using authenticator apps like Microsoft Authenticator, Google Authenticator, Duo or similar applications. Texts and emails can be intercepted. Strong, out-of-band MFA solutions are recommended to enhance the security of financial accounts. The volume of information available to threat actors is significant. One effective security measure for financial institutions is mandating MFA on all customer accounts. However, some financial institutions offering online services still do not require MFA. There are regulations designed to enforce MFA, such as the New York State Department of Financial Services’ cybersecurity regulation (23 NYCRR 500); however, adoption remains variable, particularly among institutions serving smaller or older client bases. Concerns persist about whether requiring MFA will encourage customers to migrate to other banks or financial organizations. Still, the resources spent preventing fraud or misdirected funds may exceed the costs associated with lost opportunities. 2. Educate Customers on Social Engineering Scams Social engineering has existed for a long time; as long as there have been secrets, people have attempted to use social tactics to obtain them. A well-known hacker once stated that it is often simpler to manipulate individuals than to circumvent technological safeguards, suggesting that advanced technology can be compromised through effective social engineering techniques. Hackers rely on users not being aware of the latest scams, so it’s essential to repeat warnings loudly and often. Practitioners of social engineering have developed various methods and schemes. One common scam involves fraudulent phone calls appearing to be from a bank, using spoofed numbers to imitate legitimate bank contacts. The caller may be familiar with standard login procedures and request sensitive information such as usernames, passwords and multi-factor authentication codes. These calls often begin with alarming claims (e.g., an account balance being transferred out), which are meant to concern the recipient enough that they will readily share additional details needed for account access. Warning your customers through notices on login screens, paper statements, SMS messages or emails can be an easy way to offer timely reminders about sharing personal information. A simple warning, such as “never share this code with others,” may go a long way. 3. Monitor Dormant Accounts Money mules and fraudsters often open accounts with minimal initial deposits, then leave them inactive while attempting to compromise other accounts or engage in phishing and social engineering schemes. Dormant accounts can be readily identified and monitored for signs of fraudulent activity. Restrictions can be implemented to prevent these accounts from initiating or receiving wire transfers or ACH transactions or from utilizing remote deposit services. A major national bank has adopted a policy to automatically freeze dormant or infrequently used accounts that receive significant transfers or deposits. The assets in such accounts remain frozen until internal investigations confirm that the funds are not associated with fraudulent activity or scams. 4. Look Out for Your Customers Investment scams can cost both clients and banks a significant amount of time and money. Multiple lawsuits have been filed against financial institutions after a customer transferred funds for an investment that later MORE FACE TIME. LESS WAIT TIME. Visit NebraskaBlue.com/Telehealth to learn more. Health benefits that give you access to virtual visits with doctors and specialists, even if you’re out of state. So you can get the care you need — wherever you are, whenever you need it. An independent licensee of the Blue Cross and Blue Shield Association. 19 NEBRASKA BANKER
RkJQdWJsaXNoZXIy MTg3NDExNQ==