Good numbers are in vogue. According to the FBI, violent crimes declined nationwide in 2014 by 0.2%. Of course 0.2% doesn't sound that great, but it reflects the downward trend seen since the 1980s. Murders, robbery, burglary and theft have been going down. New York University reports violent crime has declined 51% since 1991 and property crime has dropped by 43% during the same period.
It is good to see violent crimes are declining, but unfortunately for banks, the same cannot be said for cybercrimes. Things are so bad that in 2014 the US Director of National Intelligence ranked cybercrime as the top national security threat, higher than terrorism, espionage and weapons of mass destruction.
One area bankers continue to focus on is protecting against phishing. That makes sense when you consider the most recent Verizon data breach report finds a full 23% of recipients will opening phishing messages and 11% will click on attachments. For every 10 emails sent, criminals have a greater than 90% chance that at least one person will take the bait. Even scarier perhaps, testing finds close to 50% of users open emails and click on phishing links within the first hour. This is all critical for banks to know and understand, because prior Verizon reports have pointed out that phishing is associated with over 95% of incidents attributed to state-sponsored actors.
Another thing to point out from the Verizon survey is data on the frequency of data disclosures by incident patterns and victim industry. For the financial services industry, it found data breaches would most frequently surface from crimeware (36%), Web app attacks (31%), payment card skimmers (14%), insider misuse (11%) and miscellaneous errors (7%).
This brings us to our discussion around the ubiquitous personal identification number (PIN). More specifically, we look at the brutally slow nationwide rollout of EMV microchip enabled cards and the risks that remain even when fully deployed. The good news according to a recent bulletin from the FBI is that EMV transactions at chip-enabled point of sale terminals at merchants do provide more security of personal data than magnetic strip transactions. The bad news is that EMV chips do not stop lost and stolen cards from being used in stores, or for online or telephone purchases when the chip is not physically provided to the merchant (this is known as a card-not-present transaction). Also, data on the magnetic strip of an EMV card can still be stolen if the merchant has not upgraded to an EMV terminal and it becomes infected with data-capturing malware.
When it comes to your customers, the FBI suggests telling them to closely safeguard the security of their EMV cards and PINs. Customers should be careful from the point the new card arrives in the mail, should review bank statements for irregularities and should promptly report lost or stolen credit cards. Further, the FBI suggests consumers should attempt to shield the keypad from bystanders when entering a PIN because such numbers are solid gold to criminals who use stolen ones to commit ATM and cash back crimes.
Bankers continue to fight cybercrime everywhere criminals attempt to gain access, so we hope this information has assisted in those efforts in some small way. In the meantime, remain vigilant and continue to warn your customers to stay up to speed with the latest security as you explore upgrades of your own.