Series: Surely 2.0
4
Min.
More on the topic: Surely 2.0
With increasing online banking and virtual payment methods, more and more criminals are doing their lousy business. How to prevent this…
The bank clerk sounded serious. The time of the call – a Sunday evening – did not seem strange to a 60-year-old from Marktheidenfeld (Main-Spessart district) in mid-October. So he unsuspectingly passed on his TAN data on the phone, which was supposed to be used to stop fraudulent international transfers. The scammer on the phone with the captured data in turn deducted almost 2000 euros.
For Ingo Schuck and Michael Gehrsitz from Sparkasse Aschaffenburg Alzenau and Sparkasse Mainfranken Würzburg, such and similar cases are almost daily bread. Both are responsible for compliance and thus also the security of the IT systems and cybercrime in their companies. And they get more and more work. According to the police crime statistics for Lower Franconia, the number of cases of cybercrime rose by 10 percent from 2020 to 2021 to a new record of a good 3800. All cases are taken into account in which the perpetrators use the Internet to make contact and obtain information, but also still play human decisions. This is in contrast to cybercrime, where systems can be taken over through vulnerabilities without any contribution from the victim.
Customers taken by surprise
As Gehrsitz explains, criminals always need two factors for their scams in his field. On the one hand, the login data for online banking, which you usually receive via phishing emails or SMS. The customer is fooled into believing that he urgently needs to confirm his bank details. However, instead of going to the real bank, he is directed to a fake input mask. If he enters his data there, it is with the scammers. “Customers are often taken by surprise and put under pressure,” says Schuck, explaining why the criminals can collect login data relatively easily in this way. It is somewhat more difficult to get the transaction number that the account holder has to use to confirm each transfer. “As a rule, the scammers try to reach them by phone,” says Gehrsitz. And both make it clear that a real bank employee would never ask on the phone or by e-mail for data that the bank already has, such as account balances or addresses: “If I get an e-mail or information like this, all the alarm bells have to ring.”
Use your own app
Likewise, no bank will request sensitive data via SMS or messenger service. “If at all, some banks do it to remind them of consultation appointments,” adds Gehrsitz. Press spokesman Michael Fuchs also confirmed this for Raiffeisen-Volksbank. “We will not request any account-related reactions from customers via SMS or email,” he emphasizes. In order to generally spoil the soup for fraudsters, he recommends doing banking transactions via the institute’s own app or making sure that you only enter online banking via the institute’s own URL. He attaches importance to the fact that online banking is safer than a transfer slip if it is handled carefully.
Although it can happen at the savings bank that advisors request certain information by e-mail, but then no digital feedback channel is used, but rather they are asked to contact the branch. “We would prefer not to communicate via email at all,” emphasizes Schuck. However, modern business transactions would be unimaginable without it.
The Würzburger has recognized the virtualization of credit or debit cards on the smartphone for easy payment as the latest scam. Of course, the user must authorize this. “In individual cases, the perpetrators actually succeed in persuading the victim and approving the virtualization,” he says, reflecting his recent experiences. The criminals can then go shopping at the victim’s expense, which often happens at the weekend and the victims therefore only notice the debit on the account on Monday. “That can cause several thousand euros in damage,” he adds.
“Small chance” for victims
Is there a way for the victims to still stop the transfers if they spot the scam early? Within Germany there is a “small chance,” says Schuck. It becomes more difficult if money is transferred directly abroad. “Then there is a chance that intermediary clearing houses will still react,” adds his Würzburg colleague.
Both are concerned about plans by the EU Commission to make real-time transfers mandatory for banks. This variant provides for the money to be transferred immediately to another account and has so far cost the customer extra. If this changes, part of the Savings Banks’ fraud prevention will also be undermined. “There are certain abnormalities that are not necessarily fraud, but indicate it,” Gehrsitz outlines the automatic check. He does not comment on the details. In any case, the immediate transfer is not carried out as a result and the customer may be asked back. “In some cases we then noticed that there was fraud behind the transfers,” says the Sparkasse business economist.
Michael Fuchs confirms a similar security system at the cooperative banks. Real-time transfers are automatically checked within ten seconds according to certain criteria. “We don’t have access to the logic behind it either,” he adds. If this security mechanism falls away, the fraudsters could have an easier time in the future.
Next week: How cybercriminals hijack corporate systems
Ralph Bauer
Background: liability fund of the Savings Banks and Giro Association
Who got caught by scammers and lost money has can hope for compensation. According to Michael Gehrsitz, compliance officer at Sparkasse Mainfranken Würzburg, there is a fund of the association that partially compensates for damage in such cases, the liability fund for payment transactions. “We’re trying to determine how much of the customer’s complicity in the fraud is,” he says, explaining the procedure.
Then there would be clear damage and also some goodwill cases regulated accordingly. The distributions were in the millions, and victims in the region often received money from them. On average, these are sums in the four-digit range. The customer does not have to submit an application, the process is started automatically.
He points out that the fund does not step in in so-called CEO fraud, cases of grandchild fraud, transfers of goods to fake shops and romance scamming. The criminals pretend the victims are in love and demand money to avert an alleged emergency, for example for expensive medical treatment. In the case of CEO fraud, employees are instructed by alleged superiors to transfer funds for top-secret company takeovers.
How high the deposits in the fund are and how much he distributed around 2021, the German Savings Banks and Giro Association did not provide any information at the request of our editors. Regulation is the responsibility of the individual savings banks, so no information is available centrally. (rbb)
Click on the topics you want to be informed about. If there is any news, you will receive a notification on the start page. On request also by e-mail.
To your topic overview
Include Article
new comment
new comments
No comments have been written on this topic yet