While cyber-attacks are a growing concern worldwide, they are a particular problem in Asia Pacific, where a spate of high-profile incidents affecting countries across the region – from Bangladesh to Japan – has pushed the issue on to the front pages.
According to the Financial Times (Source), one of the key reasons behind the attacks is the region’s “lucrative but patchily defended banks and companies”. In other words, they are easy prey. The newspaper goes on to say that surveys suggest tens of billions of dollars were lost in 2015 alone. Last year, an $81m heist on Bank of Bangladesh hit the headlines, as did a $300m-dollar credit-card fraud in Taiwan and an audacious, coordinated attack on ATMs across Japan that netted a gang some $18m in just three hours.
The problem for those trying to combat fraud is that Asia Pacific comprises a vast, disparate, interconnected group of countries with hugely varying demographics, economies, cultures and languages. While Japan, Korea and Singapore all face an aging population, in Thailand, Vietnam, Indonesia and Cambodia it is much younger.
The more mature economies enjoy sophisticated infrastructure and technology, while the emerging ones struggle to cope with the booming population. Some banks in Pakistan, for example, still exclusively use manual processes and paper records for depositing and withdrawing cash, with all the inherent fraud risks. So there is no single starting point for fighting fraud, which helps explain the “patchily defended” state of commerce.
Responses to the threat are almost as diverse as the number of banks themselves. Those in mature economies are answering the regulatory push towards more stringent controls by embracing technology to get real-time alerts. Results have been positive when central banks take the initiative – in Singapore and Hong Kong, for example. Both countries offer grants and there are funds available for banks wanting to improve their cyber security. In Singapore, the three main banks – DBS, UOB and OCBC – have also set up a specialist center to encourage fintech innovation – something MAS, the Singapore regulator and central bank, is keen to encourage.
In other countries, the situation is less promising. Acleda Bank, in Cambodia, is an exception to the rule. The country’s largest bank, it recently introduced NetGuardians’ FraudGuardian software to combat fraud. Its smaller domestic rivals and banks elsewhere still believe they can’t afford a similar solution. This is an oversight on their part.
Significantly cutting fraud increases customer satisfaction and profitability. Manpower can be switched to value-creation activities rather than fraud detection and response. In addition, rapidly-rising transaction volumes, largely a result of mobile and ecommerce technology, mean it is just a matter of time before those that don’t install a technology solution are hit by a fraud that could threaten their business – and very existence – through the devastating impact of a loss of reputation, customer trust and capital flight.
There is also the looming January 2018 deadline for the SWIFT Customer Security Programme, when any organisation using the global banking co-operative’s messaging network will have to meet strict new controls on securing their IT environment, detecting and responding to threats and co-operating with other banks on fraud intelligence. Failure to do so could mean exclusion from the network – a potential death sentence to their business.
More banks need to follow Acleda’s example. By bringing technology to the fight against fraud, banks can cut risk and costs. By digitizing processes, for example, the likelihood of successful employee collusion fraud is significantly reduced – new, disruptive technology is available that has proven itself capable of recognizing fraud for what it is and preventing it. Data analytics will also pick up on suspicious behavior from account holders – say, on the misappropriation of funds – and from activity on accounts whose data has been compromised.
Technology can even be used to pre-empt behavior. Using data correlation and analytics, the bank can factor in the full current relationship and status of the customer to decide whether a transaction is likely to be safe. So when a customer applies for a car loan, the system can identify the unusually large deposit paid to the seller as in line with expectation and won’t query it, or worse, block it. And because they are digital, banks can scale their operations easily to accommodate increased transaction flow – including the imminent explosion from the Internet of Things – and still remain safe.
They will soon be inundated with data that will need to be structured to understand and get value from it. This is particularly true as we head towards an open world where manipulation on social media remains one of the main ways fraudsters steal IDs. Indeed, there has been an explosion of bank fraud by syndicates masquerading as bank employees to defraud unsuspecting customers (Source).
So using technology is not only effective fraud prevention, but reinforces customer confidence – something that is more important than ever. Because when confidence ebbs away, customers will turn to alternative service providers whom they do trust.
The region often has almost archaic processes, offering patchy protection that fraudsters are quick to exploit. This puts customers, banks and business at risk. It doesn’t have to be this way. It’s time to wake up and stop the fraud.