Cybersecurity Awareness: What Banks and Credit Unions Need to Know

Posted by Anna Lothson on Oct 13, 2017 10:38:41 AM

October is cybersecurity awareness month — a prime time for banks and credit unions to re-think how they are managing their card fraud detection strategies. Then again, companies should be doing this the other 11 months of the year, too.

Financial institution leaders need to be constantly thinking about how to evolve their card fraud detection management and update their cybersecurity measures - or risk making their organizations increasingly vulnerable. Today, fraud management is more than just reacting to industry alerts. Being reactive, instead of proactive, about cybersecurity, will leave an organization always playing catchup.

The problem with having reactive strategies that rely on responding to industry fraud alerts is that they often take too long to learn about. Regardless of how fraud occurs, and through which channels it worsens through, banks and credit unions need is the ability to detect CPP faster than many industry alerts currently allow. They also need the ability to track fraudster behavior in order to predict the likelihood an account will turn fraudulent.

This is where the power of machine learning and better data analytics comes into play — technology that will continue to be a game-changer for the financial service industry. Particularly in a world where fraudsters are harvesting card numbers, identities and bank accounts on the dark web faster than fraud departments can keep up with, a greater sense of how to manage cybersecurity threats matters in today’s fraud-filled ecosystem.

Cybersecurity Awareness: The Evolution of an Age-Old Market

Infiltrating bank accounts is far from a new concept for criminals. What used to be a heist that involved physically breaking into vaults and stealing loads of cash in large unmarked bags has transformed into a sophisticated digital crime. It now involves fraudsters launching targeted attacks into a customer’s account through methods that allow for hackers to quickly steal account numbers, personal credentials, funds and a whole other droves of information that banks (or their customers) do not want in the wrong hands.

In the year 2017, fraudsters’ goals are the same as they’ve always been: Getting access to large amounts of money in short spans of time. Their methods, however, have evolved — relying on heavily sophisticated cybercrime techniques that are rooted in many of the technologies financial institutions rely on to thwart of cyberattacks. One major problem is just how sophisticated the methods of fraudsters have gotten today.

Banks are using new tools to fight fraud — machine learning, automation, cloud technology, etc. — but so are the fraudsters. But they’re getting faster and better and fraud is evolving faster than financial institutions can manage.

The monetization of compromised cards and harvesting of financial credentials has become a sophisticated industry. Not only are fraudsters getting access to financial credentials and bank accounts more and more, card fraud is occurring faster than a bank can detect a compromise, identify compromise cards, reissue the cards and call the cardholders.

As a result, the impact of cyberattacks and credit card fraud are becoming more widespread, impacting more customers in shorter time spans. No longer do hackers have to physically attack financial accounts via an institution or ATM. Technology has given them a gateway to infiltrate networks via cyberattacks in ways that are more damaging and wide-reaching than ever before.

Cybersecurity Awareness: Security Gaps Financial Institutions Face

There’s a few basic steps needed for banks and credit unions to fully protect themselves from cyberattacks that lead to payment card data breaches.

The obvious, but often overlooked, point is ensuring employees are trained on the right security procedures. Employees, and lack of training, often an create an entry point for cyberthieves — without even realizing how. Financial institutions must make cybersecurity training a key component of new employee onboarding and continuing employee education to shut off this potential avenue for cyberthieves.

The 2016 Ponemon Institution Cost of a Data Breach Study found that the consolidated total cost of a data breach in 2016 was approximately $4 million.  Increasingly, cyberattacks are contributing to a rise in card fraud. Having a plan in place can drastically reduce the chances that a breach will occur. But that’s not quite enough. As any company takes measures to prepare for the possibility of a cyberattack, they need to think about investing in the right types of platforms that deliver better fraud detection than banks themselves can deliver on their own.

Gone are the days where relying on traditional industry fraud alerts enough. Those often take weeks to recognize that fraud has actually occurred, and by then it’s too late. Instead, what banks and credit unions need today is fraud teams ready to invest in machine-learning-based technology platforms that deliver faster, better and more accurate fraud detection — through proactive strategies that allow organizations to react quicker.

Relying on CAMS alerts, for example, won’t make the cut today. What’s needed is working with companies like Rippleshot, which through its flagship product, Sonar, can analyze millions of card transactions daily to proactively detect compromised merchants and identify an issuer’s at-risk cards. From that, banks and credit unions are equipped to rely on Sonar’s Fraud Forecast™score assesses each card’s total exposure from all breached merchants to determine the probability that it will become fraudulent.

The end result? Issuers are empowered with a strategic action plan to meet their fraud loss and reissue goals while minimizing customer impact. In a world where cybersecurity, cyber fraud and cyberattacks are going to continue to be buzzwords, now is the time to invest in the right technology that will help financial institutions stop the spread of fraud faster in order to minimize losses and customer impact.

Topics: Fraud, Cybersecurity