Cybersecurity at Banks a Different Kind of Holiday Stress

Regardless of how they are made or who may be at fault when fraudulent transactions occur, the buck stops at the desks of cybersecurity professionals working at banks and financial institutions.

A recent survey of 1,000 U.S. consumers conducted by Terbium Labs, a provider of asset monitoring tools accessed via a risk protection platform, finds over two-thirds (68%) would hold their bank at least partly responsible for fraudulent activity. Just over half of respondents (51%), said they’d blame both the original source of the data compromise, such as a retailer, and the financial institution that issued the payment card. Only 17% said they would only hold their financial institution responsible regardless of how the compromise occurred.

The survey finds 19% of respondents would close their accounts following a data breach, while 26% said they would only keep their accounts open if their financial institution took specific actions to improve security.

Much to the frustration of many cybersecurity professionals, the survey finds only 7% of respondents said they planned on using two-factor authentication when shopping online. More than a third (38%), however, said they will prioritize monitoring their transaction history, even though 14% said they get frustrated when purchases that aren’t suspicious get flagged too often.

Despite awareness of the potential threats, a full 66% of survey respondents acknowledged they could easily become a victim of fraud, while 65% admitted they are at a higher risk of having their financial information compromised as a result of their holiday shopping. What appears to be missing in a lot of cases is any sense of personal responsibility.

Emily Wilson, vice president of research for Terbium Labs, said the holiday season is especially tough on cybersecurity professionals because cybercriminals view the holiday seasons as the perfect time to increase the volume of fraudulent transactions they generate. Retailers and banking institutions aren’t willing to challenge unusual spending patterns as consumers buy gifts and have them shipped to multiple locations using multiple debit and credit cards.

Alas, cybercriminals are not only aware of that tendency to ignore red flags that at other times of the year would set off a wave of alerts, but Wilson also said cybercriminals share best practices along with information about the capabilities on any organization to recognize fraudulent transactions. In many cases, cybercriminals who create exploits will even offer them at reduced prices during the holidays to spur sales in much the same way the typical retailer does, he said.

Cybersecurity professionals working in the banking sector naturally are highly stressed during the holiday season. The good news is that artificial intelligence (AI) systems are getting better at recognizing fraudulent transactions. The bad news is that cybercriminals are also investing in more sophisticated methods for making fraudulent transactions. Rather than relying on traditional spray-and-pray types of attacks, Wilson said attacks are becoming more sophisticated and targeted. As such, even as AI advances, there will be a need for humans to investigate fraudulent transactions for the foreseeable future, he said. If anything, the number of fraudulent transactions that can be investigated in the course of 24 hours is likely to increase substantially.

In the meantime, cybersecurity professionals working in the personal banking sector are once again in a no-win situation. When issuing debit and credit cards, banks are assuming some level of risk in return for the fees they charge. The best cybersecurity professionals can hope this holiday season is to minimize losses in a way that aggravates customers in the least way possible.

Michael Vizard

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 245 posts and counting.See all posts by mike-vizard