Recently, @briankrebs highlighted a Trojan attack which showed quite how sophisticated some cyber attacks are now becoming. The case in question is being investigated by German police, and involves a new piece of malware which convinces online banking customers to willingly transfer their own money into the accounts of criminals.
This particular case shows that, sometimes, even a layered approach to eBanking security is not enough. The only way of averting threats such as this (apart from encouraging all customers to keep their anti-malware up-to-date) is to ensure effective communication between bank and customers.
Customers should ALWAYS know how they should be interacting with their bank, across all channels including their eBanking account. Furthermore, bank employees need to know the “rules” as established by the bank and rigorously adhere to them. This way, through mutual understanding, there is a higher likelihood that both parties will know when anything out of the ordinary occurs. The confidence that develops, coupled with layered technology to thwart attacks is THE best defense against the threats of online fraud. This has recently been highlighted in an infographic, depicting the risks associated with eBanking. But defining communication “rules” isn’t enough. The only way of ensuring customers know what to look for is for us to tell them; banks must take a more proactive and productive approach to their communications with customers.
Fraud and cyber attacks cannot be a ‘dirty little secret’ anymore – like dealing with any serious challenge, banks must confront the issue head-on. They should talk to and educate their customers about the many threats they might encounter, so that they can work to counter them in partnership. And they certainly cannot afford to simply brush new issues under the carpet.
Cyber crime may not be a pleasant subject for banks to discuss with their customers, but it is one that they cannot ignore. No matter how stringent the security measures they have in place, banks will always be more vulnerable to attacks without their customers’ co-operation. And with attacks becoming ever more sophisticated, they surely need all the help they can get.