The business challenges facing organizations of all sizes, across all industries, are substantial in our digitally-driven world – especially for the financial services sector. From attracting and retaining customers or members for life to keeping pace in today’s competitive market, it can feel like hand-to-hand combat to innovate against financial fraud and identity theft. Fraudsters and cybercriminals are working tirelessly to hack networks and systems in order to compromise consumers’ account holder information.
Consumers expect products and services to be available upon swipe, and banking is no exception. In fact, a 2018 Citi Mobile Banking Study revealed mobile banking is one of the top three most popular and widely-used apps by Americans – in line with the soaring popularity of social media and weather apps. As mobile and online banking continue to be in-demand, financial institutions are pressured to meet, and even exceed, the demands of account holders. This has in turn correlated to a rise in cybercrime targeting financial institutions. As banks and credit unions have more data to manage, and are transmitting across more devices, it’s not difficult to see why they have remained so highly targeted by fraudsters. In fact, research from the Identity Theft Resource Center found that financial services firms fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries.
An Erosion of Trust
Despite the overall number of data breaches dipping in 2018, the number of records compromised grew to 126%, according to the ITRC. Larger quantities of data resulting from a smaller number of breaches signals that hackers are becoming more effective and methodical in their cyberattacks. This improved efficiency is an eye-opening proposition for organizations that are responsible for securing large amounts of sensitive information – especially when you consider that the average cost of a data breach is $7.91 million for companies in the U.S., as reported by Ponemon Institute in the “2018 Cost of a Data Breach” study.
For financial institutions, the consequences of a data breach extend well beyond direct financial losses. One in three victims of a security breach later goes on to experience an identity crime. And, since account holders trust their institution to protect their personal and confidential information, many of them will switch institutions after a fraud event involving their finances – even if they received some form of compensation or didn’t lose money. Of those who do switch after having their personally identifiable information compromised, 20% never directly alert their bank or credit union to the incident. However, as we all know, venting on social media has propelled to a viable channel for “being heard.”
Protection and the security of account holders’ funds can be viewed as the fundamental promise of banking. As such, consumers naturally look to their financial institution to thwart fraud. When that trust is broken, customer or member loyalty rapidly erodes.
Cyber Threats = Fraud Gateways
Managing personal finances has become a largely-online experience. Today’s consumers have more choices on where, when and how they bank than ever before. Between connecting digital wallets like PayPal, CashApp or Venmo to bank accounts, moving money using a web browser or checking balances on a mobile banking app, the number of interconnected service providers and devices has made keeping data secure more challenging than ever.
Digital banking has exposed financial institutions to unprecedented levels of sophisticated cyberattacks targeting employees and account holders alike. Malware, ransomware and phishing schemes have enabled hackers to bypass layers of protection and infiltrate systems to capture PII, disguise transactions and steal funds. Financial malware specifically increased by 16% in 2018, Kaspersky Labs reported.
According to PwC’s “2018 Digital Banking Consumer Survey,” 15% of banking consumers are now mobile dominant, a 5% increase in just one year. While financial institutions need to have a mobile-first mindset to keep pace with competitors, the move to digital opens multiple gateways to cyber thieves. These criminals often use Trojan or “spoof” apps to trick individuals into entering credentials, which can then be used to take over their real accounts. Kaspersky Labs reported the number of Android users who encountered banking Trojans tripled to roughly 1,800,000 in 2018.
It’s a Matter of Trust
Providing a tech- and mobile-friendly banking experience is critical to delivering on consumer expectations in the digital world we live in. However, without proper security measures in place, consumers are willing to take their banking relationships elsewhere.
Financial institutions must work to facilitate robust fraud and cybersecurity programs that span the entire lifecycle, from prevention to detection and resolution. Account holders are often the first line of defense when noticing that something is wrong, and most financial institutions have alert systems to detect unusual movement of funds. However, there are investments that banks and credit unions can make to proactively recognize and isolate security threats before they turn into large-scale data breaches.
When it’s time to react, financial institutions can protect an individual’s account, but many are not equipped to support consumers when collateral damage, such as identity theft, happens down the line. Crimes that involve someone’s personal information getting into the wrong hands can lead to continued misuse for years on end. Implementing protection for account holders’ identities on an individual level can be a tremendous value for both the consumer and institution.
Apple’s latest ad on this very topic is summarized with, “If privacy matters in your life, it should matter to the phone your life is on.” And, financial institutions especially have to take this message to heart – the financial profile of your members and the protection of your mobile banking app is key to ensuring you retain members for life.
Donna Parent is Chief Marketing Officer for EZShield + IdentityForce. She can be reached at 508-318-4478 or [email protected]