• 94% of financial services providers think fraud prevention should be taught as part of the National Curriculum to help consumers protect their money from scammers. 
• 72% of firms support the introduction of an official digital identity for each individual aged 16+, funded by the government.
• By 2030 consumers will no longer use passwords to access online services.
• ‘Authentaverse’ era will see the end of entering payment details and personal information during internet transactions such as shopping and banking.

New research from LexisNexis Risk Solutions reveals that 94% of financial services providers think teaching fraud prevention in schools will better protect the UK public against the risks of fraud and financial crime. 

88% of firms also said they believe that teaching online safety and digital literacy skills in school are now as important as maths and English. 

A majority of the 200 senior UK financial services firms polled also expressed concern about online safety in relation to the new generation of immersive online environments – metaverses – which will enable people to connect and transact like never before. Over half (52%) are concerned that the metaverse will lead to a high risk of fraud and financial crime, with a further 40% expecting them to lead to some risks.

The latest figures from UK Finance[1] show almost three million cases of fraud occurred last year alone, with over £1.2billion being stolen. 

Consequently, the research by LexisNexis Risk Solutions also showed strong industry support amongst financial services firms for the introduction of an official digital identity for each individual aged 16+ to be able to complete online transactions such as banking or applying for credit or insurance, with a majority saying the government should cover the costs of such a scheme.

Around half of those in favour of a digital identity scheme would like to see it used to encourage consumers to better manage and protect their personal information.

These survey findings follow the release of a new report from The Future Laboratory and LexisNexis Risk Solutions that predicts people will no longer need to use passwords online by 2030 while entering payment details and personal information during online transactions will also become a thing of the past. 

This new frictionless way to navigate internet services and eCommerce – dubbed an Authentaverse – will see online activities including shopping, banking, applying for loans and insurance policies, and managing subscription services completed in seconds, with no clicks or forms to fill in. Instead, consumers will be automatically recognised and invisibly checked based on their human characteristics, such as how fast they type, the pressure their fingers exert on device screens, the tilt of their phone, and even their heart rate. 

Digital money and identity author and expert, David Birch, explains: “In contrast to the world of the super app in which you share your identity across many different services, an Authentaverse is the world of the ‘smart ID wallet’ where different services each with their own relationship identities share strong authentication. In other words, once you are logged in to the wallet on your phone with your face or fingerprint, your wallet can provide relevant and appropriate information to service providers without bothering you again.”

Survey findings also show that 82% of finance firms think the way people are checked, verified, and authenticated during online transactions needs to improve as the UK moves more towards more immersive, virtual, and augmented ways of using the internet – such as Web3 environments and metaverses. 

Steve Elliot, Managing Director at LexisNexis Risk Solutions, added: “In the next decade, remembering countless passwords, security codes and clicking a boxed image featuring cars, traffic lights or buildings with steps will be confined to history. In an Authentaverse, consumers will enjoy quicker and hassle-free online transactions, but this requires strong, assured, and seamless digital trust to become a reality across the entire online ecosystem.

“People need to be able to trust organisations with their data and organisations need to be able to trust that consumers understand the role they play in protecting themselves, something that will require education. This mutual trust can then create greater knowledge of genuine customers and reduce the chances of criminal exploitation and fraud attacks.

“To achieve these high levels of mutual digital trust and confidence required to enable the next generation of online immersive experiences, businesses must evolve their identity and fraud checks through integrating both physical and digital identity attributes – common digital identifiers, and physical and digital biometrics – into a single, seamless, end-to-end verification and authentication process.”

In the absence of formal fraud prevention education in schools, organisations are prioritising digital trust as a strategically important factor. Survey data found that 76% of financial services firms are focusing on creating and strengthening levels of digital trust amongst customers, while 8-in-10 firms think a lack of knowledge amongst UK consumers impacts their willingness to share personal information that could otherwise help protect them. 

Click here to read the full report, The Future of Digital Trust: The Authentaverse.

About the survey. Senior leaders from 200 UK financial services firms were surveyed by Sapio Research in May 2023. 

About LexisNexis Risk Solutions
LexisNexis® Risk Solutions harnesses the power of data and advanced analytics to provide insights that help businesses and governmental entities reduce risk and improve decisions to benefit people around the globe. We provide data and technology solutions for a wide range of industries including insurance, financial services, healthcare and government. Headquartered in metro Atlanta, Georgia, we have offices throughout the world and are part of RELX (LSE: REL/NYSE: RELX), a global provider of information-based and analytics and decision tools for professional and business customers. For more information, please visit www.risk.lexisnexis.co.uk and www.relx.com.

WHY TACKLING OMNI-CHANNEL FRAUD IS KEY TO ENHANCING CUSTOMER EXPERIENCE

Christen Kirchner

Senior Solutions Expert, Fraud & AML at SAS Northern Europe

Over a decade after it emerged as a concept, providing a ‘good omni-channel experience’ has become a necessity for all customer facing industries.

As the financial service sector has become increasingly digitised, a growing number of customer touch-points have emerged. In fact, banks now interact with customers via online banking apps, SMS messages, email, face-to-face interactions, traditional paper-based methods, ATMs and even social media.

In light of this, many are focusing their attention on creating a seamless omni-channel experience for their customers, using data analytics and artificial intelligence (AI) capabilities to do so.

However, as the industry has seen time and time again, with new innovation comes new opportunities for fraudsters. As such, omni-channel fraud is becoming an increasing problem for banks.

The need to act

Omni-channel fraud is a type of fraud that occurs across multiple channels and can only be detected and prevented with multiple, advanced layers of protection.

A recent report by TransUnion confirmed that fraudsters are using every available digital channel to access consumer accounts. Between September and December 2022, 52% of consumers said they were targeted with online, email, phone call or text messaging fraud attempts.

