The finance sector has been forced to completely re-evaluate the risk posed by cyber crime. How can banks ensure that their systems keep up with a threat that is growing steadily more global and professional as consumers remain a weak link‾
A growing threat
In 2002, the Basel Committee on Banking Supervision, the body set up to ensure banks make adequate capital provision against the effects of operational risk, reported that some 30 banks had experienced annual losses from internal and external fraud totally â‚¬2.6 billionÂ¹.
Unfortunately sophisticated cyber criminals have probably expanded those losses.
Yet the BCBS expects banks to act responsibly. It defines such losses as 'resulting from inadequate or failed internal processes, people, and systems, or from external events'.
Customers expect banking systems to be crime proof despite their uncanny ability to willingly surrender personal details in even simple scams. Apparently two-thirds of people, in a 2007 survey, were prepared to surrender passwords in exchange for a bar of chocolate.
A recent BT report - Live Bait - gives banks advice on how to stay ahead of the game: reporting, usability, authentication, staff education and monitoring are all key areas to consider.
Consolidated action is becoming ever more important as the impact of data theft grows - the UK Cybercrime Report estimates that in 2006 a cyber crime was committed every 10 seconds. The fact is that the internet was never designed with strong security in mind.
The fact is that tackling the cyber criminals requires cross border responses to the recording and tackling of cyber crime.
A raft of new techniques such as 'pharming' is increasing concern. In this scam, Trojan malware is downloaded onto a consumer's PC to, for example, log keystrokes to capture sign-up details. The user is seldom aware that they've been compromised.
The point is that fraud is growing and banks will pay the price. Investment in two, or even three, level authentication and identification is rapidly becoming an attractive option.
Â¹The Basel Committee on Banking Supervision: Risk Management Group January 2002: The Quantitative Impact Study for Operational Risk: Overview of Individual Loss Data and Lessons Learned