It was interesting to read that certain commentators believe that the next banking crash will be a cyber attack. Last weekend Bristol Airport lost its flight display screens to Ransomeware. https://www.bbc.co.uk/news/uk-england-bristol-45539841 Most of the banks have been compromised in some way over the years and have had to remove their digital banking service for a period of time.
Account takeover is the biggest threat, what we have not seen yet is mass account takeover. However we have to be realistic about the possibility of that happening. Someone gaining access to one of our bank accounts may be sorely disappointed. They can only pay to saved payee and to add a new payee requires additional authentication. This bring us to a very controversial conclusion that most account takeovers require a user to disclose some sensitive information.
Sadly in this day and age it is the non digital savvy or aged users who are most at risk. Those who grew up with online banking are not quite as susceptible to online takeover. I have to qualify that by saying that in the future a new technology described to us by our children or a younger generation will frighten everyone of us!
If you were a fraudster I would assume that you wanted access to a large corporate’s account. The values are astronomical. The new Faster Payment limits make them very attractive to takeover. The old fashioned frauds of beneficiary manipulation are still widely used but corporates are becoming more aware of the threat to them.
The next stage in the SME and retail world is Open Banking, this allows third parties access to our accounts and to businesses up to a certain threshold. You could assume that this increases the risk. It could however do the opposite, the user that embraces these services will already be tech savvy and cautious. We can assume this because they have decided to use a new service in the first place.
Maybe Open Banking and its place as a subset of PSD2 will reduce account takeover. FinTech’s who provide the services will be more agile and quicker to react to user changes. The market will react quicker to challenges and prevent them from actually compromising a user. Device tracking, biometrics, multi authentication can all help and are embraced by the fintech community.
It is not totally crazy to think that the opening of the digital channels by means of new regulation actually makes the digital experience both richer and safer.