As we’ve seen, fraudsters are ready to exploit any opportunity to make money from unsuspecting victims. During the COVID-19 pandemic, scammers called home phones and sent text messages pretending to be the government or NHS.

More recently, fraudsters impersonating Royal Mail have targeted unsuspecting shoppers with phoney delivery texts, or have turned to social media to find victims.

With fraudsters’ schemes becoming more sophisticated as customers use a greater number of channels, the onus is on banks to analyse all customer interactions together to stop fraudsters gaining access to their accounts, through detecting the risk of each transaction and flagging any anomalies.

For example, if there is an unsuccessful attempt to access a customer account from a foreign country, this should be immediately considered against any other suspicious transactions and activity, in case the fraudster has more luck through a different channel.

To get a comprehensive overview of fraud risk, banks need to take into consideration non-monetary actions, such as a client changing their address or requesting different cards. One of these activities alone may not be suspicious, however if this occurs after an attempt to access an account, it should set alarm bells ringing.

 Prioritising the customer experience

It may seem obvious, but at the centre of providing an exceptional service to customers is the ability to keep them safe from fraud. If a bank fails to update their systems to protect against the rising instances of omni-channel fraud, they risk losing out to competitors.

Equally important is the ability to detect - and then avoid contacting a customer – where an alert turns out to be a false positive. If an individual cannot complete a purchase after their bank mistakenly flags their legitimate transaction as fraudulent, or they have to spend time out of their day to rectify the issue, they will quickly become frustrated.

Currently, there is a limited ability to adapt business rules as soon as a new type of scam emerges - leading to a high number of false positives and disgruntled customers. Accuracy is key here - and advanced technology is paving the way forward.

Facilitating the solution

It is no longer good enough to view each customer touch-point as an isolated form of interaction. Banks need to focus on uniting their response, rather than leaving valuable data residing in separate silos.

AI and machine learning (ML) can help companies to tackle omni-channel fraud in real-time. This technology can constantly check for red flags and anomalies across multiple sources - providing banks with the means for a speedy, accurate response.

Within this, layered analytic methods can help reduce false positives, avoiding the need to unnecessarily bother the customer. With surges in identity fraud proving a particular concern for banks in the last few years, this technology also grants banks the ability to detect and adapt to new identity fraud trends.

As banks compete for the best clients and aim to consolidate themselves as a leader in customer service, the way forward is to understand developing fraud trends like omni-channel fraud - and act fast to protect customers.

From cybercrime and identity theft to phishing scams and fraud, there are a lot of ways our financial information can be compromised online. That’s why it’s important to take extra care when it comes to our financial data. Here are 10 ways you can protect your financial information online.

Use a VPN

A VPN, or virtual private network, is a tool that can help protect your online privacy. A VPN encrypts the data you’re sending and receiving, making it more difficult for people on the same network to intercept your information. A VPN should be a must anytime you are doing online banking or transferring sensitive financial information online.

Keep your operating system and software up to date

One of the best ways to protect your computer and your financial data is to keep your operating system and software up to date. Software updates often include security patches that can help protect your computer from new threats. To make sure your operating system and software are always up to date, you can enable automatic updates.

Use strong passwords

Another way to help protect your financial data is to use strong passwords. A strong password is at least eight characters long and includes a mix of upper- and lower-case letters, numbers, and symbols. Avoid using easily guessed words like your name or birthday. You should also avoid using the same password for multiple accounts.

Don’t click on links or attachments in email or other text messages

One way scammers try to trick people into revealing financial information is by sending fake email messages that look like they’re from a legitimate company. These messages often include links or attachments that, if clicked, can install malware on your computer or redirect you to a fake website that looks real but is actually designed to steal your information.

To protect yourself, don’t click on any links or attachments in email messages or Linkedin unless you’re sure they’re from a trusted source. If you’re not sure, you can hover over the link to see where it will take you before you click on it.

Use secure websites

When you’re shopping or banking online, make sure you’re using a secure website. A secure website uses encryption to protect your information as it’s being transmitted. You can tell if a website is secure if the URL starts with “https” and there is a padlock icon next to the URL.

Don’t enter personal or financial information on public Wi-Fi

Public Wi-Fi networks, like those you find in coffee shops or airports, are often not secure. This means that people on the same network can intercept the data you’re sending and receiving. To help protect your information, avoid entering personal or financial information when you’re using public Wi-Fi. This makes purchasing things from eCommerce sites and online retailers potentially quite risky on these networks as well. 

Use security software

One of the best ways to help protect your computer is to install security software and keep it up to date. Security software can help protect your computer from malware and other threats. Look for security software that includes features like firewalls, anti-virus protection, and intrusion detection.

Monitor your credit report

Your credit report includes information about your credit history, including any late payments or defaults. It’s important to monitor your credit report for signs of identity theft, such as new accounts that you didn’t open. This is because your bank’s security is often much less robust than you would expect. You can get a free copy of your credit report from each of the three major credit reporting agencies – Experian, Equifax, and TransUnion – once every 12 months.

Shred financial documents

Before you throw away any financial documents, make sure you shred them first. This includes items like bank statements, credit card bills, and tax returns. Identity thieves can go through your trash to find these documents and use the information to open new accounts or spend money in your name.

Be aware of scams

Stay up to date on the latest scams so you can avoid them. There are many different types of scams, so it’s important to be aware of the signs. Some common scams include fake emails or websites that look like they’re from a legitimate company, calls from someone pretending to be from a government agency, and text messages that claim you’ve won a prize. If you think you’ve been a victim of a scam, contact your bank or credit card company right away. You should also report the scam to the Federal Trade Commission and the Better Business Bureau.

