In today’s digital ecosystem, banks are offering new and convenient ways for customers to manage their finances, resulting in a more enhanced customer experience. However, as banking becomes more sophisticated, so do the hackers. Jim Winters, head of fraud at Barclays UK, explains what the bank is doing to protect its customers. Briony Richter reports
The rapid growth of digital banking channels has increased the pressure on banks and governments to strengthen their cybersecurity measures.
Fraud detection systems across numerous banking channels need improvement in order to keep up with the hackers. That being said, there is also an abundance of security-focused technology that banks can use to properly defend against attacks.
Explaining his role to RBI, Jim Winters, head of UK fraud at Barclays, says: “As head of the Barclays UK Fraud Team, I am responsible for the prevention and detection of all fraud types impacting customers of Barclays UK.
“The role is varied, but primarily involves designing and implementing effective controls – either system or process-based – to protect our customers, ideally in a way that enhances rather than detracts from their experience. This requires us to embrace the latest in technology and ensure we remain one step ahead of the fraudsters at all times.”
The UK’s Public Accounts Committee (PAC) says the National Cyber Security Centre has dealt with more than 1,100 incidents since it was established in October 2016. Chair Meg Hillier notes: “With its world-leading digital economy, the UK is more vulnerable than ever before to cyberattacks. As the likelihood of these attacks continues to grow, the UK needs to protect itself against the risks created by more and more services going online.”
Barclays has a number of features that will support customers in keeping their card information safe. In May 2019, Barclays launched an in-app account-opening solution, which features a suite of new fraud and scam warnings.
Customers can use the app to open an account at their own convenience. In just a few taps, the new feature enhances the customer onboarding journey by enabling a seamless digital experience.
Barclays has also ensured that the new feature is properly protected. When a customer clicks to pay a new recipient in the app, they will now see two new screens that warn of the common tactics used by scammers. Before continuing with the transaction, the user selects the purpose of the payment from a list of nine categories. Another warning then pops up, prompting the customer to think more about the payment they are making. Only once this warning is passed will the payment be confirmed as normal.
Fraudulent attacks are becoming more common – and more aggressive. A scammer will frequently seem digitally identical to a customer’s financial provider, so Barclays’ new fraud features are designed to act as a positive friction point in the overall payment journey.
“We are continually investing in new features and technology to combat fraud. Currently, we are focused on improving the effectiveness of our fraud-prevention framework through the introduction of machine learning models and enhanced biometric profiling,” Winter notes.
“This helps us to build up an understanding of a customer’s genuine activity so we can better identify abnormal activity and avoid interrupting a customer unnecessarily. Alongside this technological development, we’ve also focussed on educating our customers about the dangers posed through fraud and scams.”
Continuing, he highlights, “We’ve committed more than £18m ⁽$22.5m) over the past two years to raising awareness through our Digital Safety campaigns, running a series of adverts about the most common types of scams that customers and the wider public should be aware of. Through this combined approach, last year we were able to prevent over £835m of potential fraud from taking place.”
Consumers now look to their banking providers for advice on how to protect themselves as they increasingly live their lives online. Thus, there is an opportunity for banks to deliver tailored advice and insight for customers to combat cybercrime. Boosting consumer awareness of the dangers of cybercrime will ultimately lead to a reduction in incidents.
“Fraud prevention is an arms race,” Winter warns. “We have to invest and innovate continually in order to stay one step ahead of the criminals. However, it’s not all about control; improvements in technology mean we can make more accurate decisions and explore how improved security can enhance – rather than detract from – the customer experience.”
He continues: “One of our principles is to try and keep controls in the background where possible; customers should know that we are continually monitoring and protecting their accounts, but we only intervene when absolutely necessary.”
The National Cyber Security Strategy 2016– 2021 sets out the UK government’s plan to make the country secure and resilient.
As hacks become more advanced, large banks and organisations are increasingly seen as prime targets for organised crime and cyberterrorists. It is, therefore, crucial both for the bank and the customer to protect any information stored digitally.
An attack on a financial institution not only results in the loss of vital data, but can have a devastating effect on a firm’s reputation – something that typically requires significant amounts of time and money to restore.
