial to secure the banking system in the digital age.