Conclusion

By following these 10 tips, you can help protect your financial information online. By being vigilant and taking steps to secure your data, you can help reduce the risk of identity theft and other online threats.

The current climate has led more individuals, businesses and government entities to really take a look at what they can do to protect themselves from the very real threat of cyberattacks. Today more than ever, artificial intelligence is playing a larger role in detecting and mitigating cyber risks. 

Why do cybersecurity and insurance go hand in hand?

Risk and protection go hand and hand. The more data that is collected on someone or something, the more valuable it can become for someone who wants to use it for malicious intent. Cyber risk is a new type of risk that has appeared in the past 5 years and that is increasing year after year. The attacks themselves can come with little to no warning, and the task of recovering from one is often time-consuming and costly. 

Ransomware attacks, distributed denial of service attacks and phishing attacks are just a few of the plethora of ways that attackers can gain access to home and company networks, steal passwords and banking information and go as far as wiping clean the computers in offices, leaving nothing more than a paperweight at each desk. These attacks in fact are so common that 23% of small business owners have had an attack in the last 12 months according to a survey by Hiscox. 

Here are some examples of how AI can be used to combat specific types of cyber threats.

1. Data Poisoning

Data poisoning can be seen for literally what it is, taking data and then using it with ill intent. This is done when samples of data that are used for training algorithms are manipulated into having an output or prediction that is hostile that is triggered by specific inputs. This is all the while remaining accurate for all other inputs. 

Data Poisoning that turns systems hostile is done before the model training step. Zelros has an Ethical Report standard, where they collect a dataset signature on the successive steps of modelisation. This is a necessary check that needs to be taken that helps prove afterwards that the data has not been tampered with or otherwise manipulated. This standard can be adapted by other companies as one of the best practices when using AI responsibly.

2. Privacy 

Entities, whether they be government, law enforcement or even personal networks that have specific features within their dataset that are used to train their algorithm, their identity may be compromised. To avoid an individual or multiple identities being compromised as part of the training data and therefore adding risk to their privacy, organisations can use unique techniques such as federated learning. It boils down to training individual models locally at the source and federating them on a more worldwide scale, to keep the personal data secured locally. In general, it’s good to note that detecting specific samples of outliers and excluding them from the training is a recommended good practise to keep on hand.

3. Bias Bounties

As for older generations of software, sharing the details of an AI algorithm can become more of a liability, especially if it becomes exploited with malicious intent to harm since it provides insights into the model structure and its operation. A countermeasure, brought on by Forrester as a trend for 2022, is bias bounties, which support AI software companies to strengthen and improve their algorithm robustness.   

“At least 5 large companies will introduce bias bounties in 2022.”

- According to Forrester: North American Predictions 2022 Guide

Bias bounties are becoming the go-to weapon and armour of defence for ethical and responsible AI because they can help ensure that the algorithm in place is as unbiased and as reliable as possible. All because of the many sets of eyes and different thought processes that review it throughout the course of the campaign.  

4. Human Behaviour

Human behaviour can be some of the hardest and easiest to predict. When it comes to data or AI manipulation, our first thought might be malicious activity. However, organisations should stop to reflect on what Personal Data is being willingly shared by people even if it is not knowingly. 

Our CyberSecurity main weakness is our ability to propagate knowledge of our identity and activities in seconds to thousands of people. Artificial intelligence or even basic tools that can collect data have given this new behaviour consequences that may prove critical when it comes to cyber security.

Let’s look at an old example for reference, with geo-localisation data that is openly shared on social networks: From 2018, it shows how individual scraps of data can be gathered to provide powerful insights into an individual person’s identity and/or behaviour. 

These insights can then actually be used as leveraged by AI systems to categorise ‘potential customer targets’ and provide very specific outputs or recommendations. A more recent reference that can be reviewed is, The Social Dilemma documentary about the world of the “attention economy” that is built on this Personal Data gathering from monumental amounts of information. To decrease the impact and subsequent consequences of our Human behaviour, nothing outperforms culture and scientific awareness. Data Science acculturation is essential for more security of our private data but also for the ethicality that is baked into AI models, as detailed in the first topic of this article.

“AI tools may be too powerful for our own good”: When feeding streams of data on customers, a Machine Learning model may learn much more than we would actually like it to. For example, even when gender is not an explicit data point in customer data, the algorithm can actually learn to infer it through proxy features. All this when a Human could not, at least with that amount of data, in such a limited time. For that reason, analysing and monitoring the ML model is crucial. 

To better equips ourselves to anticipate algorithm and model behaviour, and to help prevent from occurring discrimination through proxies, a key element is diversity. This key can be and is often overlooked when discussing AI solutions. Having multiple reviewers that can provide input through their individual cultural, socioeconomic and ethical backgrounds can lower the risks of biases being placed into AI programs. Organisations can also request algorithmic audits by Third parties, which utilise their expertise and workforce diversity if the team themselves lack diversity to complete these tasks themselves. 

About the author: Antoine de Langlois is Zelros' data science leader for Responsible AI. Antoine has built a career in IT governance, data and security and now ethical AI. Prior to Zelros he held multiple technology roles at Total Energies and Canon Communications. Today he is a member of Impact AI and HUB France AI. Antoine graduated from CentraleSupelec University, France. 

Professional content writer and branding aficionado Annie Button takes a look at some key cybersecurity investments that can protect firms from losing profits.

Cybersecurity is one of the most critical areas for financial businesses to invest in, with the theft of data and hackers taking down entire sites being some of the biggest threats to companies the world over. But, ‘time is money’ and as financial business owners know all too well, cybersecurity is an ongoing task that requires relevant skills and knowledge. 

