CEO of the Association of German Banks, Heiner Herkenhoff, warns of the dangers posed by a new EU Directive against online fraud
by Björn Hartmann, die korrespondenten.
The number of online fraud cases in Germany has been growing. Heiner Herkenhoff, CEO of the Association of German Banks, explains why an EU Directive could make the problem worse and how consumers can protect themselves.
Criminals recently tried to defraud money from one of Ferrari’s top managers by artificially reproducing the voice of the car firm’s boss. Have you, as CEO of the Association of German Banks, also been the victim of fraudsters faking the voice of your president to demand millions?
No, not yet, but I have received all manner of phishing emails. Luckily, nothing has ever happened to me. Caution, common sense and thinking too much about it, rather than too little, usually helps you to recognise when something is wrong.
What do the scammers do?
The majority of attacks happen via email. They are fake and ask you for personal data, such as account numbers, passwords or PINs, saying that their computer system is down or that you need to renew your subscription. Making fraudulent phone calls, or spoofing, is also on the rise. The fraudsters call you from a fake telephone number and pretend to be from a bank or telecommunications firm to try and elicit your data from you.
It sounds as though the classic bank robbery is no longer worth the effort. Why is the number of cyber crimes rising?
There is no longer as much cash stored at branches as there was years ago. The amount of cash in circulation overall has fallen because people are increasingly spending more time on the internet. We can do more things online now, such as go shopping, do our banking. And, of course, this attracts criminals too.
Who are these scammers?
The perpetrators are often international gangs. They are very professional and use the latest technology, including artificial intelligence. This can be seen in recent crime statistics: The number of cyber attacks is rising. And they are becoming more sophisticated. The technology they use is becoming increasingly complex.
Who is most at risk?
Anyone who surfs the internet but fails to take the necessary precautions. No one would think of leaving their wallet or keys lying around unattended. The same applies to confidential data required to use internet online services or banking services.
Now, the legislator wants to get involved. As part of its PSR Directive, the EU is planning new rules for the European payment system to crack down on fraud. What is it about?
In essence, the directive is intended to transfer liability for particular offences committed on the internet entirely to the bank. Up to now, if you’ve acted negligently then you would be fully liable.
This all sounds very nice for the consumer.
But it’s the wrong way to go. It would lead to people becoming less and not more careful with sensitive data. This is because if people know someone else is liable, they tend to be less careful. This is counterproductive because the directive would only encourage criminals. The EU is also looking to tackle the symptoms, which are the rising numbers of attacks. But it doesn’t solve the problem and may even make it worse. In the worst-case scenario, the EU would become a paradise for cybercriminals. But we want more, not less, security on the internet. This requires all those involved to make a contribution. Otherwise, everyone will have to pay for the carelessness of some individuals.
Will bank accounts become more expensive?
Eventually the increased costs will find their way back to the banks.
What alternatives do you see to the directive?
Banks already invest lots of time and money in ensuring that systems are secure. But we can’t do it all on our own. We need a joint approach – the banks, security forces and telecommunications firms all need to work together. In Germany, for example, we need measures to tackle caller ID spoofing. Consumers are often unaware who is really calling them.
So, I could call you and pretend I am calling from the BdB?
Yes. Other countries already have rules in place that are considerably more effective than those in Germany. We also need to make people more aware of this problem. And, of course, customers must also act responsibly with their data.
How can people protect themselves effectively?
First of all, you should ensure your software and antivirus programs are up to date – on your mobile as well as on your computer. There are also a few simple rules you can follow to make sure the scammers don’t get hold of your data.
For example?
People need to be aware what the latest scams are and how to protect themselves. You can do that by visiting your bank’s website or ours at www.bankenverband.de. Don’t be too quick to click on unknown links because you may be installing malicious software on to your computer, which can then be used to steal your data without you realising. Don’t take important decisions when you are being hurried and regularly check your bank statements so you can see if there is unusual activity on your account. Then perhaps it’s not too late to stop it or recall a debited amount. And the most important thing is: Never give confidential data to third parties. A bank employee, for example, would never ask you for access data to your account. And no bank would ever ask you for this information by email.
