James Romer, Chief Security Architect at SecureAuth + Core Security:
“Cybercriminals dedicate time and effort to evolve their methods of tricking customers into handing over their bank details and login credentials, meaning that the threat landscape is in constant flux. Customers alone cannot be held responsible for keeping up with every scam and tactic that arises and assuming blame threatens their trust. Banks have a duty of care to constantly monitor, detect and neutralise new threats through investment in the appropriate technology and security expertise. Also, as banks open their APIs to authorised third parties to comply with Open Banking standards, authenticating users will become key to protecting sensitive customer information and combatting fraudulent transactions. Bad actors will attempt to impersonate third parties to trick consumers into handing over their credentials or payment details, causing further confusion for consumers. Banks need to make sure that they are helping their customers as these new services come online.
“Fighting fraud effectively requires a joint effort between banks and consumers, with identity and authentication at the centre of the strategy. Banks need to implement the most comprehensive cybersecurity technology which considers different factors (such as device recognition and geolocation) at the login phase and consistently apply multi-factor authentication(MFA) if risk is detected, to address the threats at the identity level efficiently.”
Dave Kennerley, Director of Threat Research at Webroot:
“Scams often use complex malware combined with a highly targeted delivery vector, such as personalised emails, to easily fool end users into handing over their personal details. Banks have the strong advantage of having the most sophisticated technology in place to monitor and detect for threats, meaning that it cannot always be the customer’s responsibility to be alert to fraudulent activity and remain vigilant.
Banks should take more responsibility for defending against cyberattacks and also assume the role of educator, as they possess the relevant knowledge of emerging threats, as well as the most effective defence. Cybercriminals only need to find one hole in the defence, while security professionals have to secure the entire attack surface area. It’s not an easy or simple task, but an intelligent approach of education combined with the relevant technologies – utilising smart capabilities, such as machine learning – can be used to deliver threat protection and help detect and stop attacks.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.