Since some businesses have historically struggled to battle against cyberattacks, the financial consequences of neglecting cybersecurity and risk factors could be devastating. So, this is an area where investing in cybersecurity pays dividends when it comes to protecting your departments’ networks and details. 

Invest in specialised security products

Cybercriminals are constantly evolving to become more sophisticated in their abilities to steal data and gain access to networks, which means your protective devices need to be updated all the time to stay one step ahead. If a criminal attacks your system and manages to gain access, the cost to your financial firm will be huge, so investing in products that will offer the best level of protection is money well spent in the long term. 

Capitalising on specialist products that are designed specifically for this purpose to get the best results and protect your business data as effectively as possible. From VPNs to firewalls and antivirus software, there are various tools you can invest in and implement to keep your business safe. 

Use centralised software

Businesses often invest in tools and devices only to wind up using a fraction of them on a daily basis. If you haven’t conducted a review of the tools you use in a while, now could be a good time. Reviewing what you actually need and unifying those tools into a single solution is not only better financially but also reduces access to criminal activity. 

It’s not just firewalls and antivirus solutions that can be effective in preventing cybercrime. Investing in the right tools for your industry will have a direct impact on how secure your business is. For example, finance businesses can reduce cybersecurity risks by implementing training policies, installing private virtual private networks (VPNs) and instigating regular network checks. Specifically targeted software will help with data compliance, improve efficiency and, above all, maintain data security for the business. Likewise, law firms can invest in case management software that keeps client documents, details and communications in a centralised location, reducing the need for additional tools. 

Back up with cloud storage

If your network is compromised and you’re the victim of a phishing or virus attack, you may need to clean the system up entirely and start from scratch. In these cases, decontaminating your data is essential. Similarly, if you’re the victim of a ransomware attack, having your data stored somewhere safe can reduce the impact such an attack can have on your business. It provides you with confidence and security that your information is protected no matter what and that you can avoid any costly ransomware issues. 

It’s advisable that you always have three copies of your data stored on two diverse sources – a local storage device and your hard drive so that you always have accessibility to your data in any event. Cloud storage is the best way to keep company data secure, whether it’s customer files, financial records or any other critical information. It reduces the cost of downtime and improves accessibility for your team, which ultimately improves productivity. 

Avoid human intervention with automation tools

Most cybersecurity operations need the human touch, but a lot of these tasks can be automated which improves productivity, reduces human error and optimises decision-making which is better for increasing profits for your business. Monitoring and detection systems with machine-based threat intelligence will classify cyberthreats to spot issues and assign a level of urgency to them, so you can respond to them accordingly. 

You may also invest in other cybersecurity automation tools, such as certificate management,  automatic software updates and user permission attribution. If you’re running a bigger business, investing in these types of cybersecurity tools can save a considerable amount of time and effort, enabling staff to focus on other tasks without impacting your level of protection. 

Train your workforce against cyberattacks

Training is always money well spent in any business, but particularly when it comes to cybersecurity. Having a workforce that’s primed to spot issues and is up to date with the latest security developments and attack trends will ensure your business is ready for a crisis and can avoid the threat of costly cyberattacks on the organisation. 

From the value in using strong passwords and multi-factor authentication to monitoring emails for phishing scams, knowing how to implement a response strategy and being cautious around payment gateways, in-person or online training can all help to save your business thousands in costly errors and it’s a relatively easy investment to make that will benefit your company in many ways. 

An ongoing problem businesses need to address

Cybercrime is a continually evolving problem that all businesses and industries need to take note of in order to protect themselves against data theft, reputational damage and financial concerns. Whether it’s training courses for your staff, specialist software products to secure your systems or backing up information for peace of mind, these investments into your business are essential protective measures that will save your business money in the long run. 

The common misconception about productivity is that it relates to staff apathy, but this is not what productivity measures. Instead, productivity improvements are created through investment in technology, supporting staff and considering new ways of working. Here, we take a look at some of the things that Finance Directors can do to boost productivity.

Process Automation

Business process automation is becoming one of the most popular and important forms of digitisation. The simple premise behind process automation is taking business procedures that take a lot of repetitive manual effort from human staff, and transferring those tasks to software and other technology. 

Naturally, there are a number of simple and repetitive tasks that take a lot of effort from finance department workers. So the move to automate these processes can save staff a significant amount of time. This frees them up to take on tasks that are more functionally valuable and productive for the company as a whole. 

Artificial Intelligence

While process automation is one form of digitisation that has become important to the finance department - it is also crucial to look at emerging technologies and possibilities. One area that Finance Directors really need to be investigating is artificial intelligence. Transformative technologies such as machine-learning algorithms and natural language tools can not be easily implemented. 

One overlooked area in terms of finance is the power of AI chatbots. These can save members of the team a great deal of time in explaining concepts and simple details to people who have questions. Of course, when the chatbots aren’t able to answer a question it can be passed on to a member of the team. But for simple queries, it can save a lot of time and boost productivity.

Invest In Cybersecurity

The finance team can be at risk from something known as Business Email Compromise (BEC) attacks. BEC attacks are often designed to trick members of the finance team and therefore disrupt processes. “BEC is a specialist type of phishing attack that is becoming increasingly prevalent,” says Simon Monahan of cybersecurity specialists Redscan, “BEC attacks are designed to impersonate senior executives and trick employees, customers or vendors into wiring payment for goods or services to alternate bank accounts.” 

As well as being frustrating to deal with, the threat of this type of attack can significantly reduce productivity, as members of the team have to confirm identities even before processing payments from familiar people. Investing in cybersecurity can minimise this risk and free up valuable staff time. 

Focus On Morale

It is often underestimated just how important morale is to a finance department’s efficiency and productivity. The world has gone through the Covid-19 pandemic and come out of the other side with many things changed. Finance Directors must recognise this and accept that they might need to do something to help refocus and improve the morale of staff. 

