In a world that is increasingly digital, cybercrime is also growing. And banks take these developments very seriously. They are constantly expanding their security systems and successfully fending off cyberattacks. As a result, cybercriminals have set their sights on defrauding bank customers instead. Most of the scams run by these criminals attempt to manipulate the victim into giving up personal data or sending the scammers money. Some of these scams have been around for years, but are now much more sophisticated thanks to the use of technological advances such as AI, making them more dangerous. Not only that, the number and complexity of these scams is growing.
So, what can be done to provide lasting protection for online banking? Banks invest a great deal of money to ensure that bank cards and online banking systems are secure, in order to protect their customers. However, this alone is not enough.
Joint efforts are needed to protect against cybercrime
Institutions must work together in order to successfully combat international cybercrime. Governments, social media platforms, telecommunication corporations, law enforcement bodies, consumer protection associations and banks need to cooperate (more) closely. Every single one of these entities must do their part.
Spoofing is one example of a scam that requires joint efforts to combat. These are calls in which the scammers manipulate caller-ID displays in order to pretend they are employees at a bank or law enforcement officers, prosecutors or similar. Calling under the fake number, they then use a seemingly plausible excuse to get victims to tell them their personal information (PIN, TAN, passwords) or make a payment. In other countries (e.g. Finland and the Netherlands), telecommunications companies already prevent spoofing – having a fake telephone number show up on the caller ID – entirely. Tighter provisions in Germany could also be introduced to do the same.
Of course, the scammers are always finding new workarounds. Cybercriminals are highly professionalised and collaborate with one another in global networks. New digital tools and up-to-date information are implemented very quickly. For example, if authorities are able to locate a fake website on a server and shut it down, new fake websites will appear on other servers in different locations.
There is simply no way to combat these crimes without international support and much closer cooperation between law enforcement bodies. These scams are developed on an international level and implemented on a large, even industrial scale. Although the scammers may only earn a small amount from each individual they target, taken together they are earning millions. This money is going towards organised crime, meaning it may very well be part of money laundering schemes or used to finance terrorism. Only by working together, both within Europe and beyond, can we do something about this issue.
Changing liability will not prevent fraud
The fact that these scams take place outside of the sphere of influence of the bank only complicates matters. Expanding banks’ liability will by no means offer additional protection from cybercrime. European legislators are currently discussing expanding banks’ liability in the PSR (Payment Service Regulation). There is concern, however, that this will have the opposite effect: Europe may instead land in the sights of cybercriminals around the world, and scammers will be emboldened, preferring to operate their scams here. Bank customers would not feel the need to be as cautious, and everyone would have to pay the increase in costs.
In short, European legislators are attempting to fight the symptoms, not the cause, and have landed on entirely the wrong strategy. They have forgotten about the damage caused to consumers above and beyond any financial losses. Falling victim to a scam is stressful, costing a great deal of time and causing a lot of worry.
It would be much better to prevent the scam from happening in the first place. Banks work hard to protect their customers and fight to prevent scams from taking place: they do their best to ensure that a scam never gets off the ground. But preventing fraud means that everyone, including consumers, must stay cautious. We must stay vigilant, ensuring we implement security measures and pay attention to any relevant information.
Phishing attacks are becoming more difficult to spot
It is, in fact, becoming harder and harder to recognise phishing mails. Similar to phishing is smishing (scams via SMS or other messaging services), vishing (via voice message or on the phone) or, relatively new, quishing (via QR-Code). However, the goal remains the same: ‘fishing’ for personal data. In this scam, scammers use a variety of pretexts to lure internet users onto fraudulent websites, where they are asked to enter personal information, passwords, credit card numbers etc.
Bank security measures, together with two-factor authentication, prevent criminals from accessing bank accounts to make payments. That’s why these attacks are often made over the phone. For example, the scammers might pretend to be bank employees, hoping to convince their victims to install remote maintenance software on their computer, thus granting the scammers access to these devices. Or they might simply hope to have the victim make a payment into an account they own.
But how we protect ourselves from these attacks? It’s important to stay alert during all online activities, not just bank transactions. If there are any inconsistencies at all, it’s best to take a moment to ask whether what is happening is a normal process or being done according to normal policy. Particularly if the situation appears urgent. It is also important to be aware of the things banks will never do, such as ask a customer to reveal their private and confidential information, like PINs or TANs. Bank employees will also never ask to install remote maintenance software onto a computer or other device. In addition, the bank does not need any information from its customers in order to correct an alleged incorrect charge.
Provide more education on scams
We can all act cautiously and carefully to protect ourselves from scams. It’s the best way to minimise incentives for scammers. It’s also the best way to ensure that both customers and banks are well-protected against financial damages caused by criminal activities.
Scammers currently target people, recognising that they are the weak point in the system. As such, continuous education, awareness campaigns and warnings against new scams have long been an important component of security measures taken by banks.
We at the Association of German Banks have also been actively engaged in promoting cybersecurity for many years. We regularly raise awareness and provide information on types of fraud and cyberattacks, and never miss European Cyber Security Month (ECSM). All because we want to contribute to the goal of protecting people from internet fraud.
