Subscribe

Financial firms lack fraud prevention tools

Regina Pazvakavambwa
By Regina Pazvakavambwa, ITWeb portals journalist.
Johannesburg, 24 Aug 2015
If the banks do not have preventive measures in place, it enables further growth in the numbers of financial cyber crime, says Kaspersky Lab.
If the banks do not have preventive measures in place, it enables further growth in the numbers of financial cyber crime, says Kaspersky Lab.

About half of banks and payment systems prefer to handle cyber incidents when they happen, rather than invest in tools to prevent them.

This is according the IT Security Risks Survey 2015 conducted by Kaspersky Lab and B2B International, involving more than 5 000 company representatives, including 131 bank and payment services representatives from 26 countries.

During the survey, 48% of financial organisations said they take measures to protect their clients from online fraud, aiming at mitigating the consequences rather than preventing incidents entirely.

Additionally, 29% of companies believe it is cheaper and more effective to address cases of fraud as they occur, rather than to attempt to prevent them.

According to the bank representatives and payment service operators, whenever a cyber fraud incident involving a client's account occurs, only 41% of organisations necessarily take measures to prevent such an incident from re-occurring in the future.

Some 36% of companies conduct an analysis of the vulnerability exploited in the attack, and 38% compensate the losses. The most popular policy among companies is to try to find out who was behind the attack - two thirds (66%) of financial organisations do this.

"Relying solely on mitigating the negative consequences of fraud is similar to trying to treat the symptoms of an illness rather than its root cause. The symptoms will recur, and the illness will progress," says Ross Hogan, global head of the fraud prevention division at Kaspersky Lab.

Ross recommends companies do not forget how important prevention is. "Although some of the world's leading banks have acknowledged this and have implemented 'root cause fraud prevention' - alarmingly, many still rely on 'reactive fraud detection'."

Each year, cyber criminals invent more and more sophisticated methods of attack, and if the banks do not have preventive measures in place, it enables further growth in the numbers of financial cyber crime and increased losses, adds Hogan.

A PricewaterhouseCoopers (PwC) report says in the past two years, sophisticated cyber adversaries around the world have launched powerful distributed denial of service attacks against banks, siphoned off billions of dollars from deposit accounts, stolen millions of payment card records, and infiltrated many national stock exchanges.

Despite these attacks, many global financial services companies have not implemented the right processes and technologies to prevent, detect, and respond to security risks. In particular, many do not adequately address threats from third parties and "insiders" like employees and partners with trusted access, says PwC.

"Financial services firms are at greater risk than ever, and by all estimates those threats will only increase, says Joe Nocera, a principal in PwC's cyber security practice.

He urges organisations to strategically invest in the right combination of security processes, technologies, and awareness and training programmes.

Share