It is no controversy to say that when staff are happy and feel good about what they are doing, they can be more productive and efficient. This could be something as simple as ensuring more regular meetings between members of staff, overhauling how the department works, and ensuring that staff feel comfortable with any changes. 

Embrace Remote Working

With finance departments operating remotely now as the new norm, many businesses are finding that their productivity levels have increased. With flexible working patterns, employees enjoy the balance of hybrid working.

Some companies choose not to move in that direction, preferring staff to work at the office wherever possible. If you are in this position, it is important to recognise the benefits of promoting remote working. 

It is necessary not only to invest in technology and software to help finance teams become more productive but also to thoroughly consider processes and adapt well to new ways of working. Many businesses evolve their finance processes not through striving for perfection, but simply because things need to get done. Examine your finance team’s procedures and look for opportunities to improve. 

About the author: Annie Button is a professional content writer and branding aficionado.

The finance sector is extremely vulnerable to the rising number of cyberattacks, with The 2021 Cybersecurity Census Report finding that finance companies in the UK suffered an average of 60 cyberattacks in the last year. The number of these attacks continues to increase, and finance companies need to employ strategies to keep their data and networks secure from attackers.

For obvious reasons, the finance sector is an advantageous target for cybercriminals, due to the wealth of data contained within these organisations and the fact that attacks can target banks processing systems to disrupt critical financial transactions. Nonetheless, the volume and severity of the attacks we’re seeing is cause for immediate action, with mid-sized financial services organisations worldwide spending an average of over $2m recovering from ransomware attacks. 

Aside from causing disruptions to financial services capabilities and potentially substantial financial losses, financial services organisations that are victims of a cyberattack also stand to suffer significant reputational damage. For example, recent Mimecast research found that consumers think that brands should be responsible for compensating victims of scams, with 39% of consumers saying that not taking responsibility for potential customers being deceived would put them off the brand. Notably, 65% of UK consumers would stop spending money with their favourite brand if they fell victim to a phishing attack involving that brand.  This is increasingly important for the financial sector, as online banking is the second most trusted sector by consumers in the UK, but is the most leveraged sector for cybercrime, with 28% of consumers receiving phishing emails from brands in this sector.

The key here is to move at pace, and employ a security model which helps organisations control access to their networks, applications, and data, enabling the financial services sector to remain secure in the face of sophisticated attacks.

The ‘New And Improved’ Cybercriminal

The pandemic has driven more criminals online, as they have adapted to the new remote/hybrid working world by exploiting improperly secured VPNs, cloud-based services, and unprotected emails. Inevitably, external data breaches are now a matter of when and not if. On top of this, a recent report found that the LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks.

These criminals invest a lot of time in researching organisations and employees, asking questions such as: has someone been passed over for a promotion? Is someone being underpaid? Has someone received a negative performance review? Using this research, and spam/phishing attacks, criminals identify weaker links for exploitation. Criminals are then in contact with corporate insiders, asking them to install ransomware, collect information, plant malware etc. This is creating a perfect storm for many financial services companies.

The Zero Trust Model 

With this combination of internal and external threats and the risks of significant financial and reputational damage increasing, the financial sector might fear it is fighting a losing battle. But there is a model that can be adopted to keep their data and networks secure from attackers: Zero Trust. 

The Zero Trust model is founded on a simple idea, “trust no one and nothing,” this essentially means that the zero-trust security framework gets rid of concepts such as trusted devices and trusted users.  In practical terms, organisations that adopt the Zero Trust model put policies in place to verify everyone and everything, regardless of whether they are internal or external. The model provides a mechanism to secure new ways of working in the cloud while combating the risk of an insider breach. The application of a Zero Trust model is especially important when it comes to insider threats since it is this trust that hackers seek to exploit.

Zero Trust is a great way to address the challenges caused by the rapid transition to an increase in cloud spend and remote working, as it removes implied trust, with each access request needing to be verified, based upon strong authentication, authorisation, device health, and value of the data being accessed. This is one of the most effective ways for organisations to control access to their networks, applications, and data, leading to more security for the enterprise.  

Making It Seamless

One factor that must be taken into account is that, in order to be successful, the integration of zero trust systems must be as seamless as possible, otherwise complexity is re-introduced into the enterprise. Organisations need integrated solutions that optimise their current and future state of security. Avoid solutions that operate in isolation, and instead opt for platforms that integrate to form an ecosystem to improve visibility, enhance control and provide a robust set of orchestration capabilities. Ultimately, zero-trust security is more of a security model than any one tool, making it difficult to implement, especially when the infrastructure it’s being applied to wasn’t designed for new models, as there is no simple way to retrofit some systems for zero trust. For example, as a basic requirement, zero trust relies on multi-factor authentication, which many financial services may not currently have in place.  

As well as this, the financial service industry has not fully migrated to cloud solutions and large amounts of technical debt have been incurred over the years of deploying new applications coupled with digitalisation. With more than 90% of the UK’s financial firms still relying on legacy tech, business-critical information is currently continually stored on out of date software. This equipment is often not compatible with up to date software and provides several opportunities for “backdoor” access. Companies that use older legacy applications may have trouble implementing them on zero-trust networks and for this new solution to be effective, companies will also need to invest in employee training. Training for employees alongside new security solutions is the only way to minimise human error, raise awareness and truly increase cyber-hygiene across a whole organisation. 

While it's a long process, which may require the replacement of legacy equipment, and which demands inward reflection and internal reshaping, the finance sector needs to make cybersecurity a top priority. Otherwise, there is a real risk that even unsophisticated cyberattacks will cause serious damage and undermine organisations. Using new types of tools and capabilities, such as the zero-trust model, the finance sector can have a safer framework in place to help organisations tackle persistent security challenges, as well as mass remote working, allowing financial services to stay protected regardless of what comes next.

