Business email compromise attacks, also known as masquerading or invoice scams, are, according to bankinfosecurity.co.uk, becoming more “sophisticated and pervasive”.
The attacks use a range of techniques such as scheduling fraudulent wire transfers or diverting funds scheduled to be sent from one account to another, for example house purchase funds from a lawyer’s escrow account to the scammer’s own account.
The FBI is sufficiently concerned that it issued a warning earlier this year and put a cost of $1.2 billion dollars on the losses to SMEs between October 2013 and August 2015. Analysts at Bank of America Merrill Lynch produced some “eye-popping data on the scale of the threat” according to Wealthbriefing which reported there are 80 to 90 million cyber attacks a day and around 400 new threats every minute, and that 70% of those attacks go undetected. On a global basis that is an annual cost of $3 trillion.
Wealth managers and banks have long known that email was vulnerable. This is why they have had to create inconvenient client journeys for transaction confirmation that require off-line workarounds including the printing and posting of documentation and/or numerous phone calls. The trouble for banks is that clients are becoming more frustrated with these interactions just as the frequency and sophistication of digital fraud is increasing.
CNBC.com has picked up this theme according to Financial Advisor IQ advising that advisers need to dedicate serious resource to protecting both clients and themselves, writing that “almost every adviser has been on the receiving end of a suspicious email from a client requesting a disbursement, for example” noting that these attacks are a far from the “mistake ridden messages purporting Nigerian inheritance that once plagued inboxes”.
In the US the SEC is beginning to hold advisers accountable for even third party breaches CNBC reports.
The trouble is it is not just regulators that will hold advisers to account. According to the TNS Retail Banking Monitor, customers are starting to blame their banks and IT security will be a key factor in customers’ decision making on whether to switch institutions.
In a decade when financial services firms have worked hard to regain the trust of a client base naturally disengaged at best and deeply sceptical at worst, a serious increase in fraud is not helpful. Nor is the solution necessarily multilevel authentication that requires the consumer to remember an already long list of passwords.
Inevitably a lot of institutions are looking to the smartphone to provide a significant proportion of the answer. After all OTP biometrics cannot easily be used on the desktop machine. The ability to create communication services – particularly instant messaging/chat – within a secure environment on the client’s device is also very exciting and one to which Novastone is, of course, hugely committed.
 One Time Password