Fraud reports are not uncommon in this day and age, and it looks like criminals are resorting more and more to posing as official bank employees. A lot of harm can be done by contacting bank clients and “social engineering” their way into user accounts. Or in some cases, bank customers can even be persuaded to transfer funds into another account belonging to the same bank.
Also read: The Mycelium Card Network Is Coming
Social Engineering Attacks Are Hurting Bank Customers
Whenever somebody receives a phone call from someone claiming to work for the bank they have an account with, there is hardly anyone who will give a second thought to whether or not this is genuine. However, people should not be so trusting when finances are concerned, especially not when the only contact takes place over the phone.
The biggest worry of these “social engineering” attacks is how long it can take for the bank in question to detect any discrepancies. Some people would even go as far as saying how the fraud-reporting processed used by banks can be inefficient and inconclusive. Needless to say, there is a lot of frustration coming from customers who feel they are not protected well enough by the financial institutions they trust.
Internal tools used by banks to speed up transfers between account holders are convenient, but they can also speed up the defrauding process. According to a story by Telegraph UK, two NatWest customers lost over 100,000 GBP in a social engineering attack. Due to the “faster payments” option – enabling NatWest customers to transfer money instantly within the bank’s ecosystem – all the “hackers” needed was a sort code and account number.
Even though the recipient name and sender name was identically the same during this process, that won’t raise any suspicion for the NatWest fraud-reporting process. By using “faster payments,” the name can be anything in the world, and money will still be credited to the recipient account within seconds.
Perhaps the greatest concern is the reaction by the bank itself as soon as people are getting suspicious of the contact with alleged “employees.” As is the case with any major organizations, all incoming phone calls are routed through call centres all over the country, and making your voice be heard by the right person is all but impossible.
Playing devil’s advocate for a minute, if a bank customer willingly agrees to have funds moved to a different bank account – either written, over the phone, or otherwise – there is, technically speaking, no liability for the bank. Customers can transfer money at their own free will, and even becoming the victim of a social engineering attack does not change that fact.
It should come as no surprise to anyone that the biggest banks receive the most complaints from fraud victims compared to other institutions. According to this chart, Barclays Bank, Santander UK, and NatWest make up the top three in that department, with Barclays bank nearly receiving two complaints per day.
Removing The Third-Party From Financial Equations
One possible solution to put an end to social engineering attacks is by removing the need for third parties altogether. While there will always be people relying on the banking system as we know it, there are alternatives in existence that put the user in full control of their money. Bitcoin is one of those options, by which users are in control of and fully responsible for their own wealth at any given time.
Most consumers still put their faith in banks and other overarching financial institutions. There is nothing wrong with that, as these third parties seemingly offer financial protection in the event of fraud or other inconveniences. However, these same institutions are hiding behind “no liability” clauses when funds are transferred by the customer willingly, even if this was part of a fraud attempt.
Bitcoin offers no [fake] sense of security in that regard, as users are fully responsible for their own funds at any given time. At the same time, they can freely access and transfer their funds at any given time, regardless of location and time of day. It is up to individual consumers whether they want full control and full responsibility of their finances, or semi-control and semi-support from third parties.
What are your thoughts on banking protocols regarding social engineering and other fraud tactics? Let us know in the comments below!
Source: Telegraph UK
Images courtesy of NatWest, Shutterstock, Lifehacker