The cyber risk landscape is becoming more complex every day. However, cybersecurity professionals are overlooking common cybersecurity risk factors. However, these professionals need to give every risk the attention that it deserves. Otherwise, there's a risk of exposing an organisation if some risks get overlooked by these professionals. This article will look into some of the most overlooked cybersecurity risk factors in the financial industry. Here are some of them:

1. Vendor Risks

There's an incredible amount of sensitive data held by financial institutions. This includes social security numbers, credit card information, account credentials, etc. Some people who may access this data include payment processors and point-of-sale providers, usually known as vendors. Most financial institutions don't consider these vendors a threat. Therefore, they focus most of their cybersecurity framework on other risk factors. However, it is essential to monitor all vendors continuously. This will keep you aware of any threats these vendors could pose to your computer security.

2. State-Sponsored Attacks

Financial institutions, like many businesses, put in measures to prevent cybercriminals. What most of them don't realise is that governments can also pose severe threats to them. A foreign government may launch an attack on a financial institution to destabilise a country. The best way to prevent this is to have a robust security framework. It needs to look into the potential of certain governments attacking organisations. This will help them prevent data theft and the spread of fake news about their institution. Overall, good OT security could keep a country and economy stable.

3. Employee Errors

Banks have a thorough hiring procedure for their staff. But then, employees can still pose serious security threats even if they are honest and trustworthy. However, employee errors have increased in recent years. This has increased the number of insider attacks recorded recently. The best way to stop this type of attack is employee training. Another way is to prevent access to suspicious sites by using cybersecurity solutions such as firewalls, proxies, etc. They can also use these solutions to prevent suspicious emails from getting into the business email addresses. 

These cybersecurity solutions can boost operational technology security for businesses. In the end, they also act as protective layers to prevent attacks in case employees mess up unknowingly. This makes them worth investing in as a financial institution.

4. Data that has been Manipulated

Cybersecurity professionals usually aim at preventing data theft. However, cybercriminals do not always aim to steal data. They come to manipulate it and hurt reputations and customer trust. Technology security professionals at financial institutions, however, do not realise the changes in data early enough. They continue to work with the same data as it looks unaltered on the surface. For instance, they can make payments to wrong accounts for months without any alarm. Financial institutions realise this too late. By then, they have suffered substantial financial losses. The worst thing is that nothing can be done to recover the loss.

5. Mobile And Web Application Security

Financial institutions are implementing operational technology at a larger scale today. It has become easy for customers to access banking services anywhere from their mobile phones. These institutions continue to increase their budget on mobile application development, but so are the vulnerabilities.These institutions must look into the security of mobile and web applications. Using operating technology, they can easily monitor every transaction on their applications. Besides, they can use technology to check for any security holes in their systems and enhance safety.

6. DDoS Protection

Distributed denial-of-service (DDoS) attacks come with severe impacts on businesses. However, financial institutions haven't taken them with the seriousness they deserve. Attackers use these attacks to blackmail a business or distract its cyber security team and find time to execute more attacks. Many businesses blame downtime on high traffic and other things. But then, they fail to consider a DDoS attack as the potential cause of the lack of service. An excellent solution to DDoS attacks is cloud migration. Using cloud services increases a business's capacity to handle DDoS attacks.

7. Unencrypted Data

As mentioned earlier, financial institutions hold a massive amount of sensitive data. It is this data that cybercriminals target most of the time, hence the need to protect it. One operational technology security strategy to implement for data protection is encrypting it before transmission. With cybercriminals lurking all over the internet, data encryption is vital. These institutions must use cybersecurity solutions like proxies to protect data in transit. Assuming that the data you are sending will get delivered safely is one of the ways to expose an entire institution.

8. Spoofing

Spoofing has been on the rise in recent years. However, financial institutions have also not taken it with the seriousness it deserves. With this attack, criminals impersonate a financial institution's website. They create a parallel site that looks exactly like the institution’s. This is to trap visitors into unknowingly logging in to their accounts. Users then log in as usual but on the fake website, exposing their credentials to the criminals. 

The hackers gather as many customer details as possible into a database. They then use them to log into the institution's website as legit users. Before the bank knows it, the attackers have passed all of its security frameworks. The institution may not even realise it until a significant financial loss happens. This is, therefore, a risk factor worth keeping in mind today.

Conclusion

Technology plays a critical role in the successful operation of financial institutions. But then, it also comes with several risks that could expose banks and other businesses in the industry. As mentioned earlier, there are many risk factors, but security professionals give less attention to some.

If you run a bank, your security framework should consider every risk factor. Take your time to assess the cybersecurity threats that you could face as a business. Then, implement the right cybersecurity solutions to protect your operational technology. This article has listed some of those you could forget.

The Internet Crime Complaint Center (IC3) report stated that 791,790 cybercrime complaints were reported in 2020 alone, with the reported losses exceeding $4.1 billion. There has been a rise in credit card fraud, identity theft, phishing attacks, cyberstalking, and extortion, and there is a need for financial institutions to enhance their cybersecurity. Here are cybersecurity tips for financial institutions.

1. Use virtual private network (VPN)

With the rise of cybersecurity attacks, financial institutions risk losing data and sensitive customer details to hackers due to weak networks. Cyber attacks not only cost financial institutions money but also their hard-earned reputation. The use of VPN improves data security by securely encrypting data in transit, rendering it unreadable and untraceable to anyone who tries to steal it. In addition, using a VPN makes it safer to access data remotely allowing employees to work remotely. This guide explains how financial institutions can enhance online security for smooth operations by using VPNs. 

