Digital payment attacks are on the rise, with Juniper Research predicting losses exceeding $362 billion globally between 2023 and 2028. More than one-third of those attacks will target banking and money transfer businesses.
of community bank executives ranked cybersecurity as a top risk
Source: The Risk Management Association
Bad actors are focusing their attention on gaining banking information. Data from the Anti-Phishing Working Group showed that in the fourth quarter of 2022, financial institutions were by far the primary industry target of phishing attacks.
“At the end of the day, community banks have what everyone wants: money,” says Lance Noggle, senior vice president of operations and senior regulatory counsel at ICBA. “So, you’re always under attack. If a fraudster can steal data or get access to a system, it would be the ultimate prize to get it straight from the source.”
Ongoing impacts of digital payment attacks
The growing threat is putting pressure on community bank priorities and infrastructure. At the beginning of 2023, an overwhelming 85% of community bank executives ranked cybersecurity as a top risk, according to a survey by the Conference of State Bank Supervisors. Bank teams are therefore turning their attention toward how they can shore up their systems and create a line of defense.
Yet, community banks aren’t always able to have the needed depth and breadth of cyber expertise in-house; 51.2% of community bank executives have flagged attracting and retaining competent technology personnel as the most difficult challenge in implementing new technology.
“It does make the partners you choose more critical, because the expertise is the value,” says Matt Herren, director of payment strategy at third-party service provider CSI. “If you’re not able to go out and hire someone, you need to know the partner you pick is going to give you those best practices and [strategic] insights.”
Thwarting payment attacks
As digital payments fraud grows in sophistication, the technology community banks use to support their infrastructure needs to keep pace. However, it can be an infinite investment, so prioritization is key.
Fraudsters are always looking for vulnerabilities, so for community banks, being part of an organization like ICBA that lets you know about these threats immediately enables you to make sure your stakeholders do as well,
—Lance Noggle, ICBA
Experts point to the following four tips to help community banks line up the right solutions for their bank.
Four payment security tips
Use technology to stop fraud before it starts. Payments risk mitigation solutions come in different forms—machine learning for anomaly detection, generative AI for insights into behavioral shifts—but by employing them, community banks move from a responsive posture to a preventive one.
“Everything in the tech space is making sure you have the latest update to your system,” Noggle says. “There’s software that is bought to analyze transactions to spot anomalies. So, making sure you’re being proactive in using the latest protection available is important.”
Invoke solutions that authenticate. “There’s an adage that’s been around for a long time in this space: ‘If you solve for authentication, everything else is just accounting,’” says Herren. He points out that if a community bank knows the person is who they claim to be, it can be confident in allowing the payment to flow.
“There are opportunities for financial institutions to leverage better data, to be paying attention to behavior, to be looking at device-based biometrics, typing patterns, the way the device is held,” he adds. “There is a litany of options that should prevent true third-party access.”
Employ careful evaluation of customers and partners. Know Your Customer (KYC) is a standard risk mitigation principle, but when it comes to cybersecurity, it means going the extra mile to ensure that customers and partners invest in their own cyber protections. For instance, when a community bank is engaging in relationships where it provides banking as a service or fintech payment enablement, due diligence and ongoing risk evaluation becomes even more important.
Lori Shao, CEO and founder of digital provider Finli, advises proceeding with caution when onboarding new customers and partners. “Leverage the organizations that help you filter financial technology solutions, like ICBA and other groups, and lean on each other for reference checks,” she says.
Educate your bank staff, customers and partners. Part of the battle against payments fraud falls in ensuring targeted parties know when they are being defrauded. In fact, the World Economic Forum reports that 95% of cybersecurity issues can be traced back to human error. Keeping tabs on the latest threats will help community bankers know what to be on the lookout for and what they need to flag for their customers and partners.
“Fraudsters are always looking for vulnerabilities, so for community banks, being part of an organization like ICBA that lets you know about these threats immediately enables you to make sure your stakeholders do as well,” Noggle says.
Keep your eye on the ball
To sum it up, experts have one piece of consistent advice for community bankers in fighting payments fraud: Continue to be vigilant.
“This is an infinite game. There’s never going to be a finish line,” says Herren. “Every time you think you’ve solved something, there will be another gap. You need to not be the lowest hanging fruit. You are not going to solve for all risk and all fraud, but you don’t want to be the target bank.”