By Monica Meinert
With fraud on the rise, banks explore strategies for enhancing their cybersecurity efforts.
With each passing year, the number of fraud victims continues to grow, and data breaches have become routine occurrences. The introduction of EMV technology has shifted the fraud landscape to include more instances of card-not-present and online fraud: from 2015 to 2016, card-not-present fraud increased 40 percent and account takeover fraud was up 31 percent, according to Javelin Strategy & Research.
“It’s a big issue,” says Rheo Brouillard, president and CEO of Savings Institute Bank & Trust in Willimantic, Conn. “We track who’s knocking on our door, and it’s amazing to see the number of people who are poking around looking for an easy target. Fortunately, we haven’t been one, but it’s amazing to see how many people are knocking.”
So it’s no surprise that investment in analytics-driven fraud detection systems are up. “This area used to be a blip in the budget,” says Brian Johnson, CEO of Choice Financial Holdings in Grand Fork, N.D. “Now it’s a significant commitment in resources, both in technology and people.”
Banks are focusing their efforts on both building up both vigilant infrastructure systems and strong internal fraud cultures. Respondents to a recent ABA Community Bankers Council survey of bank CEOs said that their banks are fighting fraud by training staff (95 percent), upgrading network security systems (91 percent), and using anti-malware or anti-virus software (81) percent to better protect their banks against cyberattacks and data breaches.
They’re also being proactive on the customer side as well, with 84 percent providing customer education on fraud-related topics. In addition, 73 percent already offering identity theft protection and 28 percent planning to add it in 2018. For banks that offer identity protection to their customers, adoption has been high, especially since many banks are offering it at no cost.
FMS Bank in Fort Morgan, Colo., offers free identity theft resolutions services to all personal checking accountholders and their resident family members. Powered by CyberScout (which ABA endorses for data breach preparation and response services), the service gives identity theft victims access to on-call fraud specialists to help recover up to $25,000 in losses, in addition to a full year of free credit and fraud monitoring. For a small monthly fee, customers can sign up for continuous monitoring to receive early warnings of suspicious credit and fraud activity.
The bank’s debit product also has a remote “on/off” capability that customers can control through a mobile app. “You can walk out of Walmart and turn off your debit card after you’ve checked the balance,” says FMS Bank President and CEO John Sneed. “We are just in the process of rolling these security features out to our customers.”
Similarly, American Community Bank and Trust in the Chicago area rolled out a popular, free debit card management feature tied to customers’ cell phones. The bank also offers “Positive Pay,” an automated fraud detection tool for business checking accounts. This service ensures that funds are not released from the account unless the transaction presented for payment exactly matches a customer-provided, electronic whitelist.
Another way banks can protect their customers is to join Sheltered Harbor—an industry-led initiative designed to add an additional layer of protection to banks’ business continuity and disaster recovery efforts. By storing data in a Sheltered Harbor standard format, a peer bank or processor has the ability to recover the data in the event it is compromised or erased, allowing banks to continue to serve their customers even in the face of a crippling cyberattack.
“Strong cyber protection is critical to any bank’s survival,” says ABA President and CEO Rob Nichols in a recent video urging bankers to become “Sheltered Harbor Ready.” “Sheltered Harbor is a win-win for your reputation, the industry’s reputation, and most importantly, for your customers. But it only works if we all do our part.”