Bank exec tips on combating cyber fraud
Local banks are wary of disclosing the level of liabilities arising from credit-card fraud and other kinds of cybercrime, but they continue to run education programmes aimed at raising awareness among merchants and bank clients who might eventually be affected.
One source at the Jamaica Bankers Association (JBA) said Wednesday that there is no industry data available on the cost of cybercrime as each bank prefers to keep their liabilities close to the chest.
For that same reason, she said, the JBA's fraud auditing arm was unable to speak to industry trends.
Head of the Financial Crimes Unit and Senior Superintendent Fitz Bailey was said to be travelling when Sunday Business sought an update on the cases under investigation.
But one of the biggest banks says instances of fraud are still on the rise but that the strategies employed by the bank have been working.
"We have seen an increase in the attempts at fraud over the past five years. However, we have been increasingly vigilant, adhering to and updating our policies, training our staff and educating our customers about the various types of fraud and how to protect themselves," said Scotia Group Chief Financial Officer Jacqueline Sharp.
"We are very proud to report that Scotiabank has reduced debit and credit card losses by 56.355 per cent for 2011 compared to 2010, and will continue to ensure that we reduce the losses from this area of our operations," she said.
The successes, according to Sharp, result from continuous improvements to manage and reduce losses.
"Globally, the Scotiabank Group has developed very strong expertise in this area, and has contributed to developing international standards and best practices on fraud detection and prevention measures," said.
Scotiabank invests internally in ongoing education of customers and merchants on electronic banking usage, identity theft and card fraud.
The bank also has a few thoughts on what customers can do to protect themselves. Here are Sharp's tips:
Never respond to emails, open attachments, or click on suspicious links from reputable institutions or unknown senders asking for personal or financial information.
Always remember that the bank will never send you unsolicited emails asking for confidential information, such as your password, PIN, access code, credit card and account numbers. "We will never ask you to validate or restore your account access through email or pop-up windows," she said.
If you have entered personal information after clicking on a link or suspect fraudulent behaviour, call the bank immediately.
Some emails look authentic, featuring corporate logos and layouts similar to the ones used by institutions for legitimate communication. But you should never respond to or action any email that:
• Requires you to enter personal information directly into the email or submit that information online.
• Threatens to close or suspend your accounts if you do not provide or verify personal information.
• Claims that your account has been compromised or that there has been fraudulent activity on your account and requests you to enter, validate or verify your account information.
• States that there are unauthorised charges on your account and requests your account information.
• Claims that the bank has lost important security information and needs you to update your information online.
• Asks you to enter your card number, password, access code or account numbers into an email, pop-up window, form or non-secure web page.
• Asks you to confirm, validate, verify, or refresh your account, credit card, or financial information.
- HOW TO STAY ALERT
- Be suspicious of all unsolicited or unexpected emails you receive, even if they appear to originate from a trusted source like Scotiabank.
- Never click on a link in an email or pop-up window to go to a site. Type, or cut and paste, the URL into a new web browser window.
- Type in the Scotiabank web address yourself to ensure you are transacting with our server. You can also bookmark the URL to save time.
- Never call a number appearing on an email you suspect is fraudulent. In a new twist, phishing scams use a phony telephone number in the email. When you call, a person or an automated response asks for your personal and/or account information.
- If you do have a relationship with the company mentioned in the email, call the company on the telephone using a reputable source like your statement or the phone book for the phone number.