Latin American Banks Are Feeling the Impact of the Cybercrime Wave

By Lowers & Associates,

Latin American Cybercrime

It’s no secret that Latin America has suffered its fair share of cyberattacks, but the extent of the damage might be worse than many have imagined. In a 2018 study of cybercrime by the Organization of American States (OAS), 92% of banks in the study reported some kind of digital security event and more than 1 in 3 banks reported falling victim to at least one successful attack.

The OAS report uses two kinds of data: on the behavior of banks, and on a sample of their customers. Regarding the banks, there are 3 top level results to frame the more detailed data:

  • Cyber-attacks are ubiquitous. 92% of banks in the study reported some kind of digital security event, including both successful and unsuccessful attacks (65% of large banks reported successful attacks). If you are a banker, you’ve been hacked.
  • Most banks, by a narrow margin, do NOT use advanced detection tools and controls based on big data or artificial intelligence. This problem is more severe for smaller banks, of course, but it exists across the system.
  • Cyber-attacks work, and they are costly. The average cost of an attack in Latin America was US $1.9 million, with a region-wide loss in 2017 of US $809 million.

From the customer/users’ point of view, digital services are desirable and widely utilized. This is reflected in the fact that customers are increasingly using the super-convenient smartphone as a banking platform.

  • A large majority of customers, 88%, use one or more digital service, and the percentages of various services are increasing. Of those who did not, 59% cited distrust of the digital environment as the reason.
  • Customers are the weaker link in the chain. Though most of them understand the general threat and some of the methods of cyber-attacks, they do not use sophisticated methods to thwart them.
  • 27% of customers had suffered some kind of attack, with 47% of these reporting a financial loss. About 70% of these were fully or partially compensated (at a loss to the bank or insurer). People who were attacked also reported reduced affect for the banks (reputational loss).
  • Incident reporting was very low. Customers reported that their banks did not have visible reporting mechanisms, and few reported losses to the authorities.

From the detailed OAS report, a few lessons emerge. First, the digital security risks that warrant the most attention from banking entities are theft of a critical database; compromise of privileged user credentials; and data loss.

Second, defensive systems used by both the financial institution and its customers are probably behind the curve. Hackers on the other hand, are persistent and aggressive. Banks need to step up their efforts to adopt advanced controls and invest continuously in these tools. Banks might also improve efforts to educate customers and install security requirements that help to insulate the system from mistakes of relatively unsophisticated users.

Finally, both banks and customers are committed to the digital future. Customers report that even knowing the threats of digital services, they will not stop using them. Banks continue to adopt ever more digital services to satisfy customers and lower costs. So, the prize for fraudsters and criminals will remain.

Cyber criminals will not miss seeing the opportunity. The question is, how will banks respond?

  Category: Cybersecurity, Risk Management
  Comments: Comments Off on Latin American Banks Are Feeling the Impact of the Cybercrime Wave

ACFE Highlights the Biggest Fraud Challenge in 2014

By Mark Lowers,

cyber crime fraud

What do NSA and Target Corporation have in common? They both have enormous databases of sensitive information about individuals that have been penetrated by the likes of Snowden, Wikileaks, and worse criminal conspiracies. According to James D. Ratley, President and CEO of the Association of Certified Fraud Examiners, cybercrime is one of the biggest emerging fraud threats in 2014.

Ratley mentions hacking schemes like the one that shocked Target, as well as other malicious activities like malware and phishing schemes. He rightly says that these schemes can be foisted on individuals, small or large businesses, or any type of organization.

But we think there is a very good reason why cybercrime could be the biggest emerging fraud threat for years to come. It is rooted in the fact that organizations will not forego the tremendous power of networked computers and huge databases, and these are rapidly evolving. Every innovation in automated business processes creates new opportunities for hackers. The prize at stake is huge. … Continue reading