The expansion of banking beyond the confines of physical branches is not new. Since the 1990s, initially through telephone banking and soon after through electronic banking, it has moved out of physical offices, thereby increasing the scope of oversight required to maintain security in a broad sense. In matters of security, both in the physical world and beyond, the banking sector possesses extensive experience and manages it with utmost care.
However, if there is one standout aspect of the digital transformation process, in which the sector is also immersed, it is its everyday nature. In the digital world, customers have more information: the widespread adoption of mobile devices and the immediacy characteristic of digital society contribute to shaping a more demanding clientele. Specifically, regarding banking services, customers are changing the way they interact with banks. Digitalization in the sector is driven by a new type of demand that expects services tailored to the digital age: immediate, available at all times and in any place. This implies that they must always be accessible through any remote channel: telephone, mobile applications, the internet, etc.
Thus, what security experts refer to as the “attack surface”—which in traditional banking was limited to branches where cash was the primary asset to protect—is continuously expanding. In this scenario, the prominence of mobile devices in banking services stands out, showing exponential growth.
In response to more demanding customers, financial services within the banking sector are being designed to offer greater customer control. Simultaneously, new distribution models are emerging in citizens’ daily activities. Furthermore, there is a growing trust among users in digital platforms. All of this facilitates the evolution towards a model of financial transactions that generate a continuous flow of highly valuable data. Yes, banks, in addition to safeguarding customer funds, meticulously safeguard their data, whether it be financial information or personal data.
And now that everything is undergoing digitalization and connected to the internet, a new range of opportunities for hacking and new forms of attacks are emerging, with the ultimate goal of obtaining funds, or failing that, data which, as the foundation of information, has become the new benchmark value.
Banks relentlessly strive to understand cyberspace as a tangible reality, to comprehend its workings, and to navigate it, asserting leadership in this domain as well, always with the objective of protecting funds and, of course, customer data. They constantly reinforce their systems and procedures to detect any suspicious activity and curb it. Both banks and law enforcement agencies gain knowledge and experience in security within this new environment. However, unfortunately, criminal groups are also becoming increasingly organized and sophisticated in carrying out their attacks.
In this process where citizens take control, the banking customer must assume a new role and greater responsibility, also concerning their security. For banks to ensure the defense of both funds and data in the new context, customer involvement is crucial. By helping to protect their own security, they also contribute to combating cybercrime.
The methods most commonly used by criminal groups are not new. In most cases, they resort to simple methods or social engineering to attack the weakest link in the chain—customers—and obtain credentials that allow subsequent access to bank accounts, either through applications or the internet.
The banking system has consistently demonstrated its commitment to security over time, which sometimes leads customers in the digital environment to become overly confident. For this reason, individual entities and the sector as a whole tirelessly reiterate the importance of customer participation in this process and actively collaborate in awareness campaigns. It is essential to avoid responding to direct requests (via emails or messaging applications) or indirect requests (via fraudulent access to websites through links) for security credentials. Making a transaction or contracting a banking service in the digital age can be as easy as sending a message to a friend, but what lies behind it holds much greater value and must be protected. Thus, it is hoped that no one will suffer harm.
For example, would you leave your house keys with a stranger, even just once? Would you hand over a blank signed paper for someone to manage something on your behalf? Would you give a blank signed check for someone to withdraw money from your account? If you wouldn’t do any of this in the physical world, will you hand over your credentials in the digital world?
Pilar Clavería, Advisor on Payments, Operations, and Procedures
