While banks can implement security measures to prevent fraud, it is also important for consumers to be more cautious.
A few months back, I had lunch with a colleague before we went on vacation for some much needed time off. At the end of the meal, the waiter approached us with the bill, and we gave him our credit cards to split payment. The transaction was approved, and we went back to work. At that point, we didn’t realise that something had gone wrong.
My colleague went to the UK for a long hiking trek where he was off-the-grid for days at a time while I was in Laos to explore the history and culture. As I was starting to run low on the local currency, I tried to withdraw some money from an ATM there with my bank card. To my disappointment, the ATM was faulty and did not dispense any money. Later that night, upon reviewing my account over a secure VPN, I was shocked to find that the amount was debited from my account. In addition, there were charges on my credit card from the UK that I did not recognize. Both incidents happened with cards issued by the same leading Singapore bank. I reported the ATM incident to the bank, and it took them 2 months to investigate and return my money. Meanwhile, I realized that my colleague and I had accidentally switched our credit cards during lunch as they were under the same loyalty program, and thus looked the same. He had also unknowingly charged his UK expenses on my card, which he later paid me back for. What is interesting is that even though these charges took place in 3 different locations, United Kingdom, Laos, and Singapore, the bank did not identify anything wrong or prevent them from occurring.
While it may seem like a small issue, security lapses such as these can lead to bigger issues like bank fraud, a real threat to banks and consumers alike. In fact, a survey by ACI Worldwide in 2016 revealed that Singapore has the sixth-highest rate of card fraud globally, with one in three consumers falling prey to crime. With nearly 60% of all bank interactions now online or on a mobile device, the importance of strong web fraud prevention has never been more important.
While banks may think that it is unnecessary to invest in fraud protection as they are not experiencing fraud at the moment, this is short-sighted and leaves banks and their customers vulnerable to fraud–related financial losses. It also ignores a growing precedent that losses from cyber attacks number in the billions of dollars annually, and it continues to rise every year.
This begets the question: what can banks in APAC do to provide more security and fraud prevention for consumers?
Security and fraud analysts agree that multi-layer protection is the only way to ensure robust electronic security. As the name suggests, this method involves combining multiple security measures (detailed below) to prevent bank fraud. In this case, payment cards provide the safest way for consumers to transact as they have embedded multi-layer security to safeguard against unauthorized transactions. This includes EMV chip technology that requires PIN or signature authentication, One-Time Passwords (OTP) for online payments, and even SMS alerts for the avid traveller. Combining various security measures make cyber attacks more difficult. It also buys time for the bank to identify and address any security breach.
Nowadays, passwords and PIN are no longer sufficient to the keep bank accounts safe. Hence, multi-factor authentication is the way to go. Think OTPs and biometric security with facial and fingerprint recognition capabilities. Even if the cyber attacker is able to crack your PIN, he will still need your phone to gain access to the account. While it is tempting for banks to use all these tools to enhance security, a balance still has to be maintained for the consumer to enjoy a seamless user experience.
The criminal process of a bank fraud involves three stages: planning, launching, and cashing. In the first stage, cyber attackers search for vulnerabilities within the system. Next, they infect unsuspecting users with malware or steal users’ passwords. Finally, they remove money from the accounts. By utilizing fraud intelligence technology, banks collect data on their consumers to study their activity and behaviour. Should a cyber attack occur, the software will alert the bank to suspicious behaviour, prompting the user to update their security information to prevent cyber attackers from committing a fraud from the very first stage.
As the saying goes, time is money. The more time a cyber attack occurs, the more losses the bank incurs. Likewise, fraud intelligence has to constantly detect patterns and develop quickly detect and remove the software utilized by criminals for fraud.
While the banks can implement security measures and tools to prevent fraud, it is also important for consumers to self-responsible and practice cyber hygiene.
Change passwords regularly: Use combinations that are difficult to guess and refrain from using the same passwordacross your online accounts. Consumers should also take care not to share their PIN or passwords with anyone else, or store them in an easily accessible location like the back of their credit card.
Use anti-virus software and secure browsing: As the number of online transactions increase, consumers should use security software to make payments online to prevent fraud. This can be as simple as making sure that that the web page has the necessary encryption, or deleting stored credit card information across devices.
Do not respond to suspicious emails: The proliferation of phishing scams means that consumers should be more cautious about replying to emails or opening links and attachments from unknown senders. This includes online surveys that sound too good to be true, as cyber attackers often use this method to obtain a consumer’s banking information.
Turn on transaction notifications for bank accountsand change credit card numbers yearly:This way, consumers can alert the bank immediately whenever they see a purchase or transfer they did not make. By changing the card number more frequently, one can reduce the possibility of card numbers being compromised as well. Also, refrain from throwing away non-shredded bank statements as these may contain sensitive information.