Fraudsters are approaching their less-than-ethical business models with healthy work ethics. Headlines are filled with reports of service outages and data breaches, and both banks and consumers are contending with rising fraud concerns as digital banking takes off.
Fraud threatens everyone, yet customers rely on their banks for protection. One study determined that roughly one-third of consumers have been victimized by fraud, leading them to contact their financial institutions (FIs) to change login credentials, cancel credit cards and guard against suspicious transactions. This means consumers also blame FIs when data breaches occur, regardless of the entity actually at fault. Separate research indicates that 51 percent of holiday shoppers will hold their FIs, payment processors and retailers responsible if they experience fraud.
Maintaining consumers’ trust is critical for FIs, and it involves more than simply upgrading fraud detection systems. The global advance of open banking initiatives means many consumers’ online platforms are connected to challenger banks and FinTechs that lack the funds necessary to provide robust fraud protection measures. Such weak points can give cybercriminals opportunities to access open banking participants’ data and could lead to other large-scale fraud events that will drive consumers away from their banks.
FIs must thus find ways to shore up such weak points if they wish to keep their customers loyal and secure. The following Deep Dive explores the obstacles encouraging fraud and the actions banks can take to protect their customers.
The Technology Gap That Fosters Fraudsters
FinTechs often market themselves as technologically savvy, claiming they have created innovative digital tools that improve upon established banks’ offerings. The unfortunate truth is that fraudsters also rely on technological prowess to launch attacks against challenger FIs. Newer banks usually feature less developed security systems, providing veteran cybercriminals with additional ways to find and exploit weaknesses. Digital FIs often lack the startup capital needed to build bespoke fraud protection systems as well, and one bank’s weak security algorithms can harm both it and its partners.
Open banking requirements are also leading to changes in how FIs must store and process data, increasing the fraud challenges confronting the increasingly connected financial landscape. European banks must comply with regulations such as the revised Payment Services Directive (PSD2), which mandates that they share data with newer FinTechs. FIs around the globe are also grappling with faster payments networks, such as the one created by The Clearing House (TCH), that add speed by automatically processing many transactions and managing the data they generate.
Such developments provide openings for fraudsters, especially as less established banks are less able to detect potentially fraudulent transactions. Their lackluster fraud tools can affect larger legacy banks’ operations, too, as challengers’ untested software may indicate that transactions are trustworthy when they have actually failed to spot fraud.
Larger banks can easily implement two-factor authentication and other effective security measures, but challengers must often wait years before they have the funds to implement sophisticated anti-fraud technologies. Fraudsters thus rely on this technology gap to circumvent the strongest anti-fraud measures employed by established institutions.
Bigger Banks And The Problems With Data Security
Legacy banks have taken recent security missteps as well. Capital One and Wells Fargo have experienced several high-level data breaches that compromised millions of users’ personal data, for example. The former’s breach affected 100 million U.S. and 6 million Canadian customers, exposing details like credit card numbers and names.
These breaches speak to the same data storage issues plaguing challenger banks. Capital One kept its customers’ data stored on a private cloud server, and a simple infrastructure firewall flaw allowed fraudsters to swipe personal details.
Banks are unlikely to spurn open banking platforms or stop using the cloud, meaning FIs of all stripes must ensure they carefully watch where data is going as connections are made. Cybercriminals are patient, and they can compromise an entire network if they identify one weak spot. It is up to banks to ensure there are no vulnerabilities to find.