 |
New Banking Channels Need New Security
By John Jaser,
Internet Services Manager |
|
What worries you more? News that hackers
have infiltrated the nation’s electrical
grid, or that they downloaded the Air
Force’s plans for a new fighter plane?
How about hackers who trick bank
employees into divulging customer
information over the phone?
The bank telephone fraud works like
this: criminals hack into the customer's
contact information, then attempt a
suspicious transaction against the
customer’s account. When the bank calls
the customer to inquire about the
transaction, the bank connects to the
criminal instead. Most bankers will say,
“that’s impossible.” But criminals are
capable of many things where money is
involved.
Cybercriminals have been known to
activate the customer’s automatic
call-forwarding feature so that every
call to the victim goes straight to the
criminal. There are even reports of
criminals who specialize in mimicking
legitimate customers over the phone,
changing the victim’s credentials and
siphoning the victim’s money.
|
 |
Today’s criminals also run
their own automated call centers to impersonate
banks and credit unions via telephone, e-mail
and text-messages. Their goal? To instruct
consumers to call the phony call center and
divulge their account numbers and passwords.
The takeaway in all this? The Internet is only
one playground for today’s cybercriminal, and as
our communications methods proliferate, so will
the risks.
To date, bankers have done a good job securing
their Internet banking sites and alerting their
customers to the dangers of phishing and
viruses. Retailers are coming up to speed and
consumers are slowly learning that patching the
software running on their PCs will help protect
them from ‘drive-by’ virus infections and other
cyber tricks.
But as banks, retailers and consumers harden the
Internet banking channel, criminals are moving
to other, greener venues. By green, I mean newer
and less-protected channels. Consumers can be
fooled more easily because they are less
familiar with new forms of cyber crime. Banks
aren’t quite as ready to respond to attacks. And
the criminals reap their unjust rewards.
What can bankers do?
Very simply, incorporate security into each new
electronic channel. Decide how your institution
will respond to cyber assaults via cell phones,
PDAs, social networks and all the rest of the
burgeoning world of electronic communications.
Sound like a daunting task? Then do one at a
time and don’t accept a channel for customer
communications or transactions that hasn’t been
securitized and for which the customer is
unprepared.
Does it seem far fetched? Not by a long shot.
Research firms are predicting huge increases in
the number of communications vehicles in the
next few years. Some email signature blocks are
bursting with addresses far beyond street, city,
phone, email and fax. We are beginning to see
blog, YouTube, Linkedin and Twitter addresses
crossing the demographic lines. If your
customers aren’t there today, consider yourself
lucky – you’ve got a little more time to
prepare.
The bottom line is that criminals often target
the novice practitioner of something new. If
your bank plans to open a new channel of
communications or transactions with its
customers, have the security worked out ahead of
the launch, including counter measures should
the criminals mount an attack.
Most of all, expect the unexpected.
Internet-based crime has leaped into realms
unthinkable at the start of Internet banking and
emailing. There should be no question that our
new banking channels will be attacked just as
aggressively.
Let’s use our experience with Internet-based
crime to prepare our new banking channels. Our
customers expect nothing less, and we can
deliver so much more. |
