As the Federal Reserve, International Monetary Fund (IMF) and European Central Bank (ECB) take precautionary measures to limit the impact of COVID-19 on the global economy, banks across the globe are seeing a rapid increase of cybersecurity threats. And, while the economic impacts of COVID-19 are likely to subside, these cyberthreats are here to stay.
Europe is at the epicenter of the pandemic. With more than 75% of global COVID-19 cases, the humanitarian crisis is set to outpace the economic disaster. Unfortunately, Europe is affected by more than the epidemiological threat. As the centerpiece of the global economy, banks are playing a crucial role in combating the increased economic anxiety. The European Banking Authority (EBA), for example, is reinforcing the fact that banks are pillars of financial stability. Recently, the EBA recommended that banks focus on key operations and limit requests for non-urgent activities.
The economic risk extends far beyond the Eurozone. Across the pond, 78% of American workers are living from paycheck to paycheck and 58% survive on hourly wages. The current pandemic has forced all businesses, and banks in particular, to navigate these uncharted waters. Banks are now required to go above and beyond their traditional duties and become social stabilizers—even without being able to call up similar scenarios for perspective. If they succeed, they will play a vital role in keeping both households and businesses afloat with lines of credit during this period of uncertainty.
At the same time, banks are facing unprecedented economic threats. As an example, Italy’s UniCredit is shutting down 70% of its branches as its staff succumbs to the outbreak. And on top of all of this, malicious cybersecurity criminals are seizing the opportunity to commit fraud.
How banks can protect their operations
Keeping your banking business safe starts with establishing best practices for work from home employees that safeguard your company’s data and infrastructure while also enabling online payments and account verification. These measures require state-of-the-art, military-grade security. In these already unstable times, banks simply can’t afford to become the victim of a cyberattack.
Unfortunately, the past few weeks saw rapid development of cyberthreats. Most of these attacks focused on the COVID-19 pandemic and its effects on the world’s health. Unsuspecting individuals working from home and searching for information related to the pandemic are now prime targets.
In the past, email has been the primary method of spreading malware to infect computers. Today, we’re seeing a refined strategy that targets banks and fintech companies. As a result, the ECB has warned financial institutions of the “critical need” to plan for the impact of the pandemic. As staff absences are set to rise, so too will the amount of cyberattacks banks will face.
The rapid development of cyber threats and phishing attempts
Finastra is the world’s third-largest fintech provider, serving over 90 top-rated banks across 130 countries. The company was recently forced to put servers offline and investigate an attack that allegedly made millions of dollars in wire transfers vanish.
Simon Paris, Finstra’s CEO, apologized to customers and admitted that the ransomware attack was deliberately orchestrated while the company migrated thousands of employees to a work-from-home setup.
Similarly, the Federal Deposit Insurance Corporation (FDIC) has identified another scam that targets the pandemic. Fraudsters are deliberately trying to sow distrust in the banking system by telling people that their funds aren’t safe. People withdrawing large sums of money from their accounts could cause another serious hit to the banking system—one that it may not be prepared to withstand.
Globally, bank staff that is working from home is at risk. Cybercriminals are on the lookout for sensitive data that will help them breach an enterprise’s network.
Entry-level employees that are not equipped with company laptops are especially vulnerable—and are likely the first targets. Unfortunately, there’s no easy way out. Identity access management based on user IDs and passwords is unlikely to be an effective policy since changing credentials and access rights is not easy to accomplish in a remote working environment.
In the dim era of the COVID-19 threats, the European Banking Authority is providing regulatory support. On March 25, EBA removed NCA’s obligation to report their readiness to meet the strong customer authentication requirements for e-commerce card-based transactions by March 31.
Focusing on improving operations and assuring the day-to-day activities of banks is crucial during the current pandemic and in the aftermath that follows. Since migrating to Strong Customer Authentication under the new Payment Services Directive (PSD2) has been delayed, IT departments have more time to concentrate on choosing the best providers to not only meet evolving regulatory requirements but also improve user experience and security.
At TypingDNA, our proprietary algorithms authenticate users based on how they type on their keyboards. Known as keystroke dynamics, this typing pattern recognition technology is approved by EBA to be used in multi-factor authentication under the new PSD2.
Contact our team and schedule a demo to see how frictionless authentication can deliver benefits beyond simply being compliant.