Clari5

Menu

Category: Online Banking

How can RBI’s latest guidelines help Indian banks combat cybercrime?

Posted on by Clari5

Rising cybercrime in India is no secret. According to a report by Symantec, India now ranks 3rd in the world, after the US and China, as a source of malicious activity. In fact the National Crime Records Bureau data reveals that in the three years up to 2013, registered cases of cyber crime were up 350 percent, from 966 to 4356. Dubious distinctions both, and give banks and the financial sector in India cause for worry.

Keeping in mind the dramatic swell in online economic crimes, India’s central bank – RBI (Reserve Bank of India) recently issued a comprehensive circular to all banks in India urging them to implement a cybersecurity framework. It prescribes the ideal approach for banks on taking concrete measures to combat cybercrime, fraudulent activities online and thereby retain customer confidence, reduce financial losses and ensure business continuity.

Cybersecurity measures for banks as outlined by RBI’s circular

In light of the rising frequency and impact of cyber attacks, the RBI circular to banks urges them to take adequate measures that are robust and resilient which address and tackle risks posed by cyber criminals, and in the meantime also put in place an adaptive Incident Response Management and Recovery framework to deal with adverse disruptions if and when they occur.

The foundation for fighting cyber crime would stem from a Bank Board approved cyber security policy that outlines the approach for combating cyber crime. This policy is not to be confused with the IT policy or IS security policy and its strategy should encompass some of the following:

  • Identify and assess risks, technologies adopted, regulatory compliance, delivery channels (online/ mobile, etc.), organizational culture, internal and external threats, and processes and policies in place to manage and combat risk
  • Continuous surveillance by testing for vulnerabilities through a SOC (Security Operations Centre) that is constantly updating on the nature of emerging cyber threats
  • IT architecture to be conducive to security measures to be implemented by the bank post assessment of readiness and ensure that network connections to database are allowed through a well defined process and by authorized personnel only
  • Ensuring the confidentiality, integrity and security of customer data is preserved, without any compromise of the same
  • Formulating a Cyber Crisis Management Plan (CCMP) whose primary focus should be: detect, response, recovery and containment to address various types of cyber threats including and not limited to: distributed denial of services (DDoS), ransom-ware / crypto ware, destructive malware, business email frauds including spam, email phishing, spear phishing, whaling, vishing frauds, drive-by downloads, browser gateway fraud, ghost administrator exploits, identity frauds, memory update frauds, password related frauds, ‘zero’ day attacks, remote access threats and more.

 

Baseline Cybersecurity requirements – an indicative list

Banks need to fortify the measures adopted to achieve baseline security and resilience. For instance:

  • monitor logs and incidents in real time or near real time
  • configure hardware and software appropriately
  • automate network discovery and management
  • use the right tools and mechanisms to detect unusual activities in servers, end
    points and network devices
  • protect customer access credentials such as logon user-id, authentication information and tokens, access profiles, etc. against leakage/attacks
  • implement controls to minimize invalid logon counts, deactivate dormant accounts
  • monitor any abnormal change in pattern of logon

The RBI circular mandates a detailed list of cyber defence apparatus. It is evident that a large majority of these measures and requirements can be fulfilled by robust software tools and products that are built for specific purposes. But banks must also remember that from a day-to-day operations’ perspective, it is imperative to have a system that monitors, tracks, alerts and preempts any anomalies that occur in banking transactions, in real time.

“Detect and prevent” as it happens and not wait for end-of-the-day reporting of incidents that are suspicious. In fact RBI’s circular lists out the implementation of risk-based transaction monitoring or surveillance process as part of fraud risk management system across all delivery channels.

In addition to optimizing available technology to strengthen controls for effective risk and fraud management, banks need to conduct employee and management awareness workshops, encourage them to report any suspicious behavior to the incident management team, and conduct targeted training for key staff in operations/ management roles and evaluate awareness periodically.

In parallel, banks need to conduct awareness programmes for their customers and encourage them to report phishing mails/ phishing sites, highlight the risks of sharing their online account credentials, passwords, and other measures they can take to protect themselves from fraudsters and people with malafide intent.

The RBI circular also touches upon the topic of governance aspects which include dashboards, intelligence, proactive monitoring and management capabilities with sophisticated tools for detection, quick response and backed by data and tools for sound analytics.  In addition, banks must keep in mind several other issues while equipping themselves to fight cyber attacks: technology issues, people related issues and process related issues.

It would be fair to assume that if Indian banks were to proactively implement an intelligent, cross-channel anti-fraud defense mechanism, the impact of cybercrime (if/when it occurs) can be vastly minimized.

 

Source: RBI Circular of June 2016

Nigeria – Online Fraud

Posted on by Clari5

Internet Technology for banking: A Boon or A Bane?

