Expert issues cyber-attack warning
Monday, 25 May 2015 12:25pm

The incoming New Payments Platform will leave financial institutions, including super funds and wealth managers, vulnerable to cyber criminals unless they upgrade their security, a fraud and cyber-crime expert has warned.

Similar to the UK's Faster Payments initiative and Same Day ACH in the US, the New Payments Platform is designed to speed up the time for transactions to clear between different institutions and customers, from days to just minutes.

Mary-Ann Miller, senior director and fraud executive advisor for financial crime security firm NICE Actimize, Australian financial institutions probably aren't as ready as they need to be to mitigate financial cyber fraud risk for the new, faster payments environment.

"When the UK, Canada and other countries went through a similar process, there was a spike in digital banking fraud attacks such as account takeover and identity fraud," she said. "Faster movement of funds means less time to investigate suspicious activity."

Fraudsters are using the US and UK infrastructure to move payments quickly through multiple accounts to avoid detection.

Australian regulators are considering having no upper limit on the size of transactions to go through the new system.

"That's an eyebrow raiser for ensuring that banks and financial institutions have the right controls in place," said Miller.

She adds that high net worth (HNW) and ultra-high net worth (UHNW) individuals are particularly at risk from fraudsters. Private banks have reported carefully planned social engineering and manipulation scams being directed at their staff and customers.

"The values of transactions in this group are typically much higher than an average retail bank customer's transactions. Private banks are highly sensitive to relationship impacts and reputational damage and don't want to impact the customer nor see the customer suffer financial loss."

Miller said that Australia does have one advantage in that the UK and the Canada are already using the faster infrastructure while the local system doesn't come on line until 2017. This gives banks, wealth managers and super funds time to implement best practice learned from overseas.

Security is improved by having systems which can access all the institution's digital data to assess whether a transaction should be flagged as suspicious.

"Fraudsters are innovating and are getting more and more practice every day. Banks need to invest on the risk side," Miller finished.

Link to something noaxIJgA