Most businesses and consumers today prefer digital channels as their preferred method of communication. We rely on things like email so much for example, that when we hit “send”, the last thing we often think about is whether someone is trying to scam us on the other side. However, business email compromise (BEC) is one of the fastest-growing forms of cybercrime and is now a $26 billion scam that targets businesses and individuals who conduct wire transactions. Cyber-attacks are problematic for all businesses but hit the financial services industry 300 times harder than any other sector.
Private equity, venture capital, real estate, and other financial sectors that deal with large amounts of cash flow are at the most considerable risk when it comes to wire fraud. As fraudsters adapt to new technologies, they find more sophisticated ways to place themselves in the middle of high-value transactions. Unfortunately, most firms underestimate how easy it is to unknowingly compromise information and what the financial impact of impersonation actually is.
How Big Is The Issue?
In 2020, the Internet Crime Complaint Center (IC3) reported a 70% increase in cybercrime attacks from 2019, where complaints reported more than $4.1 billion in monetary losses. The most common cybercrime incidents reported were phishing, BEC, ransomware, and investment fraud, with BEC having the most significant impact. Importantly, the number of attacks and total monetary losses are likely much higher than what’s been reported, as there is a reputational incentive to keep these incidents private.
BEC is the easiest method for fraudsters to scam businesses through “social engineering or computer intrusion methods.” For example, fraudsters target specific companies and their employees by email, impersonating trusted identities like the CFO or COO of organizations. Most cybercrime incidents begin with BEC, and payment requests not verified by parties in a transaction can result in money transferring into the wrong hands. Between 2016 to 2019, the impact of BEC cost financial enterprises over $26 billion, and the problem continues to grow, exacerbated by work-from-home and hybrid work policies.
The internet has made transactions between financial firms and clients more convenient and more accessible than ever. Email is the primary method of communication between parties involved in a financial transaction due to the ease, convenience, and speed it takes for a transaction to occur. However, providing sensitive information and personal data through email is risky as it is easier to compromise information communicated online than many firms realize.
From the C-suite to directors, managers, and regular employees, all must take measures to protect corporate assets and prevent targeted wire fraud. The financial impact resulting from attacks like impersonation can be catastrophic. Once the money transfers into the wrong hands, liability remains unclear, while the fraudster takes the money and leaves the parties in a transaction empty-handed. The vulnerabilities that many experience from targeted wire fraud are often underestimated, which is an issue facing the financial services industry due to the uncertainty around liability.
How Can Information Be Better Protected?
Transferring funds through wire and ACH is the primary method for bank and business transactions, as parties can quickly transfer funds with a few clicks. However, it is crucial to protect corporate accounts during these online transactions to avoid compromising sensitive financial and personal information. Otherwise, the impact of wire fraud could be catastrophic for all parties legally involved in the transaction.
Many private equity and venture capital firms have adopted two-factor authentication (2-FA) to make online transactions safer. With 2-FA, parties in a transaction are sent a code to their mobile device, and users must verify their identity by inputting the code and their username and password. However, cybercriminals have discovered new ways to bypass this security verification with email impersonation tactics.
According to a cybersecurity training firm, KnowBe4, a cybercriminal can still impersonate a trusted identity and send a targeted email asking the recipient to click on a link. Once the user clicks the link, they are directed to a website that asks for their login information and the code sent to their mobile phone. The cybercriminal will then receive the login through the hacker’s server and obtain the session cookie, which is key to a successful cyber-attack.
As cybercriminals increasingly bypass 2FA, businesses have come up with new security measures. Multi-factor authentication (MFA) and biometrics are innovative solutions that enhance the efficiency of digital processes while making them more secure. Unlike 2FA, which only requires two verification methods, MFA is a multi-layered framework that requires two or more authentication factors to grant access.
It's Not What You Know, It’s Who You Are That Matters
Biometrics provides an additional layer of security where the user provides unique biological or behavioral characteristics to verify their identity. While other authentication methods use passwords and codes, biometrics use unique attributes like voice recognition, fingerprints, photo recognition, and other inherent characteristics. Unlike 2FA or MFA, which alone are still vulnerable to social engineering, biometric authentication offers stronger security measures that prevent phishing attacks, account takeovers, and fraud.
Biometric authentication and MFA are innovative cybersecurity solutions that help businesses ensure that only the right people can access portals and sensitive data. Many enterprises have already implemented biometrics, and most technology users utilize biometric or MFA verification daily. Smartphones, laptops, and tablets are the leading business technologies that use biometric authentication.
Thanks to Apple, which first introduced Touch ID fingerprint verification in 2013 and later evolved it into facial recognition, most smart devices today require biometric verification for users to access their devices or online portals. Private equity and venture capital firms can integrate similar biometric and MFA authentication factors within their workflows to solve the cybercrime problems costing the industry billions of dollars each year.
Although cybercriminals will always try to adapt to new security measures and insert themselves in the middle of a financial transaction, financial firms can prevent cyberattacks by using fingerprint, facial recognition, and other verification methods that cannot be stolen or faked. MFA and biometrics are solutions that can seamlessly integrate into existing workflows, enabling users to continue business functions in the same way but with increased security.