Internet Technology has opened up new scope for the banking systems .It has enhanced our lifestyle up to some extent and it made our lives easier. But at the same time it comes with some risks because of its associated fraud.

According to NIBSS, increasing use of ATM and E-Platform has contributed to accelerated growth of fraudulent activities. According to latest figures, the volume of fraud is going up but actual loss from the attempted fraud is reducing. To know more check out this below info graphic which reflects the fraud data related to Nigeria.

 

AML as a Service

Posted on by Clari5

AML as a Service

Past few months have seen a lot of activity from regulators, bankers and industry bodies alike towards curbing money laundering. Rules are becoming stringent and reporting more accurate. Then there were hefty fines levied on certain banks for non compliance with AML guidelines.

During our conversation with bankers, it consistently emerged that bankers have AML compliance as one of their top priorities. This is a clear outcome of lot of banks having plugged their technology for AML, leaving the banks which have not yet taken solid steps towards AML exposed to becoming a conduit for money laundering leading to take evasions, balck money and terror financing.

However, a major barrier these banks face is that technology investments are CAPEX which means budgeting for these investments at the beginning of financial year. It also necessitates a longer procurement cycle and boardroom discussions with other departments on redirecting budgets towards AML.

Second barrier is diversion of resources from revenue generation towards maintenance of AML technology, annual licenses,a project management team to monitor the technology and additional costs to incorporate the changing regulatory requirements.

Third barrier is upfront purchase of such technology entrenches the bank with the software vendor, making switching costs very high.

Understanding these concerns of our customers, CustomerXPs has launched Clari5 AML-as-a-Service to help them overcome the above mentioned barriers and provide a safe banking environment.

The first barrier of CAPEX is overcome by changing it to OPEX. This means that banks no longer have to make upfront investment in software, but use the ‘pay as you go’ model of monthly payments. This model of payments is more comfortable to the CIO, CRO and CFO.

Second barrier is taken care by the fact that there is no annual license, no maintenance required by the bank and incorporation of all the additional requirements come as part of the subscription.

Third barrier of entrenching with the software vendor is overcome by the fact that the subscription is monthly which means that banks can switch to other models with all risks covered.

Cybercrime increased by 300% compared to last year

Posted on by Clari5

Cybercrime in India has increased by 300% since 2013 as the research by thepaypers.com indicates. Cybercrime in India has been on rise for last couple of years.

According to Mumbai police hacking, phishing and Nigerian fraud have risen to 36 in 2014 until October since 2014 from 9 registered in October 2013. 136 cases of cyber offences were registered in 2013 October compared to 418 in 2014 October.

The e-commerce in India has grown by leaps and bounds until recently. This has not only made online shopping a pleasurable experience but also made e-portals vulnerable to various cyber threats. Storage of various customer information have painted them as the next high priority target. Recent incidents of Cybercrime in United States are the clear indication of incoming danger.

 

 

In cases of Nigerian fraud, the victim receives an e-mail or SMS stating the mobile number or e-mail of the selected lucky draw in millions of United States dollars or British pounds. These e-mails or SMSs contain the contact number for claiming the money. The fraudsters also ask for meagre amount of money for clearing customs and for domestic money conversions. The fraudsters provide the account number where the specific amount has to be deposited.

In cases of phishing where the fraudsters sends an e-mail to a user falsely claiming to be an established legitimate enterprise. This fraudulent enterprise in attempts to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a website where they are asked to update personal information, such as passwords, and credit card, and bank account numbers, Cybercrime is truly a menace.

Simplifying Banking Engagement!

Posted on by Clari5

Simplifying Banking Engagement and Empowering your Customers

Rapid change in the banking technology and the behavior of customers pushes banks to be on par with the industry. Gone are the days where everything was complex starting from standing in the queue, filling the form, money transfer, etc. Customers are now searching / looking for those products and companies that can simplify their lives.

Simplicity is mutually beneficial to both customers and banks. In this digital generation where people are always online and busy, expect banks to make their banking experience easier. Customers these days are demanding greater personalization, flexibility, better value, improved service, choice and control. Banks need to reevaluate their  assumptions and fundamentally change how they interact with their customers.  Giving more power to customers by making them have greater control over their money may be uncomfortable to banks, but in the long run it will fetch great result and success.

To simply engagement with customers, banks have introduced multi-channel banking. Multi-channel banking is the buzzword in today’s banking world; the banks are competing to increase their reach by adding new customer touch points, including laptops, PCs, mobile phones, tablets, smart ATMs. Banking on the go is one of the basic need of this tech savvy, young population.

Study below shows the channel usage and their satisfaction level. Source (EY Global Consumer Banking Survey 2014)

The graph above depicts the most commonly / frequently used channels: Online, Mobile and ATM’s tops the chart. When we talk about the satisfaction level of these channels Online and ATM’s  are commonly used by the customers with 36% & 35% of satisfaction level each. On the other hand  channels like Mobile and Branch offices satisfaction level is less compared to online channels.

