Frank Abagnale explains how cybercrime and fraud is a threat to financial services
Cyber Security Frank Abagnale JR was famed for Leonardo DiCaprio’s portrayal of him in ‘Catch Me If You Can’. However one of the most interesting things about Frank is not his past endeavors but his current work, contributing to the future of preventing cybercrime and fraud.
As part of a recently released video for Fintech Finance, I had the pleasure of speaking with Frank Abagnale JR. Here's what he had to say about cybercrime...
“The two biggest things right now are, firstly a lot of account takeover … where a CFO sends an email to wire ‘X’ amount of money too a certain client or customer and someone does that exact email over and over again … Secondly, and this is very scary, the amount of breaches; we’re having almost one everyday – not just banks, any company that keeps data, so doctors, law firms, anyone that has data with information that people want. There’re deadly in the fact that even if you don’t lose any money, the reputation and the fact information has been stolen about your clients is devastating to ones stock. What’s scary is a lot of the time they don’t tell their customers to change their passwords even though a breach has happened.”
Frank’s warnings are reinforced when later I spoke with Amit Shah, Head of multi-channel analytics at NICE systems. “It’s all about education for the public” states Amit “Banks need to make customer aware of fraud threats. It’s about awareness, not just making sure relevant solutions are in place, but to actually protect customers and make them aware of what’s happening.”
In an era of constant financial regulation, there is very little when it comes to security regulation. “There are no compliance stipulations at an industry level” says James Cronk from Cisco, “unless a bank is recognized as a critical infrastructure, there is nothing that is actually regulated for them, so it’s best practice, guidance and how they view things themselves.”
Informing the industry on best practices is one of Frank’s passions. He recently delivered a seminar to a large UK bank emphasizing the importance of educating its staff on security. He purposely planted a number of USB drives marked ‘Confidential’ in the car park and nearby vicinity, to find an hour later, almost all of the USB drives had been connected to the banks network. The implications being that any form of virus,’ Trojans or smart-wear could have been on those USB’s posing any number of catastrophic threats to the bank’s systems by it’s own employees.
So what can be done about it? Frank focuses on data analysis; working with the FBI, developing systems that not only monitor the pin number you enter at an ATM, but the speed and pressure that it is entered; which combined with your phone GPS location and your past ATM history, have the potential to detect when something is awry.
NICE focus on the progression of technology. It becomes increasingly apparent that passwords alone have become somewhat archaic and insufficient in protecting users. They propose a future where voice and palm biometrics become the norm, “taking away the burden of being asked millions of questions ’ and we, as the general public would be safer for it. These measures are organic; as advanced as they are, they will never be ‘the answer’, as cybercrime continues to evolve so must the security measures remain dynamic in order to stay one step ahead.
In conclusion to these interviews it seems that the most progressive thing a bank can do right now is admit that there is a problem. Frank acknowledges that, “these things are becoming more and more common and they don’t get made public because banks don’t want to admit they lost the money.” Whilst technology continues to advance in a cyber crime vs. cyber security battle, education of banks and their customers is key.