Cyber security is a topic on all businesses’ lips as technology becomes increasingly widespread and sophisticated. However, being a lucrative target-segment, concerns among HNWIs are growing as a successful attack on their bank accounts could yield a bigger prize. John Schaffer speaks with industry experts to assess how vulnerable private banks and the wealthy really are to cyber threats
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataCyber security is certainly not an issue that is exclusive to the private banking and wealth management industry. IT security threats have been problematic since the existence of the internet and have surged in recent years as technology use has grown exponentially.
In 2014, a total of 42.8m attacks on businesses were detected – a 48% increase on the prior year. 2015 has seen numerous high profile hacking breaches and the banks have, unsurprisingly, been a target.
For any industry, an attack can have negative and damaging effects. But for the private banking industry, which is entirely reliant on its clients’ trust, the results can be catastrophic.
High net worth individuals (HNWIs) are an attractive target segment for cyber fraudsters. Vinod Raghavan, security technology manager at Temenos, tells PBI:
"The obvious cases are clearly the financial threats with malicious individuals trying to steal money. But I think one of the bigger things these days is on the information as well – especially in private banks where there are attacks on specific HNWIs."
Raghavan touches on the provisions implemented by Swiss-headquartered banking software vendor Temenos that provides front to back-office technology systems for a number of private banks and wealth managers:
"We make sure that we analyse the security aspects right throughout our development lifecycle. From judging what our requirements are for new products or existing products – right up to using automated tools for analysing our own code. We use automated tools for trying to hack into our own systems and we have specialists employed to test-hack our own products."
However, Raghavan adds that although Temenos undertakes numerous security precautions, there is still an onus on banks to undertake their own security checks. He also suggests that in some cases, legacy systems can cause added exposure to cyber attacks.
HNWIs on high alert
In the digital age it has become progressively easier for fraudsters to gain information on individuals, especially if they are high profile figures and information on their wealth is in the public domain. In this respect, HNWIs could be more at risk to social engineering techniques.
Richard Horne, cyber security partner at PwC, comments on the risks of having a private banking account.
"I wouldn’t say that it’s the fact that you hold a private banking account, but the fact that you have a lot of money means that you may well be a higher target. The amount that criminals are able to find out about individuals online is staggering. They can understand how wealthy people might be and how worthy a target they might be."
One of the most significant cyber risks is phishing – an attempt to gain sensitive information such as PINs, usernames, passwords and card details – usually via bogus emails.
Although social engineering methods such as phishing are not the most sophisticated or elaborate forms of cyber attack, they can often be convincing, with the potential to fool clients if they are not being vigilant. According to the US department of Homeland security, approximately 100m malicious emails find their way into inboxes each day.
There is a risk that private banking clients could be exposed to a greater level of phishing vulnerability, as they are more likely to have regular email correspondence with their relationship manager, as opposed to the average retail banking customer who is unlikely to require consistent contact with their bank.
Raghavan says: "Phishing is a big problem that can be addressed by education from both the banks and the security industry in general."
However, fraudsters’ tactics for targeting private banking clients can be different from the mass attacks on retail banking clients and tend to be more focused on individuals, requiring the fraudster to amass a greater amount of research.
Joe Norburn, managing director of digital and front office solutions at Coutts, says:
"A retail environment provides you with lots of end people to go after, but with a smaller prize. If a fraudster can automate these attacks, then they will. A HNW environment is smaller in numbers, but the prize you can get away with is potentially much bigger.
"What we’ve seen, depending on where the fraudster’s mindset is at, is fraudsters targeting a retail-like high volume for certain things through phishing emails, to vishing attacks – so a malicious phone call, pretending it’s from the bank.
"These are far more targeted at HNWIs because that’s harder to do at scale. You can only phone a limited amount of clients, so you’ll target those where the prize is going to be bigger, which is a non-scalable floor."
A number of private banks including Coutts, Barclays and Standard bank, have adopted voice biometrics technology for clients calling into the bank – allowing for their voices to be verified for authenticity. However, if a client receives a call, there is not a reciprocal mechanism to test whether it is actually a bank representative calling.
Digital friend or foe?
The rise of digital channels could instil fear of security breaches amongst weary HNWI clients. However, digital channels such as tablet and smartphone-apps have the provisions for increased security measures that are hard to breach.
Horne adds: "In principle, using apps and being able to utilise security features that are built into apps on a phone is actually far more secure than the add-hoc processes that the private banking industry has adopted in the past of acting on email instructions or receiving a scanned copy of a letter."
Although the private banking and wealth management industry has been relatively slow in its uptake of digital channels, the security improvements could provide an incentive for the industry to up its game when it comes to digital.
Coutts have implemented messaging services via its tablet and smartphone apps, which allows a greater degree of security over emails that have not been encrypted. Authentication can be granted via fingerprint rather than pass-code. However, this assumes that clients will have the latest devices to reap the full benefits.
Norburn adds: "We are investing in new technology where we are seeking to strike the ultimate balance between convenience and simplicity of use, whilst at the same time, raising the security barriers."
