Cybercrime – How Secure are our Banks?

In the last year, nearly nine million South Africans have fallen victim to cybercrime and credit card scams, according to a Norton Security Survey. Both FNB and Standard Bank were recently targeted by scammers, begging the question: how safe are our banks?

“The financial services industry continues to be a prime target given the size of the industry and the fact that it is deemed as critical infrastructure. Breaches in FS industry not only return significant ROI’s, but also significant press and notoriety for the successful theft of financial related data.

All can be exploited either directly or used to create false personas, or for ransom,” said Perry Hutton of Fortinet cyber security solutions.

The advancement of consumer computing has opened up a window for cyber criminals. They are finding it easier and cheaper than ever to pull off scams says IDC Sub-Saharan Africa research manager Jon Tullett.

‘Criminals exploit technology and use social media platforms’

Beware social media platforms

“Criminals exploit technology and use social media platforms together with social engineering tactics, to perpetrate crime. Victims also use social media more to talk about their experiences,” said the Banking Association of South Africa (SABRIC).

“There is a greater awareness for cybercrime, both from the perpetrator and the victim’s perspective. Technology gives perpetrators a far wider reach with the potential of more victims.

Having said that, cyber security awareness and responsible device management by users are not only effective but necessary countermeasures. The banking industry invests substantially in security and every effort is made to ensure that products are secure. Security relating to digital banking platforms and products is a high priority,” said SABRIC CEO Kalyani Pillay.

It may be up to the consumer to protect their private details and sensitive information, but it still makes one distrustful of these big financial institutions that are supposed to be so secure. Moreover, no-one can afford to lose any money in the current economic climate.

‘The industry remains committed to combating crime’

Should we still bank with the big four?

After these breaches, many consumers now have their doubts about whether the big four have proper security structures in place to prevent such incidents from happening again. The big four banks are comprised of FNB, Standard Bank, Absa and Nedbank.

“The SA banking industry is extremely well regulated and under continuous supervision. The industry remains committed to combating crime in partnership with stakeholders and their clients. Banks and bank customers globally face numerous risks posed by organised crime and the South African experience is aligned to global trends,” remarked Pillay.

However, the big four have confirmed that they are implementing extra security measures to address clients’ concerns.

‘Customers are often unaware of how easy it is for a third party to access their personal details’

“Absa acknowledges the impact that these losses have on our customers and we therefore go to great lengths to warn customers through our channels, and provide security tools and information on our website.

We find that customers are often unaware of how easy it is for a third party to access their personal details if they are not careful. Notwithstanding all the security features and controls we have in place, we have no choice but to rely on our customers remaining vigilant with their personal information,” stated Absa.

‘Digital banking is the safest form of banking’

Banks confirm digital banking is still safe

Nedbank confirmed it would not by shying away from digital banking, but rather beefing up security to combat attacks.

“Apart from the tremendous convenience, digital banking is still the safest form of banking provided you choose a financial service provider with state-of-the-art security measures. It is also important that consumers play their part as well, ensuring that their computers are secured by the latest antivirus software…

Follow the necessary precautions you will find on your bank’s website, such as never entering your login credentials on a website whose hyperlink you received via email or other electronic messaging, and being very careful about opening email attachments, even if they seem to come from people you trust,” said senior analytics and forensic technology manager at Nedbank Lucas Venter.

“The bottom line is the same as always: consumers who take very basic steps to keep themselves secure are at much lower risk than those who don’t; in this respect security is more an education and awareness challenge than a technology problem, and that’s an area where the banks certainly could improve,” Tullet explained.

‘Banks…need to help their customers take responsibility’

What should you look for in a bank?

‘It’s not so much about who you bank with, it’s about your own behaviour,’ said Tullet

“Take whoever you bank with – do you understand what they offer in terms of two-factor authentication? Do you know how to identify a phishing email and verify that a link is valid? Do you know what an ATM card skimmer looks like? Are you alert to criminals’ shoulder-surfing your PIN at a checkout?

Certainly, the banks have a key role to play in assisting with security, but they need to help their customers take responsibility, not give it up,” said Venter

‘Check whether your bank is clued up about the latest fraud tools and techniques’

Furthermore, you should check whether your bank is clued up about the latest fraud tools and techniques.

“What worked well last year may not necessarily work well this year,” Venter advised.

When it comes to choosing a bank, start by looking at your financial needs and choose one based on these.

“Security is about behaviour and awareness. There’s room for a lot of improvement all round, and not just by the banks and their customers,” Tullet concluded.