Cyber criminals are increasingly circumventing a bank’s security to gain access to sensitive financial data. Getty Images
Cyber criminals are increasingly circumventing a bank’s security to gain access to sensitive financial data. Getty Images
Cyber criminals are increasingly circumventing a bank’s security to gain access to sensitive financial data. Getty Images
Cyber criminals are increasingly circumventing a bank’s security to gain access to sensitive financial data. Getty Images

Business

Money

How banks can strengthen defences against cyber criminals

Updated IT infrastructure, advanced threat detection and multi-factor authentication key to safeguarding customer

Corey Thompson and Olivier Busolini

June 26, 2024

  • English
  • Arabic

The digital era has opened doors to a wealth of opportunities but also challenges for the banking and finance sector.

While bringing unprecedented speed and convenience to customers, it has also created multiple channels that malicious actors can try to exploit for profit.

According to the Interpol Global Financial Fraud Assessment, widespread technology adoption is fuelling a rise in digital scams.

The use of artificial intelligence, large language models and cryptocurrencies, combined with phishing and ransomware-as-a-service business models, has resulted in a growing number of fraud campaigns without the need for advanced technical skills, and at relatively little cost.

The Global Anti-Scam Alliance has found that scammers stole more than $1 trillion from victims around the world last year. Only 0.05 per cent of these scammers were caught.

What is even more alarming is that these attacks are becoming more sophisticated and co-ordinated, highlighting the increasing intent of cyber criminals to circumvent a bank’s security and gain access to sensitive financial data.

This underscores the importance of continued investment in security measures.

Putting up cyber defences

In this complex cybersecurity landscape, banks are arming themselves against attacks by continuously increasing the awareness of their staff and clients and improving their working processes.

They are also updating their IT infrastructure, implementing advanced threat detection systems, enhancing security protocols and adopting multi-factor authentication to safeguard customer data and transactions.

The Worldwide Security Spending Guide by the International Data Corporation indicates that the financial services and government sectors are poised to emerge as the foremost contributors to security expenditure in the Middle East and Africa this year. Their joint spend is projected to account for nearly a third of the market’s value.

Knowledge is power

Educating customers to help them protect themselves from phishing and smishing (using text messages) attacks and prevent unauthorised access to their accounts plays an important role.

Banks are raising customer awareness through regular communication on cybersecurity risks. For their part, customers can contribute by staying informed and vigilant about their digital footprint.

Customers are naturally concerned about the security of their identity as well as personal and financial data and the confidentiality and integrity of their digital transactions.

Banks should aim to establish a dialogue with their customers on safe digital practices and be alert and aware of phishing and smishing patterns.

Improving communication techniques is key to ensuring their customers are engaging with and acting on these important messages.

The transformative impact of AI

Banks are increasingly using AI for fraud detection and behavioural analytics to prevent unauthorised transactions, while blockchain’s decentralised ledger provides an added layer of security for transaction records and strengthening data integrity.

By analysing various data points in real time, banks can assess customer behavioural patterns and device integrity and apply machine learning to detect irregularities in these patterns to invoke higher security thresholds.

Making security invisible

Historically, security manifested in high levels of customer friction, such as multiple passwords, pin numbers and one-time passwords.

The vision for the future is to make security invisible.

