Financial institutions continue to face a myriad of fraud challenges, ranging from payment card fraud, wrongful termination lawsuits, clever scams targeting consumers, all-time-high payment app fraud, and rising cybersecurity concerns as the Russian/Ukraine situation unfolds.
Russian-Ukraine-Conflict-Impacting-Cybersecurity
As the geopolitical environment escalates, there will be ripple effects on financial institutions and consumers in the United States. The primary concerns are a drastic uptick in ransomware, or killware attacks and how financial institutions can be prepared for these increased attacks. (Note: Killware is a type of malware that erases data and is meant to destroy networks.)
Recent news further indicates how financial institutions could be greatly impacted by the Russia and Ukraine conflict. The Department of Justice has removed Russian malware that could have created a massive attack on millions of networks simultaneously. While it’s encouraging that the US disrupted it ahead of time, unfortunately this reveals Russia’s unnerving cyberattack capabilities.
Additionally, Russian Government Officials have begun blaming the West for cyberattacks and talking about “grave consequences” At the same time, the war has aggregated hundreds of thousands of hackers. Like with all types of fraudsters, regardless of intentions, these hackers may not be aware of the ripple effect on the rest of the world.
There are three primary attacks to be aware of:
- Supply chain attacks: These types of attacks are, and will continue to be, most common. In this type of attack, a supplier serving multiple institutions or industries is targeted and business is impeded until the ransom is paid and the data and operations are restored. Additionally, criminals can use their access to a supplier to enter the network of a financial institution. Supply chain attacks can have a global ripple effect.
- Russian gang attacks: It is well known that Russia has a large cybercriminal gang population. Traditionally, these gangs have no formal ties to the Russian government yet have no government oversight either. In recent weeks, however, cybergangs have been deputized to act on behalf of the Russian government. And new evidence has emerged of close ties between Russian Intelligence Agency and one of the cybergangs. These cyber attacks are very dangerous and can have severe impacts on their targets
- U.S. Infrastructure attacks: Another possible, but unlikely, attack that could occur is that the United States’ infrastructure is directly attacked. This type of attack could come from any cybercriminal source, although it would most likely be in retaliation to the sanctions placed on Russia, and could present extreme damage for the United States’ infrastructure. The Department of Homeland Security lists the financial sector as one of the industries the Russians most want to target.
Since cyberattacks can have severe impacts, it’s important that financial institutions are best prepared for any type of cybersecurity encroachment. This can include preparing your leadership team, employees, and your accountholders for potential red flags and impacts of growing cybersecurity concerns.
Russian-Ukraine-Conflict-Impacting-Cybersecurity
Here are 3 practical ways to reinforce your institution’s fraud prevention and response measures:
- Enhance your Third-Party Risk Management (TPRM) agreements.
Supply chain attacks can impact your third-party providers, which could both impact how you provide your services and provide a surprise open door of attack to your network. Criminals like going after supply chain companies because they are more likely and able to pay ransoms as compared to an individual institution. However, this can severely impact your financial institution if your third-party providers are temporarily unable to provide services due to an attack.
This is an ideal time to review what third-party vendors you have in place and question their emergency communication plan and response strategy with you should an attack arise. - Enable and educate on Multi-Factor/Two-Factor Authentication (MFA/2FA).
While SMS authentication is still useful, the bad guys are finding ways around this back up form of authentication. Your institution can enable MFA for employees and look for ways to educate accountholders on its value.
For employees: Ideally, institutions should implement two-step authentication that is app-based, rather than using text messaging. (This is because sophisticated cyber criminals can hack their way through text messaging authentication.) Google, Duo Mobile, and Microsoft are just some of the platforms that offer app-based dual authentication.
For accountholders: Your institution will benefit from the security measures that your individual accountholders practice. Provide a continuous stream of education for fraud prevention and encourage accountholders to enroll in multi-factor authentication whenever it is offered. - Amplify general fraud prevention measures.
Due to an increase in e-commerce and touchless payments, card fraud and payment app fraud (such as Venmo, Zelle, and PayPal) are at an all-time high. Some best practices to identify and prevent these types of fraud include:- Confirm if card fraud is present or not-present fraud
- Enable 3-D Secure with chargeback rights
- Block fallback at POS and ATMs
- Review card exception reports daily to identify any forced posts (there are time limits on charging these back)
- Set daily dollar limits on ACH credits
- Utilize a real-time fraud monitoring system for all transactions
- Sign up for Risk Alerts from Allied Solutions
For more insights on how the Russian/Ukraine situation is impacting financial institutions, tune into our Let’s Talk Fraud webinar:
As we continue to watch the severe impacts on the Russian economy become of sanctions, it is more important than ever to enhance cybersecurity and fraud prevention measures within your institution. Now that the White House is warning that the financial sector is a likely Russian target, it is critical that you have failsafe measures in place to prevent and respond to any fraudulent activity.