Cyber attacks on banks are becoming more frightening. The latest attack on the UK’s Tesco Bank, for example, involved money being taken directly out of tens of thousands of current accounts and ending up, say customers, in countries such as Brazil and Spain.
Up to this point most attacks on banks have been on individual accounts – in which case individual error was likely to have contributed to the security breach – or involved large-scale data theft rather than money, such as that from JPMorgan in 2014.
The danger is that in reacting to the situation, banks spend huge sums on new IT but fail to fix the basics concerning processes and people. For all its sophistication many commentators think the attack on Tesco Bank would have required insider help. The same is true of the $81m heist at Bangladesh’s central bank in February.
So that means banks need to spend as much effort on monitoring processes and hiring policies as on building ever-higher tech walls. But even this would not get near to solving the problem – that requires educating the customers. Research shows that the most favoured internet password is '123456' followed by 'password' and that young people are the biggest offenders when it comes to online carelessness. The comparison website Gocompare.com claims that half of millennials use the same passwords and PINs across multiple accounts, and since they share their personal data on social media, the task of figuring out their passwords is made a whole lot easier.
This presents banks with a difficult problem to solve but only by focusing as much on education as tech spend can there be any progress.
Brian Caplen is the editor of The Banker.