At least half of banks and payment systems prefer to handle cyber-incidents when they happen, rather than invest in tools with which to prevent them.
This is one of the findings from a Kaspersky Lab survey, in co-operation with B2B International, that found 48% of financial organisations take measures to protect their clients from online fraud, aiming at mitigating the consequences rather than preventing incidents entirely. In addition, 29% of companies believe it is cheaper and more effective to address cases of fraud as they occur, rather than to attempt to prevent them.
According to the responses given by the surveyed bank representatives and payment service operators, whenever a cyber-fraud incident involving a client’s account occurs, only 41% of organisations necessarily take measures to prevent such an incident from re-occurring in the future. It also reveals that 36% of companies conduct an analysis of the vulnerability exploited in the attack, and 38% compensate the losses. The most popular policy among companies is to try to find out who was behind the attack: two thirds (66%) of financial organisations do this.
“Relying solely on mitigating the negative consequences of fraud is similar to trying to treat the symptoms of an illness rather than its root cause,” says Ross Hogan, global head of the fraud prevention division at Kaspersky Lab. “The symptoms will recur, and the illness will progress. In this respect, Kaspersky Lab recommends that you do not forget how important prevention is. Many of the world’s leading banks have acknowledged this and have implemented ‘root cause fraud prevention’, but alarmingly many still rely on ‘reactive fraud detection’.
“Each year, cybercriminals invent more and more sophisticated methods of attack, and if the banks do not have preventive measures in place, it enables further growth in the numbers of financial cybercrime and increased losses.”
Kaspersky Lab’s experts recommend that banks and payment services use comprehensive online fraud protection methods to protect the bank’s clients at several levels.