How criminals use technology to defraud victims – in pictures

  • The use of technology in everyday lives has led to growth in scams and fraud. Reem Mohammed / The National
    The use of technology in everyday lives has led to growth in scams and fraud. Reem Mohammed / The National
  • Phishing is one of the most common methods used by fraudsters and it involves sending an unsolicited email that appears to be from a financial institution or online retailer. The National
    Phishing is one of the most common methods used by fraudsters and it involves sending an unsolicited email that appears to be from a financial institution or online retailer. The National
  • Smishing — the SMS equivalent of phishing — is where fraudsters falsify the telephone number so it appears to be a genuine text from a bank or well-known company. Chris Whiteoak / The National
    Smishing — the SMS equivalent of phishing — is where fraudsters falsify the telephone number so it appears to be a genuine text from a bank or well-known company. Chris Whiteoak / The National
  • Vishing is the telephone equivalent of phishing and smishing. Fraudsters may pose as bank staff, police or government officials. Getty Images
    Vishing is the telephone equivalent of phishing and smishing. Fraudsters may pose as bank staff, police or government officials. Getty Images
  • SIM swap involves fraudsters duplicating the SIM of your mobile number without your knowledge or authorisation, allowing them to conduct financial transactions with your bank. AP
    SIM swap involves fraudsters duplicating the SIM of your mobile number without your knowledge or authorisation, allowing them to conduct financial transactions with your bank. AP
  • Identity theft is where someone illegally obtains your confidential information, through various ways such as theft of your wallet, bank and utility bill statements, computer intrusion and social networks. Getty Images
    Identity theft is where someone illegally obtains your confidential information, through various ways such as theft of your wallet, bank and utility bill statements, computer intrusion and social networks. Getty Images
  • Prize scams involve fraudsters claiming to represent well-known organisations. They contact victims to tell them they have won a cash prize and request them to share confidential banking details to transfer the prize money.
    Prize scams involve fraudsters claiming to represent well-known organisations. They contact victims to tell them they have won a cash prize and request them to share confidential banking details to transfer the prize money.
  • Instagram influencer Ramon Abbas, known as Hushpuppi, used a technique known as business email compromise.
    Instagram influencer Ramon Abbas, known as Hushpuppi, used a technique known as business email compromise.
  • The tax authority said some bank customers in the UAE have received phishing emails impersonating financial institutions. EPA
    The tax authority said some bank customers in the UAE have received phishing emails impersonating financial institutions. EPA
  • Jenny Ross, Which? Money editor, says: ‘Scammers are relentless when it comes to wanting our personal information and ultimately our money.’ PA
    Jenny Ross, Which? Money editor, says: ‘Scammers are relentless when it comes to wanting our personal information and ultimately our money.’ PA
  • Netflix's The Tinder Swindler tells the story of three women who say they were conned out of $500. Photo: @simon_leviev_official via Instagram
    Netflix's The Tinder Swindler tells the story of three women who say they were conned out of $500. Photo: @simon_leviev_official via Instagram

Cyber threats transcend borders

Cyber threats are also becoming more transnational in nature. International co-operation is crucial to combat cyber threats.

Sharing threat intelligence and establishing unified cybersecurity standards help create a more secure global banking environment.

Cybersecurity measures adopted by banks for decades have been significantly contributing to industry standards, such as the US National Institute of Standards and Technology Cybersecurity Framework, and regulations like GDPR.

This ensures that customer trust and confidence are upheld through the definition and implementation of best practices.

An example of an emerging best practice is device binding, also known as device registration, which links the customer’s mobile device to the bank’s app, treating the device as a security credential.

This allows customers to securely transact on that device and provides them with peace of mind, knowing that higher-risk transactions can only occur on their registered device.

The future of cyber security

Looking ahead, banks are poised to face an increasingly complex set of cyber challenges, including quantum computing threats to encryption, sophisticated cyber attacks leveraging emerging technologies, such as AI, including generative AI, and the need for adaptive security architecture.

To stay ahead of these challenges, fostering a culture of cyber security is imperative. Banks must invest in next-generation security solutions and continuous education, while customers must improve their knowledge and awareness of cybersecurity threats and vigilance in their digital interactions.

Only this way can we build a robust and secure financial ecosystem that can thwart the hostile intentions of cyber criminals.

Corey Thompson is executive vice president and head of digital for retail banking at Mashreq. Olivier Busolini is executive vice president and head of information security at Mashreq.

The specs: 2018 Jaguar E-Pace First Edition

Price, base / as tested: Dh186,480 / Dh252,735

Engine: 2.0-litre four-cylinder

Power: 246hp @ 5,500rpm

Torque: 365Nm @ 1,200rpm

Transmission: Nine-speed automatic

Fuel consumption, combined: 7.7L / 100km

Updated: June 26, 2024, 4:00 AM
Personal financeBankingCyber crime