2. Management of third-party risks

When financial institutions grant network access to third parties such as vendors and suppliers, they risk having confidential information leaked. To minimise such risks, financial institutions should segment their network to limit third-party access to critical assets, establish and verify security posture for partners and other third parties, monitor and identify any network irregularities, and add security best practices in service agreements.

3. Adherence to regulatory standards

There are fundamental laws and regulations that govern the financial industry. Financial institutions should religiously comply with the laid down guidelines that are specific to them to enhance their protection.

4. Regular network assessment

Also known as internal infrastructure audit, network assessment involves auditing the network to pinpoint any security gaps and lay down mechanisms to improve network security. Acting on the results of the audit leads to secure networks and improved compliance with data privacy regulations.

5. Employee training on cybersecurity

Creating a culture of safety through training helps to reduce cyberattacks that may occur due to a lack of knowledge or negligence. Employees should learn how they can identify phishing emails. The financial institution may also decide to test its preparedness for cybersecurity using penetration testing. If employees fall prey to fake phishing attempts, they should be taken for further training.

Additionally, other security best practices include using password managers and logging out of devices whenever they're out of their duty stations. Financial institutions can keep educating their employees by continually sending them cybercrime newsletters and updating them on emerging cybersecurity challenges and solutions.

6. Use of up-to-date software

Financial institutions should ensure that they update their software each time a new version is released. This is because each upgrade comes with advanced cybersecurity measures that prevent attackers from accessing private data. Keeping every device up-to-date lowers the chances of cyberattacks on the institutions.

Endnote

As technology evolves, hackers find new ways to infiltrate systems and threaten the financial sector's security. These tips will help financial institutions improve cybersecurity for the smooth operation and protection of data.

It’s no wonder why so many are looking to trade Bitcoin. The virtual currency is revolutionising financial markets all over the world and brings many benefits to users. That’s why the number of Bitcoin traders is on the rise.

But you can’t just start trading right away. In other words, you’ll need some practice, because trading is far from easy. You’ll need to keep track of various assets, see how the value fluctuates, know which currencies to sell and buy, analyse the market, and so on. In short, you’ll need to learn how to deal with various situations.

You can learn this thanks to the gaming industry. This industry has stayed popular for years by adapting to technological trends. That’s how hardware got stronger and the games got better. This is the reason why Bitcoin has found a place in the industry. But what does this have to do with learning Bitcoin trading?

How the Apps Came to Be

Game developers have produced a couple of games inspired by Bitcoin. Some of them are Bitcoin trading simulators which means they’ll come in handy when it comes to learning to trade. All you need to do is install them on a mobile device of your choice and start learning. Here are some of those apps:

Bitcoin Hero

This app lets you experience a virtual market with real-time prices. This means that you’ll be able to make mistakes as much as you want to while you’re learning to trade Bitcoin. You won’t feel the consequences and you’ll pick up some good skills along the way. If this seems like too much work for you, then you can always go for the alternative. Trading platforms will help you with that.

[ymal]

Trading platforms like Oil Profit exist to do the same thing as any other trader. They can go through the information and make decisions based on their settings. Making an account is a must when it comes to using the services of the platform. You’ll need to make a small deposit as well. There will be some tutorials and a demo lesson that you’ll need to go over to make sure you understand the settings of the platform. Afterward, you can set it and go for a live session. Then you can set the settings however you want to and see the different outcomes.

Altcoin Fantasy

Game developers take other cryptocurrencies into account as well. This means that there are some trading simulator apps that don’t just cover Bitcoin, but other virtual currencies as well. Altcoin Fantasy is such an app. You can use it to learn how to trade Bitcoin or any other cryptocurrency you fancy. You’ll get the virtual market, virtual currency, and real-time competition in the shape of other players. In short, you’ll get proper trading training.

But this isn’t the only thing the app has to offer. In Altcoin Fantasy there are competitions to see who the most skilled trader is. You can take part in them or organise them, and if you manage to turn out on top then you’ll be rewarded with a specific amount of Bitcoin or another cryptocurrency.

Conclusion

The value of this virtual currency is something to keep in mind as a trader. Also, make sure to do ample research when it comes to picking an exchange and choosing a wallet. An exchange with a history of hacker attacks will spell doom for your Bitcoin assets, so stay away from such exchanges. The wallet you choose needs to have good security measures, a user-friendly interface, and to suit your needs. By getting all these concepts and some practice you’ll be a pretty good Bitcoin trader.

Shares in UK cybersecurity startup Darktracce surged as much as 43% on its hotly anticipated stock market debut on Friday.

The firm initially priced its shares at 250p on Friday morning, for a total value of £1.7 billion. But at around 8:15 AM London time, these shares climbed above 358p – an increase of 43%.

Darktraace said that its initial offering would comprise around 66 million shares, or roughly 9.6% of its issued share capital, and raise a total of £165.1 million. £143.4 million of this will go to the company, while the remaining £21.7 million will go to existing shareholders, with the possibility of a further 9.9 million shares also being sold if demand beats expectations.

Darktrace shares began trading in conditional dealings on Friday under the ticker “DARK”. Unconditional dealings are expected to begin on 6 May.

The firm’s successful stock market debut comes just weeks after the highly anticipated Deliveroo IPO, which became one of the biggest London debut flops in history. Shares in the Amazon-backed food delivery startup plummeted as much as 30% when trading began on 31 March.

As a similarly tech-focused UK startup, the Darktrace IPO has been viewed as the second major test of London’s viability for high-growth tech company debuts.

Darktrace uses AI technology developed by a team of Cambridge mathematicians to identify unusual patterns in firms’ IT systems that indicate hacking attempts. It has raised a total of $230.5 million from investors to date, according to data collected by Crunchbase.

