The digital era has opened doors to a wealth of opportunities but also challenges for the banking and finance sector.
While bringing unprecedented speed and convenience to customers, it has also created multiple channels that malicious actors can try to exploit for profit.
According to the Interpol Global Financial Fraud Assessment, widespread technology adoption is fuelling a rise in digital scams.
Make money work for you with news, features and expert analysis
By signing up, I agree to The National's privacy policy
The use of artificial intelligence, large language models and cryptocurrencies, combined with phishing and ransomware-as-a-service business models, has resulted in a growing number of fraud campaigns without the need for advanced technical skills, and at relatively little cost.
The Global Anti-Scam Alliance has found that scammers stole more than $1 trillion from victims around the world last year. Only 0.05 per cent of these scammers were caught.
What is even more alarming is that these attacks are becoming more sophisticated and co-ordinated, highlighting the increasing intent of cyber criminals to circumvent a bank’s security and gain access to sensitive financial data.
This underscores the importance of continued investment in security measures.
Putting up cyber defences
In this complex cybersecurity landscape, banks are arming themselves against attacks by continuously increasing the awareness of their staff and clients and improving their working processes.
They are also updating their IT infrastructure, implementing advanced threat detection systems, enhancing security protocols and adopting multi-factor authentication to safeguard customer data and transactions.
The Worldwide Security Spending Guide by the International Data Corporation indicates that the financial services and government sectors are poised to emerge as the foremost contributors to security expenditure in the Middle East and Africa this year. Their joint spend is projected to account for nearly a third of the market’s value.
Knowledge is power
Educating customers to help them protect themselves from phishing and smishing (using text messages) attacks and prevent unauthorised access to their accounts plays an important role.
Banks are raising customer awareness through regular communication on cybersecurity risks. For their part, customers can contribute by staying informed and vigilant about their digital footprint.
Customers are naturally concerned about the security of their identity as well as personal and financial data and the confidentiality and integrity of their digital transactions.
Banks should aim to establish a dialogue with their customers on safe digital practices and be alert and aware of phishing and smishing patterns.
Improving communication techniques is key to ensuring their customers are engaging with and acting on these important messages.
The transformative impact of AI
Banks are increasingly using AI for fraud detection and behavioural analytics to prevent unauthorised transactions, while blockchain’s decentralised ledger provides an added layer of security for transaction records and strengthening data integrity.
By analysing various data points in real time, banks can assess customer behavioural patterns and device integrity and apply machine learning to detect irregularities in these patterns to invoke higher security thresholds.
Making security invisible
Historically, security manifested in high levels of customer friction, such as multiple passwords, pin numbers and one-time passwords.
The vision for the future is to make security invisible.
How criminals use technology to defraud victims – in pictures
Cyber threats transcend borders
Cyber threats are also becoming more transnational in nature. International co-operation is crucial to combat cyber threats.
Sharing threat intelligence and establishing unified cybersecurity standards help create a more secure global banking environment.
Cybersecurity measures adopted by banks for decades have been significantly contributing to industry standards, such as the US National Institute of Standards and Technology Cybersecurity Framework, and regulations like GDPR.
This ensures that customer trust and confidence are upheld through the definition and implementation of best practices.
An example of an emerging best practice is device binding, also known as device registration, which links the customer’s mobile device to the bank’s app, treating the device as a security credential.
This allows customers to securely transact on that device and provides them with peace of mind, knowing that higher-risk transactions can only occur on their registered device.
The future of cyber security
Looking ahead, banks are poised to face an increasingly complex set of cyber challenges, including quantum computing threats to encryption, sophisticated cyber attacks leveraging emerging technologies, such as AI, including generative AI, and the need for adaptive security architecture.
To stay ahead of these challenges, fostering a culture of cyber security is imperative. Banks must invest in next-generation security solutions and continuous education, while customers must improve their knowledge and awareness of cybersecurity threats and vigilance in their digital interactions.
Only this way can we build a robust and secure financial ecosystem that can thwart the hostile intentions of cyber criminals.
Corey Thompson is executive vice president and head of digital for retail banking at Mashreq. Olivier Busolini is executive vice president and head of information security at Mashreq.
