Mitigating digital banking security issues during the pandemic

September 25, 2020

The banking industry was presented with numerous challenges as the pandemic spread across the nation and the world. Many banks learned just how capable their staff was to work from a location outside of the bank’s walls. When the right technology and safeguards are in place, telework can be a good compromise for many workers to be able to continue their important jobs while also having access to a safe work environment.

Digital banking provides faster processing of financial transactions, more convenience, and a model that allows for the continuation of a financial industry even in the face of a pandemic. However, digital banking makes banks vulnerable to cyberattacks. Banks are now facing fresh security challenges that were brought on or affected by COVID-19. Here is what you need to know about them and how to protect yourself.

Banks must learn how to properly train their staff on how to identify potential cybersecurity risks and how to respond to them. An emergency plan should also be in place at every financial institution that provides a blueprint to workers. First, however, security leaders must understand the potential threats:

The threats

Some of the most prolific cyberthreats banks are facing in light of the pandemic include identity theft, account takeover, malware automated threats and teleworking.

Identity theft

In 2018, there were 651,000 reports of identity theft. Identity theft is easier to commit online because there are fewer obstacles to this crime. For example, a person with a stolen credit card can often purchase products online that he or she would not be able to purchase in person because of EMV security (EMV is a set of international standards that defines interoperability of secure transactions across the international payments landscape). By being able to hack into a bank, a criminal may be able to steal the identities of several customers without ever coming into personal contact with the victim, making this a particularly attractive type of crime for a criminal during a pandemic.

Account takeovers

Account takeover occurs when a criminal accesses another person’s account and changes information about it, such as the address or email address associated with it. The real owner of the account does not receive updates about the account because the communication is rerouted to the criminal. Account takeover statistics show that this particular form of fraud has increased significantly over the last several years.

Malware automated threats

Another cybersecurity risk for banks is malware automated threats. These input malicious code through automated tools like internet bots. They complete many repetitive tasks and do not cost much to execute, making them particularly attractive to cybercriminals who can often reap significant financial benefits with a little associated cost.

Teleworking

Teleworking is another cybersecurity risk to banks. As more people must stay home to comply with government orders and to slow the spread of COVID-19, many bank workers are working remotely. If they do not have a secure network, criminals may be able to access sensitive data from these workers.

What can the banking industry do?

Have security procedures in place and communicate that to your customers. Before customers ever have to reset their password, be sure that you have communicated security procedures in place for customers to educate themselves.

Encourage customers to:

Verify they are using the correct app or website before signing in.
Educate themselves on spotting and preventing phishing scams.
Avoid using public Wi-Fi to access online or mobile banking
Use of multi-factor authentication.
Regularly update passwords and avoid using one password for all banking sites and sign ins.

Ben Hartwig is chief security officer and web operations director at InfoTracer. He authors guides on the entire cybersecurity posture and enjoys sharing best practices. You can contact him via LinkedIn.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account