• Karen Wheeler, Country Manager at Affinion


• 26.03.2019 08:00 am
undisclosed

Banks are a popular target for cyber criminals. As financial institutions shift to digital channels and more customers feel comfortable conducting their financial affairs online or via banking apps, there are inevitably more opportunities for fraudsters to attack.

Industry-wide issue 

In fact, according to a report from Accenture and the Ponemon Institute, cyber-attacks cost financial services firms more to address and contain than any other industry and the rate of breaches in the industry has tripled over the past five years. 

The report found that the average cost of cybercrime for financial services companies globally has increased by more than 40 per cent over the past three years, from nearly $13 million per firm in 2014 to nearly $19 million in 2017.

Of course, that’s only the tip of the iceberg as not only does it cost banks to monitor, detect, investigate and remediate cybercrime incidents, it also costs in terms of customer retention. Customers who feel their cybercrime complaint is handled poorly are more likely to leave a bank - customer trust is such a valuable commodity and without it, retention rates will fall.

Customers in the dark

The worrying truth is that, according to Affinion’s Cybercrime SOS report, an astonishing 75 per cent of consumers would not know what to do if they fell victim to cybercrime. Instead of being confident, they are confused, unsure who to call or whether to simply manage the incident on their own. 

As well as a lack of understanding about resolving cybercrime, there is also an information gap concerning prevention. Most consumers have not moved beyond basic online security measures - only 16 per cent of people worldwide have access to identity fraud protection; 17 per cent to a credit report subscription and 30 per cent to a password manager. Even the simplest forms of online security are not universally adopted – a third (31%) of respondents in our study do not employ any form of software protection and only 58 per cent have access to a firewall, suggesting that many consumers are leaving themselves completely exposed and vulnerable to attack. 

Consumers risk sleep-walking into serious financial and personal havoc – they are increasingly conducting their lives online, without the appropriate safeguards in place and blind to the scale of the cybercrime epidemic. It is time for financial services companies to step up and help their customers – but the question is, what should this support look like?

Positive examples

Challenger bank Monzo was praised for the way it handled the Ticketmaster data breach in April 2018. It noticed a pattern of fraudulent transactions on cards used previously on the Ticketmaster website and quickly replaced thousands of affected cards and lobbied Ticketmaster to investigate the issue. It also notified other banks, Mastercard and the US Secret Service.  It proved itself to be vigilant, responsive, transparent and responsible – great attributes in a bank.

Other organisations are taking a proactive approach, developing strong education and awareness programmes that are really impactful and show they are taking the issue seriously. For example, Barclays have employed “Digital Eagles” to roll out cybersecurity training to communities across the UK. Its DigiSafe in Cyber Space programme includes tips and guidance on how to keep devices safe, how to navigate different social media privacy settings, advice on pop-ups and tips on recognising fraudulent emails. It also covers how to spot phishing scams, advice on downloading software, effective password practice and being more aware of tricks that fraudsters use to target individuals with the intent of poaching bank details.

These are two great examples of organisations waking up to cybercrime and empowering their customers to fight back. But what about individual identity (ID) theft cases or times when individuals become aware that their name is being used fraudulently to obtain credit or loans? Who should they turn to? 

It is a complicated field to navigate - there are so many involved parties, and lines of reporting and responsibility are blurred and vary across the globe. In the US, the Federal Trade Commission advises that in most instances you don’t need to report ID theft cases to the police. Whereas in the UK, organisations like Action Fraud provide a raft of optionsand steps to take.

ID theft presents a particular challenge and our research shows consumers are not overly confident in their abilities to prevent, detect and resolve it. Not only do victims often incur financial loss, they may also have their identities used by criminals to fraudulently secure lines of credit and consequently receive demands to repay the criminals’ debt. It can be extremely distressing and complex to resolve, leaving customers often feeling alone and unsure who to turn to.

Supporting vulnerable customers

Our research suggests that while many consumers are happy to take day-to-day responsibility for managing their digital lives, if a cybercrime occurs, they would prefer an outside organisation with expertise to resolve the situation. When incidents have happened, 39 per cent credited their bank with resolving the issue and this has boosted brand perception.

There is a huge need for banks to raise awareness about how to protect against cybercrime and also to help their customers if and when something does happen. Customers do not currently feel confident in resolving the effects of cybercrime, and they are open to intervention. The uptake of even the most basic forms of protection is not widespread and there is a window of opportunity for banks to become part of the conversation and the solution. 

It is therefore vital that banks dedicate significant resource to the issue and make sure their customers know they are on hand to help. By having whole teams dedicated to helping clients navigate cybercrime problems, they will signal to their customers that the security of financial information is a top priority. Resolving incidents will take time, skill and sensitivity but customers will invariably show their gratitude for the help received by becoming loyal advocates for the bank.