The results of an online survey by YouGov, sponsored by credit reference agency Equifax have shown that 55% of British people think that 3 or fewer verification steps are needed to keep their bank accounts safe from criminals.
Cyber Crime and Bank Fraud Levels Still High
Office of National Statistics (OFT) figures show that in a 12-month period from 2015 to 2016 2.47 million bank and credit account frauds took place in the UK. These were part of a 5.8 million cyber-crime explosion, where 1 in 10 people in England and Wales became victims of cyber-crime.
The results of this latest YouGov survey appear to show that things aren’t improving, as of the 2,000 people asked, 21% said they had previously had either their social media or email account hacked.
3 Layers Needed
These high levels of cyber-crime, plus the fact that bank account details top the list of what people are most worried about having stolen (closely followed by followed by debit or credit card pin numbers), mean that UK banking customers appear keen to keep their account holder verification steps to 3 (or less).
Quality Not Quantity
It does seem, however, that it’s not necessarily the number of authentication / verification steps that should make customers feel secure, but the quality of those steps in terms of how difficult they would be for criminals to crack or get around.
Password and single-step processes have been shown in recent years to be not particularly effective at keeping the criminals at bay. This is partly because people share passwords between online services, and the theft of personal details from one website can, combined perhaps with other hacked data, often lead to easier thefts from other accounts e.g. bank accounts.
Multi-layer authentication is more difficult for cyber criminals to get around and banks and financial organisations are also able to use extra layers of authentication that are invisible to customers.
Banks and financial institutions are now turning to other increased security methods such as biometrics and tactics such as Barclays new debit card controls that allow customers to enable or disable whether their card can be used to make remote purchases, or to set their own daily ATM withdrawal limits on the Barclays Mobile Banking app.
What Does This Mean For Your Business?
Businesses clearly need to be able to effectively protect both their own and their customers’ banking details (note the GDPR regulations next year) from cyber attackers. Determined cyber criminals are now attacking businesses in multi-level ways, including phishing attacks combined with social engineering to steal money and data from businesses, and are using ransomware attacks to extort money. Even Google and Facebook both fell victim recently to a £77 million fraud that relied upon hacking, fake letters and invoices, and human error from staff.
As well as taking at least the basic security measures with systems, practices and password protection, businesses, now more than ever need to educate and train all staff to be able to spot possible fraudulent tactics. Staff should be encouraged and empowered to question and refer any suspicious activity, and clear systems for staff to follow, including carefully verifying new payment requests before authorising them, need to be put in place. Businesses should also make sure that they have up-to-date and workable Disaster Recovery and Business Continuity Plans in place.
Author: Ben Armytage