COVID-19 Banking Scam and Fraud Attempts
A message to the bankers and financial institutions…
The world did not see this coming. The recent COVID-19 pandemic that’s sweeping the globe has knocked everyone back on their heels. The good news is that we will get through this and perhaps we will have learned how to be more prepared in the future.
The economic crisis because of COVID-19 will also abate – slowly. However, this isolated situation is allowing a continuing “virus” to flourish. I’m talking about swindle and fraud artists – particularly those related to your bank. Now more than ever, unscrupulous actors are looking for every way possible to separate your customers from their money and identity. While not a new concept, it is one that’s taking on a completely new meaning for the banking industry.
With the recent passage of the Families First Coronavirus Response Act, there are a lot of checks and cash floating around mailboxes and/or bank accounts. Obviously, this is a rich environment for fraudsters. This now gives the scammers a completely new arena in which they can practice their skills at defrauding your customers out of their money. There have already been reports of text messages and emails telling people how to get their checks faster from Uncle Sam. The best advice we can give is to tell your customers to question strongly these inquiries (in fact, delete them) since the Federal Government will never text or email anyone. If your customers ever have any questions, they should always call you.
After the pandemic of COVID-19, what should Banks be doing to further protect their customers from scammers? First, banks should insist customers use complex passwords, if complex passwords are not required already. In fact, banks should increase the required complexity of those passwords.
Second, banks should insist on multi-factor authentication, if not already doing so now. Many banks use SSL certificates and require enrollment of devices with them to verify a device accessing user accounts. Security and user validation will continue to take center stage for banks, so it is important to remind customers to always look for the lock symbol on your bank web page.
Third, banks should be much less tolerant of login failures. The typical bank allows three failed login attempts before locking an account and this number should be reduced. In addition, banks should be accelerating their use of facial recognition as a means to authenticate a user. This is a very secure method of first level authentication enhanced by multi-factor authentication to verify the user.
Banks should be providing documents, personnel, and training to their customers to help them identify scammers and the like. Also, banks should expect to continue significant internal staff training – not only to help employees be more vigilant, but also so that employees can train customers on the scammer’s methods.
Overall, the methods of attempted fraud and scamming will likely not change much after the COVID-19 pandemic. Nefarious people will continue to prey on the weak and uninformed and look for any vulnerable customer of which they can take advantage. The best option for banks is to tell their customers to be suspicious and call the bank if there is ever a question.
This article was written by Leo Reap, for the Indiana Bankers Association Hoosier Banker magazine.
