Menu
Banking Exchange Home
Menu

Breaches point to need for broad protection

Latest episodes just one part of digital fraud schemes

Breaches point to need for broad protection

The recent and highly visible payments breaches should emphasize that banks need also to protect against all varieties of digital crime that perpetrators attempt, including money laundering, identity theft, and check fraud, say a couple of industry experts.

“What we’ve seen is that it’s not just about the payment card data. We see breaches where, yes, significant amounts of payment card data are compromised, but along with it there’s also quite a bit of personally identifiable information that includes email addresses, phone numbers, and address information,” said Mike Urban, director, Financial Crime Risk Management, Fiserv, in an interview with Banking Exchange.

“What this does is, it extends the attack vector that criminals can take,” he says. For example, with the phone number, email, and physical address data—which do not expire or get changed upon reissuance of a card—the potential victim can be exposed to spear-phishing attempts.

“They [the criminals] could send an email to an individual that says the order that was just placed at this particular merchant is on hold and that the recipient needs to click on a link to add some information. Then the criminals can leverage that, but the customer of the institution thinks everything is okay,” Urban says.

As financial institutions strive to bolster their defenses they also must cope with budgetary considerations, he says. One avenue to explore is to construct a common defensive platform versatile enough to cope with the various forms of cybercrime, instead of installing individual systems each devoted to single types of crime.

“You need to be able to have the technology in place, as well as the people and processes. You need to be able to consolidate what they are looking at in terms of financial crime today,” Urban says. “There’s usually a collection of technology. You have a card fraud solution, which may be provided by your card processor. You might have a check fraud solution in place. You might do some risk management around your ACH from an origination perspective.

“All of these different technologies create gaps as criminals are looking to cross into demand deposit and business account-type frauds. In order to close those gaps you need a technology that enables you to look at all of these different types of risks and respond back as the risks are starting to build,” he says.

Matt Herren, fraud specialist at CSI, agrees. In a separate interview with Banking Exchange, he said, “Similar types of platforms can conceivably be used for money laundering, account takeover, ACH fraud. It’s the same type of thing. If you’re looking for card fraud from Russia, or wire transfers out of Russia, or ACH transfers out of Russia, it’s all the same type of idea. They’re all pretty much doing the same stuff. It’s really about getting money.

That is a good way of justifying consolidating cybercrime defense systems, he said.

[Note: several payment solutions from Fiserv are endorsed by the American Bankers Association’s Corporation for American Banking subsidiary. Read more.]

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at jginovsky@sbpub.com.

back to top

Sections

About Us

Connect With Us

Resources