Speaking on the growth of attacks, Winter states: “Fraudsters are continually learning and attacks are ever-more sophisticated. This means the warning indicators we are looking for become more and more subtle as they mirror customers’ genuine behaviour, or even trick customers into carrying out transactions on the fraudster’s behalf.
“Machine learning allows us to make faster, better decisions and identify the increasingly subtle nuances that might indicate that a customer is about to fall victim to a fraud. These models allow us to make best use of the data available to us, so every decision we make is contextual and as informed as possible. Machine learning is just one part of a multi-layered control framework, so we aren’t reliant on one specific type of technology or any single control to protect our customers.”
According to GlobalData’s Payment Fraud Customer Analytics, the most prevalent form of cybercrime is theft of online card details (see chart).
There is no one-size-fits-all solution to tackling cybercrime. For banks, the strategy should be pre-empting attacks rather than reacting to them once they have occurred.
Fraud prevention and detection continues to make huge strides in UK banking; however, the industry is not out of the woods just yet.
Highlighting the challenges facing the banking industry, Winter says: “Right now the industry is seeing an increase in scams and ‘authorised push payment’ fraud.
As fraud-prevention techniques have improved, criminals have shifted focus, and many now concentrate their efforts on socially engineering customers into making fraudulent payments for them.
In theory, this makes fraudulent activity harder to spot, because the customer has authorised the fraud – no passwords have been compromised and the customer is often using the phone, branch or computer they would normally use to carry out their everyday banking. They think they are making a payment, which also means they won’t report a concern should we contact them.
“The increase in the incidence of data breaches is also playing a part. Obviously, live card details are extremely valuable to fraudsters, but the personal information that is also harvested can be used to help identify potential victims and then be used to socially engineer them and gain trust – by pretending to be their bank or utility provider, for example.
“The new data privacy regulations (GDPR) and threat of increased fines will hopefully encourage companies to improve their information security standards and avoid incidents of security breaches going forward.”
Winter also notes that social media is playing an increasingly significant role in the growth of fraud. It has also become so integrated into most consumers’ lives that social media platforms have become a fertile breeding ground for hackers.
“We have been working hard to fight back against this threat by educating young people in schools and colleges via our Life Skills programme, giving specialist training to all our branch staff so they can spot the signs of fraud, and leading a multimillion pound digital safety awareness campaign to raise the public’s overall awareness.
“We have also played an important role in the creation of the recently launched CRM code, and believe it is a significant step forward in helping to protect customers and reimburse those who have been victims of scams.”
Winter continues: “However, we believe that to truly reduce the volume of victims, the code needs to go further. We are calling on all the organisations who enable scams to take place to contribute to the work being done to safeguard and compensate consumers, to stop scams once and for all.”
Fraudsters will always focus their attacks on a financial organisation’s weakest point. However, the volume of attacks can also be drawn towards the most popular consumer channel, with digital payments being a prime example. With a higher number of transactions taking place, fraudsters believe their attacks will be far harder to detect among the sheer volume of innocent activity.
Turning to the evolution of fraud, Winter concludes: “With the advances in technology, it is likely that we will see machine learning utilised more widely – particularly as the amount of data available to inform a decision increases and consumers have come to expect real-time services and fulfilment.
“However, given the levels of data compromise seen at the moment, I also expect to see continued development of security technologies that reduce the value of stolen information to fraudsters such as dynamic, one-time usage card numbers and security credentials, and also biometrics.
“The industry can’t be complacent though. As prevention techniques improve, we often see criminals resort to old-school methods such as distraction of victims at ATMs and card trapping.”
Fraud is a constant cat-and-mouse game between banks and hackers. Once a bank upgrades its fraud-prevention measures, fraudsters are most likely already looking for ways to hack into their new system.
The foundations of an effective fraud risk management programme are rooted in risk assessments, which must be conducted frequently to ensure that any risks are identified before damage can take place.
Fraud is not going anywhere, but a robust fraud-management programme gives banks a reliable roadmap to identifying and preventing it.