FCA claims financial services firms in the UK are not reporting successful cyber-attacks
According to Megan Butler, a Director at the Financial Conduct Authority (FCA), financial services firms and banks in the UK are not reporting successful cyber-attacks. In response, Keiron Dalton, a digital identity expert from Aspect Software, is calling for a more open relationship between authorities and banks, to help eradicate the threat of cyber-crime.
Speaking at the ICI Conference in London yesterday, Megan said that although the FCA “does not want to get in the way of organisations resolving such issues, it should be informed when attacks take place”.
Keiron, who is Global Program Senior Director for Aspect Verify, says that transparency is critical if the fight against fraud is to get stronger. He said: “Both financial institutions and the authorities need to work together and be more proactive in protecting their customers’ data and money, and work on the relationships they share as they tackle this growing issue. In the case of the banking industry this is critical, especially as fraudsters tend to follow the channels of adoption, as they are following the money. In January, the first Open Banking standard will go live in the UK to increase competition between banks by leveraging customer data. So, if we can be open to improve business and boost savings for customers, why is the industry not doing the same to improve security for the public’s money?”
The FCA has reported that the number of cyber-attacks has increased from five in 2014 to 49 over the last year. Ransomware is said to be increasing and makes up nearly 17% of attacks reported to the regulator.
Keiron continued: “When a bank finds a cyber-attack threat, it may learn and prevent that specific instance of fraud being successful in future, but it doesn’t share information about the incident with the wider financial community so that they can also learn to prevent similar instances. That needs to change. It should also be imperative for banks to work closely with mobile network operators, as mobile is the main platform of choice for many customers. There needs to be greater synergy, and competitiveness should be put aside for the sake of reducing the financial risk that fraud places on banks’ profitability.”
He added: “Banks and telephone companies often have access to the data showing how people use their networks, in particular behaviours and what is considered ‘normal’ or within a predictable pattern for that individual. This will become increasingly important for banks as they adhere to Know Your Customer practices and will reduce the risk of false positives when suspicious behaviour is flagged. By operating together, and using complex fraud detection and multi-factor authentication technology – such as divert detection and location checks to verify the identity of banking customers – the process will be a lot smoother.”