After a recent revelation by international security software firm Kaspersky Lab that some of the largest banks in the world had an estimated $1 billion stolen from them during the past 24 months, a few questions linger.
How are smaller financial institutions faring versus extremely sophisticated cyber-fraudsters? Are they targeted as heavily as the global 200? Do they have the technological wherewithal to protect themselves from sophisticated cybercriminals?
On the positive side, the small and mid-size institutions may not have some of the vulnerabilities of the larger financial institutions. At a conference hosted by technology research and advisory firm Gartner that focused on identity and access management, one of the three largest financial institutions in the country revealed that much of their fraud was cross channel. They saw fraud online, at the ATM and in the call center. Thirty percent or so of their cross channel fraud originated in the call center.
An imposter calls and convinces a service representative to help change the password to an online account. At a smaller institution, the call center or help desk is likely not staffed by thousands of agents who seldom deal with the same customer twice. Knowing your customer and knowing what's out of the ordinary for a customer is a good defense for fraud that begins in the call center. Smaller firms and credit unions are more likely to notice something isn't right. Score a point for the little guy.
Among the larger credit unions in the country, a number of them are evaluating mobile and biometric technologies designed to add multi-factor authentication to their call center and online channels. The latest statistics indicate there are more smart mobile devices, such as smartphones and tablets, in the United States than there are citizens. The ability to use voice biometrics or built-in fingerprint readers via mobile channels for authentication purposes is becoming easier. These technologies, however, have not been widely adopted at smaller firms. On stopping cybercrime, score it even.
From a technology perspective, many of the smaller financial institutions and credit unions rely on technology platforms from third parties to be able to offer online banking, electronic bill pay and ATM services. Among the largest providers are Fiserv and FIS Global. Fiserv has been making use of behavioral analytics software. FIS Global has been offering their banks out-of-band transaction verification services for several years. Several thousands of credit unions are protected between these two providers. Score another point for the smaller financial institutions partnered with a platform provider, and offering advanced anti-fraud capabilities.
In the technology industry, the firms that provide anti-fraud and authentication tools to smaller FIs and credit unions are in an arms race with cybercriminals. That is not going to stop. It's the new normal. Still, most financial crimes result from successfully spear phishing an end user and compromising legitimate user credentials.
The wild card for smaller financial institutions may still be the ability of their end users to recognize when they are being scammed and not fall into the spear phishing trap. That may provide only a slight edge, but given today's threat level, any edge is worth having.
John Zurawski is vice president at Authentify. He can be reached at +1 773 243 0300 or [email protected]
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
