22 MAY / JUNE 2020 Leo Reap Vice President & Senior Partner IT Resource leor@itrw.net IT Resource is an associate member of the Indiana Bankers Association. FEATURE Banking Scam and Fraud Attempts In a post COVID-19 World The world did not see this coming. The COVID-19 pandemic that is sweeping the globe has knocked everyone back on his or her heels. The good news, however, is that we will get through this, and perhaps we will have learned how to be more prepared in the future. The economic crisis caused by COVID-19 will also abate, but slowly. This isolated situation is allowing a continuing “virus” to flourish, however – swindle and fraud artists, particularly those related to your bank. Now more than ever, unscrupulous actors are looking for every way possible to separate your customers from their money and identity. While not a new concept, it is one that is taking on a completely new meaning for the banking industry. With the recent passage of the Families First Coronavirus Response Act, there are checks and cash floating around mailboxes and/or bank accounts. Obviously, this is a rich environment for fraudsters. This now gives the scammers a completely new arena in which they can practice their skills at defrauding your customers out of their money. For example, there have been reports of text messages and emails telling people how to get their checks faster from Uncle Sam. Tell your customers to question inquiries like these strongly (and delete them), as the federal government will never text or email anyone. After the pandemic subsides, what should banks be doing to further protect their customers from scammers? First, banks should insist customers use complex passwords, if complex passwords are not required already. In fact, banks should increase the required complexity of those passwords. Second, banks should insist on multifactor authentication, if not doing so already. Many banks use SSL certificates and require enrollment of devices with them to verify a device accessing user accounts. Security and user validation will continue to take center stage for banks, so it is important to remind customers to always look for the lock symbol on your bank web page. Third, banks should be much less tolerant of login failures. The typical bank allows three failed login attempts before locking an account and this number should be reduced. In addition, banks should be accelerating their use of facial recognition as a means to authenticate a user. This is a very secure method of first-level authentication enhanced by multi-factor authentication to verify the user. Banks should be providing documents, personnel, and training to their customers to help them identify scammers and the like. Also, banks should expect to continue significant internal staff training – not only to help employees be more vigilant, but also so that employees can train customers on the scammer’s methods. Overall, the methods of attempted fraud and scamming will likely not change much after the COVID-19 pandemic. Nefarious people will continue to prey on the weak and uninformed and will look for any vulnerable customer of which they can take advantage. The best option for banks is to tell their customers to always be suspicious and call the bank with any questions. HB
RkJQdWJsaXNoZXIy MTg3NDExNQ==