In doing its job, cybersecurity spurs new kinds of fraud
When card companies adopted EMV chips to combat point-of-sale fraud, bad actors turned to fraudulent card-not-present transactions.
And now that U.S. companies are more open to biometrics in authentication, fraud schemes are morphing again, warned Michael Leary, a senior vice president who specializes in risk strategy for U.S. Bank.
“In bulk attacks with accounts, biometrics creates a great barrier,” Leary said Wednesday during a panel discussion at the Finovate fintech conference in New York. “It’s mitigating fraud, but it is also changing fraud. Whatever the most open door is, that’s where they are going.”
Increasingly, hackers are gathering information from disparate sources, putting together profiles of their targets and going after individuals, said Cris Thomas, the global strategy lead for IBM's X-Force cybersecurity team.
Yet, banks cannot rely solely on educating customers to avoid fraud. “We need to look at the technical controls,” Thomas said. “No matter how much we tell someone to not click on the link, someone is going to click on it.”
Even with attacks becoming more individualized, banks cannot be as forthcoming with customers about fraud attempts because doing so could help the fraudster.
"When you tell the fraudster, ‘Hey, I think there’s suspicious activity in your account,’ they are now tipped off that there’s actually something going on inside the bank," Thomas said. "They start shutting down systems and access.”
Because of this, banks need to explain to customers why information about activity in their accounts cannot be released all at once until the bank verifies the their identity. It also makes finding foolproof methods of customer identification more urgent.
To save the customer from the reoccurring fraud, bankers should add pressure to their own staff instead of putting the onus on customers to keep themselves safe.
“There needs to be pain and push-down from the top, which is how did this happen and how is it not going to happen again,” Leary said. “That pain has to get pushed down through so you find the holes and fill them out, so that if the event is repeated it becomes obvious where it's coming from.”