Keys to Financial Wellness: What bank clients need to know about cybersecurity

By Stephen Fournier, President, Central New York Market, KeyBank

While October is singled out as Cybersecurity Awareness Month, the reality is cyber theft is an everyday threat to banking account security. In fact, according to a recent study by Javelin Strategy and Research, in 2017 nearly 7 percent of consumers became victims of identity fraud—with the amount stolen rising to a record $16.8 billion.

As a response, banks like KeyBank are making state-of-the-art security a priority. From investments in developing tools, technology and training to block and detect security breaches to providing clients with fraud prevention insights and resources, today’s banks are taking a front-line stand against fraudsters.

Still, the best advice in protecting your personal information may come from Sun Tzu’s The Art of War. “Know your enemies and know yourself.” Cyber criminals want your personal information so they can commit fraud. Your best safeguard against this happening is to understand your behaviors and how cyber criminals capture your information.

What you can do

Cyber attacks are the fastest growing and fastest evolving forms of identity fraud, and according to Javelin, there are three major trends that evolved out of the 2018 study.

1. Account takeovers are growing—tripling from 2016 to 2017 and costing consumers an average of $290 and 16 hours to resolve.
2. Online shopping presents the greatest fraud opportunity.
3. Fraudsters are getting more sophisticated, with 1.5 million victims of fraud having intermediary accounts—online payments or e-commerce relationships—created in their names.

To fight cyber theft, personal computer safety is paramount. On a regular basis, take time to back up your files to a safely stored external hard drive. Set your computer to automatically update software. Run periodic virus scans and use a firewall to prevent computer intrusions. Scan all devices, including flash drives, for malware and viruses on a regular basis.

When possible, use two-factor authentication. This provides an extra layer of security beyond your username and password. If two-factor authentication is not available, use strong passwords or a password manager to secure your accounts.

Also, watch for attempted phishing, which remains the most prevalent cyber theft tactic, and Smishing attempts. Be leery of bank email requests that require you to provide credential or account information. Your bank won’t request this information by email. Likewise, be leery of texts and phone messages that urge you to urgently contact the sender. Typically, the texts and phone messages connect to an automated response that requires you to input account information. A good rule to live by: never, under any circumstances, reveal verifying personal information (name, social security number, address, date of birth, account numbers, etc.) to anyone who has reached out to you—whether by phone, email or text.

Social media platforms can also place you at risk. Know your social media circle so you don’t provide information to unknown people that can make you the victim of social engineering. Before you hit “Accept,” check the mutual friends listed and confirm relationship with them. Make use of privacy settings so you know who sees your posts.
Finally, regularly check your credit report and look for unfamiliar accounts. Take a detailed look at monthly bank and credit card statements. Review all account information, including all transactions, for signs of identity theft or fraud.

Ultimately, you are your best safeguard against identity fraud and identity theft. Being aware that the top targets for fraudsters is account takeover, new accounts and card-not-present (e.g., e-commerce) transactions will help you know what to look for and what precautions you can take.

What your bank can and should offer

Understandably, banks typically do not disclose specific security protocol to anyone, including prospective clients. That said, here are some questions you should be asking when evaluating a bank’s services and efforts to help protect your assets and information:

• Does the bank help to educate clients with cybersafety tips?
• Does the bank offer account alerts so clients are able to track account activity? Clients can choose alert systems that range from checking every transaction to checking any transaction that passes a certain dollar threshold.
• Does the bank offer self-serve ways to lock and unlock credit and debit cards? Being able to lock a card as soon as you realize it’s missing can limit potential damage.
  Banking clients are the first line of defense against cyber theft and cyber fraud. Taking time to make regular security checkups can help clients use online banking in confidence.

If you suspect fraud, act

If you believe you have been a victim of identity theft or fraud, report it to local police and your financial institutions immediately—before further damage is done. You should also check government-run sites, including identitytheft.gov and consumer.ftc.gov, to know all channels that might be compromised.

It’s important to understand that everyone—regardless of financial situation—is a target to cyber criminals, whether you are an active online user or not. With a little work, you can protect yourself from becoming a victim.

About the author: Stephen Fournier is president of KeyBank’s Central New York Market. He may be reached at either 315-470-5096 or [email protected].

ATM Security Tips

ATM fraud, often in the form of skimming, remains a security threat across the U.S. While new EMV chip readers should help reduce its prevalence, it is still worthwhile to be mindful of some safe practices when accessing your bank account from the convenience of an ATM.

1. Use familiar ATMs from reputable banks. While it’s not always practical or possible, especially if you’re traveling, using ATMs within your bank’s network, during operating hours, is the best way to ensure your ATM transactions are protected. If you can’t use a familiar ATM, look for an ATM in a visible location that has surveillance cameras and or security personnel. If using an ATM after hours, always choose a well-lit location and bring someone with you. Locations that require you to swipe your card for entry to a secured ATM machine are your best bet.
2. Check for skimmers. Skimmers are attachments that get placed on top of existing card slot hardware and read your card number. Before inserting your card, lightly pull on the card reader to ensure a skimmer has not been attached. The reader should not have movement. Also, check the arrow directing you where to insert your card. If it is covered, it’s a good indication that a skimmer is attached. If you have any doubts, use a different machine.
3. Keep Your PIN Safe. Shielding your PIN from passersby is only one of several precautions you need to take to keep your number safe. Using your hand to shield your PIN can also protect it from small, hidden cameras. Also, be mindful that new thermal-imaging devices, including ones that attach to a smartphone, make it easy for someone to know which buttons you hit even after you’ve walked away from the ATM. After your transaction, consider hitting multiple keys on the keypad.
4. Check for suspicious keypads. If the keypad is raised up more than usual, consider going elsewhere.
5. Be prepared. Have your card and deposits readily available. You want to be able to conduct your transactions as quickly as possible. If you want to double-check if your deposit was accurate or that you received the right amount of cash, count your money and check your slips after you leave the ATM. Always dispose of your receipts at home.

As with any safety best practices, ATM security requires you to remain aware. Get in the habit of regularly monitoring your credit and debit card accounts to ensure that you catch any unauthorized transactions as soon as they happen.