Apart from using multi-channel banking, banks should encourage their customers to play an active role in tailoring their products and services that alleviate and fix problems. Also, customers care more about convenience than about channels. Banks need to look beyond multi-channel toward a fully integrated banking experience. Banks should focus on marketing offers that are relevant to them and send alerts in real-time. This will not only simply banking engagement, but also enhance the customer experience.

Customer Experience is paramount to establish trust and confidence in banks. Customers are becoming more assertive and taking greater control of their banking relationships. Customers are now more demanding and want their banking experience to be simple, easy and tailored according to their needs. Hence, banks should customize the services based on the customer needs.

Banking Customer Experience in Middle East

Posted on by Clari5

Banking Customer Experience in Middle East

The growing importance of customer experience has taken over the banking industry by storm. A recent report published by E&Y details out latest trends in customer experience from around the globe and suggests that banks should aggressively leverage valuable insights from customer behavior to effectively chart out their customer experience strategy.

The infographic below throws light on banking customer experience in Middle East and how implementing real-time technology solutions result in customer delight by making use of deep customer insights.

 

 

Types of Fraud in Banking

Posted on by Clari5

Types of Fraud in Banking:

Fraud is an escalating threat for banks. Technological advancements and changing customer preferences have opened up new avenues of banking for modern consumers. But these channels of convenience have also attracted massive threat from fraudsters.  For instance, 41% of customers globally who have been victims of financial cyber fraud have failed to get even a single cent back. Fraudsters have not only perpetrated direct channels but have also gained entry within the banking system as insiders.

The following infographic throws light on the different types of fraud in banking and how use of innovative real-time anti-fraud technology mitigates & prevents bank frauds from taking place.

 

Continued Commitment to Fight Banking Fraud

Posted on by Clari5

Gartner recently published a report on Banking Vertical specific software. According to the report, the banking and securities vertical specific software market grew by 5.9%, riding on replacement of legacy applications in mature markets and new technology investments i emerging markets.

CustomerXPs features in the report as a notable vendor providing banking software. With our Clari5 suite of products, we continue to focus on Enterprise Fraud Management and Customer Experience Management for Banks. Inclusion in the report is confirmation of our focus and belief.

Around same time, Gartner published Market Guide for Online Fraud Detection. This guide provides recommendations to fraud managers for their strategic planning in using technology to combat Online Fraud. In this report too, CustomerXPs is mentioned as a Representative vendor. This inclusion is also a testament to credibility of CustomerXPs as a provider of software to fight banking fraud.

As I have written in an earlier post, there is a sense of satisfaction in receiving the positive feedback from the industry analysts and customers alike, a motivation to continue on the journey we have embarked and to keep committed to our goal of helping customers bank in a fraud free environment.

Online Banking- A blessing or a threat in disguise?

Posted on by Clari5

Online Banking- A blessing or a threat in disguise?:

E-banking, or online banking as we call it, has become an accepted norm of financial transactions for millions around the world. The pervasiveness of internet has contributed to this channel of banking gaining prominence not only in developed countries but also in the developing ones.  The modern banking customer who is short on time does not hesitate to log on to her online banking account and make payments online or transfer money, much to her relief.  Aren’t we lucky enough to experience such luxury at the hands of technology?

Well, pause for a second. The growing menace of fraud has posed a big threat to the safety of these banking transactions. Identity theft, phishing & smishing (phishing through mobile phones) are the most common fraud practices threatening the online banking space. According to a report published by Kaspersky in 2013, online fraud is costing the global economy many times more than initial estimates of USD 100bn a year, with bank fraud contributing the maximum. Also with the emergence of various social media channels, fraudsters have upped their ante. As per a research by Microsoft, phishing via social networks was used in 84% of the total attacks carried out in 2011. Such attacks not only expose gaps in the online banking ecosystem but also pose a grave challenge for banks- in how to establish a counter-attack mechanism.

Banks must incorporate a strong combat mechanism- that cannot be achieved by simply following an outside-in defense approach that is reactive in nature. What banks need is an inside-out approach to fraud prevention using customer behavioral intelligence. Customer behavioral intelligence not only makes use of financial transaction patterns but also non-financial transaction patterns, user login patterns and device usage patterns to come out with fraud-risk advice.  This includes using 2-factor authentication to restrict the fraudster from making unauthorized access into the customer’s online banking account, as mandated by Reserve Bank of India, recently.  This fraud-risk advice being available in real-time empowers the banking system to allow, decline or challenge suspicious transactions thereby preventing the internet banking fraud from actually taking place.

Thus, implementing strong online fraud prevention technology is essential not only for making internet banking transactions fraud-proof for customers but also enjoyable. A good fraud prevention solution can not only benefit the bank in terms of improved customer loyalty but also help the bank improve its bottom-line.