[ymal]

The startup’s progress towards Friday’s stock market debut has been dogged by concerns over its connection with Mike Lynch, founder of Autonomy and an early investor in Darktrace, who faces fraud charges in the US over allegations of having inflated his firm’s value before its sale o Hewlett Packard in 2011.

Pablo Castillo, Cyber Threat Research Analyst at Constella Intelligence, offers Finance Monthly his insight into the cyber threats facing the financial services sector in 2021.

Unsurprisingly, financial services firms and their troves of sensitive data were a big target for threat actors in 2020. The rapid shift to remote work, coupled with insufficient budgets and a lack of training and awareness to mitigate attacks, led to an increased risk for many sectors. Despite the need for cybersecurity and the cost savings it can bring over the long haul (breaches are expensive, especially for financial organisations), businesses prioritised other functions and operations which more directly affected their bottom lines this past year.

Hacker groups took full advantage of these uncertain times. According to VMware Carbon Black, in the first half of 2020, banks faced a 238% surge in attacks. Further, Keeper Security recently revealed that 70% of financial services organizations reported experiencing a cyber-attack in the past year, with a majority of the 370 UK IT respondents suggesting that COVID-related conditions contributed to the increase in severity of attacks.

US Financial Services Subcommittee Chairman Emanuel Cleaver (D-Mo.) explicitly stated back in June 2020, “criminal actors [are] redoubling their efforts to target families, financial institutions, and even governments.” Below, I’ll highlight some of the notable threats these criminal actors pose, specifically as it relates to financial institutions.

Phishing

Last September, it was reported that one in four Americans received a COVID-19-related phishing email. That number has only risen as we’ve made our way through 2021. The marked increase in phishing scams this past year even led to the American Bankers Association launching the #BanksNeverAskThat campaign. Further, the Financial Crimes Enforcement Network (FinCEN) issued a notice in December alerting financial institutions about the potential for fraud, ransomware attacks, or similar types of criminal activity related to COVID-19 vaccines and their distribution – such as phishing schemes luring victims with fraudulent information about vaccines.

Last September, it was reported that one in four Americans received a COVID-19-related phishing email. That number has only risen as we’ve made our way through 2021.

Ransomware

Per FinCEN, “cybercriminals, including ransomware operators, will continue to exploit the COVID-19 pandemic alongside legitimate efforts to develop, distribute, and administer vaccines.” FinCEN warned financial institutions to stay alert to ransomware targeting vaccine delivery operations, as well as the supply chains required to manufacture the vaccines. There are a myriad of examples of ransomware affecting the fintech industry this past year, and it’s a significant threat to all businesses and individuals across the globe.

Business Email Compromise (BEC)

Another top threat, especially amid COVID-19, is BEC. Among Kroll’s cases impacting the FinServ sector, email compromises were the most observed threat. A July 2020 FinCEN advisory outlined the various ways threat actors are exploiting the pandemic and singled out BEC schemes. Threat actors look to convince banks and lenders, for instance, to redirect payments to new accounts, “while claiming the modification is due to pandemic-related changes in business operations.” Often, these sorts of schemes are preventable, but it comes down to training and awareness to combat social engineering.

Disinformation

According to Accenture’s 2020 Future Cyber Threats report, “disinformation and misinformation is not only a threat to efforts to manage COVID-19, it also impacts the financial sector.”

NASDAQ and Financial Industry Regulatory Authority (FINRA), to name a few, have warned of increases in market manipulation as a result of the pandemic. “Often, market manipulation involves elements of disinformation or misinformation directed at influencing unsuspecting investors to aid criminal actors’ objectives,” the report states. There are a plethora of examples, including a UK bank (pre-COVID, it should be noted) having to reassure its customers of its financial health after its share price dropped 9% due to false rumors spreading on WhatsApp that the bank was shutting down, calling for customers to empty their accounts.

“Disinformation and misinformation is not only a threat to efforts to manage COVID-19, it also impacts the financial sector.”

Mobile Banking Exploitation

The pandemic has accelerated the adoption of digital payments – the Internet Crime Complaint Center (IC3) put out a PSA stating that mobile banking usage has surged as much as 50%. Threat actors look to exploit these platforms, namely via app-based banking trojans and fraudulent apps, but the simple solution to combat these types of threats is to remain vigilant for suspicious activity and verify an app is legitimate before downloading.

Distributed Denial-of-Service (DDoS)

We are seeing a significant increase in DDoS attacks on institutions in banking and across a wide range of sectors, from healthcare to energy. DDoS attacks can, among other things, freeze the operations of financial institution customers. Not long ago, New Zealand’s Stock Exchange Market (NZX) faced a barrage of DDoS attacks, disrupting trading for four consecutive days.

Underground Markets

This past year, my organization also noticed a significant rise in the number of threads, items offered for sale, and hacking information related to COVID-19 on deep and dark web forums. This includes the sale of banking information and tools to exploit physical devices (e.g, ATMs for carding).

Financial organisations can stave off money laundering, account takeover, and identity theft attacks, but it requires a two-pronged approach. Organisations must proactively monitor, detect and uncover identity information found in open sources on the surface, social, deep and dark web. Understanding your digital footprint, as well as your adversaries, is important. However, human error also plays a major role in mitigating cyber threats. Simply training employees on cybersecurity awareness can make a world of a difference. Everyone should understand the signs of a scam and remain vigilant. As we move past the pandemic and transition back to “normal” life, we must not let our guard down – especially when it comes to COVID-19 or cyber safety.

[ymal]

Pablo Castillo is a Cyber Threat Research Analyst at Constella Intelligence – a digital risk protection company that works in partnership with some of the world’s largest organisations to safeguard what matters most and defeat digital risk.