Sat | Sep 23, 2023

Hackers siphon $4m from Jamaican banks monthly as cyber theft grows

Published:Sunday | May 5, 2019 | 12:16 AMSteven Jackson - Senior Business Reporter

David Noel, president of the Jamaica Bankers Association and head of Scotia Group Jamaica.
David Noel, president of the Jamaica Bankers Association and head of Scotia Group Jamaica.

Jamaica’s banks experience nearly two cyberattacks per week on average, and in one extreme month, hackers made off with $10 million, according to the latest official data.

The average losses, however, amount to just over $4 million per month.

“For those affected it is a significant loss and we are working with law enforcement because protecting customers’ privacy is critical,” said David Noel, president of the Jamaica Bankers Association and president and CEO of Scotia Group Jamaica.

The Bank of Jamaica also sees it as a rising problem for the banks themselves and is considering new rules to manage the risk.

Between January and September 2018, there were 62 counts of internet banking fraud in Jamaica, totalling $38.2 million in losses – or $4.2 million per month on average – according to the newly released 2018 Financial Stability Report, which is published by the Bank of Jamaica.

It is the most recent data available from any source as the banks themselves do not quantify the problem. However, they do acknowledge that it is growing and that the intrusions and scams are increasingly more sophisticated.

“These threats are evolving. They are trying to access banking platforms, and we continuously invest to protect it. All financial institutions are doing this,” Noel said. “But also, our customers are at risk from viruses and malware along with the use of social engineering to access customer information. By that I mean they use trickery to get customers to hand over information to access their accounts,” he said.

The BOJ also described cybercrime as an emerging category of risk for financial institutions in its report. The central bank says it will monitor the deposit-taking institutions for such activity and eventually impose rules to minimise their vulnerability. Deposit-takers include commercial banks, merchant banks, and building societies, which are all regulated by the BOJ.

Noel said the bank lobby would work with the Bank of Jamaica on the issue, where necessary, but offered no position on the rules to come.

Some of the “most disastrous” cyber events over the period captured in the report ranged from the denial of service and intrusions or hacking for the introduction of malware infection. Such cyber-attacks can impact the profitability of financial institutions, the central bank said.

In January, the police tracked and apprehended two men in Papine, St Andrew, who had hacked their way into two commercial banks. The two willingly handed over their laptops but insisted they had done nothing wrong. However, local law enforcement broke the firewalls on their laptops and obtained evidence to charge them.

That case was made public by then national security minister Robert Montague at an investment conference in Kingston. Montague said at an investment forum that hackers often go undetected by stealing “cents” from multiple bank accounts daily – minute quantities that go unnoticed by accountholders – and could easily siphon hundreds of millions of dollars annually using that method.