Banks eye more robust systems to tackle Internet fraud in 2024
Published:Sunday | December 31, 2023 | 12:11 AMLivern Barrett - Senior Staff Reporter
Amid wide public outrage over a “significant” increase in Internet scams and millions of dollars in losses, Jamaican commercial banks are getting ready to implement “tough” and “more robust” measures for some transactions.
The measures are still being finalised, but are expected to be in place by March, according to Dane Nicholson, chairman of the Jamaica Bankers Association’s (JBA) anti-fraud committee.
Local commercial banks lost $133 million in 2022 through Internet banking fraud, an annual increase of 21 per cent and a near 300 per cent spike in the last five years, the JBA said, citing data reported to the Bank of Jamaica (BOJ).
BOJ, the country’s central bank, is responsible for regulating the banking sector.
Reported cases soared
The data revealed, too, that the number of reported cases soared to 742 in 2022, up from 72 in 2018 and 134 last year, signalling that cybercriminals continue to find new ways to outsmart unsuspecting customers, experts say.
And the numbers are expected to be worse for 2023 amid reports from scores of Jamaicans who have detailed, in recent months, how large sums of cash were taken from their bank accounts, some admittedly after clicking on links embedded in messages they believe were from their financial institution.
The Major Organised Crime and Anti-Corruption Agency (MOCA) confirmed last week that it is currently investigating several Internet banking schemes, including one that was used to fleece millions of dollars from approximately 150 customers at multiple financial institutions.
“Given the extent, sophistication and amount of money involved in these activities, we estimate that multiple organised persons or networks of persons are involved in these attacks,” said Captain Basil Jarrett, director of communications at MOCA.
Nicholson noted that 2023 saw a “significant” increase in “social engineering” schemes such as phishing, smishing and romance scams globally and predicted that the losses for local financial institutions could move closer to the combined $456 million lost via credit and debit card fraud schemes.
As a result, he said, financial institutions are currently adjusting their internal controls to counter the evolving techniques of cybercriminals.
“So, in 2024, financial institutions will have to make some tough decisions, some of which might inconvenience customers, by making their systems a lot more robust,” Nicholson told The Sunday Gleaner on Friday. “And also, we have to put measures in place to protect the customers from themselves because some customers are still inadvertently exposing themselves to these types of activities.”
He did not disclose details of the looming changes, but suggested, as an example, that two-factor authentication for all transactions could become the standard across the commercial banking sector.
“That is one of the things the industry will have to look at,” he said.
Still, Nicholson says customer vigilance is going to have to play a major role in stemming the problem.
He said that simultaneously, the JBA will be increasing its customer education around Internet scams “because that is going to be the number one defence against social engineering scams”.
“If the financial institutions continue to strengthen their internal mechanisms around their different systems, but customers continue to divulge sensitive information to cybercriminals, then it brings the investments by financial institutions to nought. So it’s going to have to be a partnership,” Nicholson stressed.
George Rivera’s* girlfriend was stuck overseas in June this year after a weather system forced the cancellation of her flight back to Jamaica.
He recounted using his National Commercial Bank (NCB) debit card to book her a hotel room before going about his daily routine.
Later that day, Rivera said he got a text message he believed was from NCB, saying his account was compromised and that he needed to change his password.
“So I clicked on the link, went through, did what I needed to do and updated whatever I needed to update,” he said.
The public sector employee said that at the time, he was not aware of NCB’s policy not to contact its customers via text message.
“I never heard it on any radio or television advertisement,” he told The Sunday Gleaner.
A day after booking the hotel room for his spouse, Rivera saw an email from NCB indicating that $21,000 was removed from his credit card for the purchase of gasoline at a service station in St Andrew the previous night.
Rivera said he logged into his NCB account “to see if something actually go so”, only to discover that his predicament was much worse.
“I had $293,000 in my [savings] account … . When I logged in, I only saw $67. The limit on the credit card was $192,000 and they used $21,000 off of it,” he revealed during an interview with The Sunday Gleaner on Friday.
Remain unresolved
Rivera said he visited NCB’s Spanish Town branch to make a report and that’s when he learnt that his account was used to take out a $315,000 loan.
Nearly six months later, he says the issues remain unresolved and there has been no update from the police’s Fraud Squad.
NCB, the country’s largest commercial bank, has indicated publicly that it does not divulge information about its customers.
Since 2018, commercial banks have lost a total of $405 million through 1073 reported cases of Internet banking scams, according to the BOJ data.
But MOCA believes the losses from cyber and cyber-enabled schemes could actually exceed $1 billion.
“The difficulty with quantifying this amount in any greater detail, however, is due largely to our estimation that banks and customers may not always report all the suspected incidents of cyber theft,” Jarrett told The Sunday Gleaner on Friday.
Law enforcement sources claim, too, that some banks, concerned about reputational harm, are opting to quietly pay back customers rather than filing reports with the appropriate authorities.
But Nicholson, the chairman of the JBA anti-fraud committee, pushed back at the assertion, describing it as “an old rhetoric”.
He disclosed that “several” cases have been reported to the police and predicted that “early in the new year, you will see some arrests in relation to cybercrime matters that have been reported by various institutions”.
“While you may still have one or two, most of the financial institutions now have taken the necessary steps and have been working closely with law enforcement to report these matters so that appropriate action can be taken from a criminal perspective,” he said.