Banks vs cyber criminals: who is the fastest in the FinTech world?

Will banks be able to adapt in the new financial industry and defend themselves against cybercrime?

Meilina Hoogland, Marlieke Ruissaard

November 2018

Cashless payments, virtual currencies, peer-to-peer platforms or robotic advisors: anyone who has ever used one of them is contributing to the transformation of the financial industry. FinTech, which stands for Financial Technology, is a widespread used term nowadays. FinTech stands for the use of innovative technologies which changes the way in which financial services are provided. FinTech covers new products, services, business models, big data and new technologies. The rapidly changing financial industry requires banks to get beyond their traditional business models and compete with new (non)financial institutions that are providing payment services or getting electronic money licenses.

Since the Great Financial Crisis, banks had to comply to all sorts of new regulation. Innovation became a distant priority, which created a gap between the expectations of consumers and the offerings of traditional banks. New players started entering the field and banks came under attack. Digitalization and technological innovation are changing the financial industry rapidly. The so called “FinTech revolution” leads to a lot of opportunities for banks, but it is crucial to be aware of all the challenges and risks associated with it. Cybercrime is a threat that could change the FinTech revolution from an opportunity into a tricky and risky business for banks. This raises the question whether banks will be able to maintain their positions in a disrupted world of rapidly changing technologies and advancing cybercrime.

FinTech: challenges or opportunities?

First of all, the advantages for banks to use FinTech are worth mentioning. New technologies will lead to faster, cheaper and enhanced services for customers. Mobile phone-based banking expands the access to financial products and services of banks. Moreover, the digitalization leads to better customer experience. Big data creates more insights about customers and market trends, enabling banks to deliver tailored products and services. This also leads to more transparency of financial products and services. The digital platforms lead to tighter interaction between banks and customers, so new financial products and services can be delivered fast. Therefore, banks are able to respond faster to changing customer and market dynamics. Furthermore, technologies move banks to more cost-effective platforms. This leads to a reduction in costs for banks. For example, banks make use of robots and machines that deliver customer services and business processes, reducing the operational costs (Ernst & Young, 2016).

Despite the opportunities, the new technologies are also accompanied by new challenges for the traditional banks. In order to remain competitive, banks need to quickly adopt to new technologies. Challenges for banks grow as more and more institutions go digital. One of these challenges is that new competitors in the financial industry create a loss of market share for banks. Moreover, banks need to reduce their margin because of lower prices in order to stay competitive. Furthermore, big data and new financial services are used to improve client services. However, these developments to stay competitive are costly. Finally, to adopt to the rapid changes, banks are dependent on other (technological) institutions, which is costly and assures that third parties need to be involved (Romanova & Kudisnka, 2016). The four challenges mentioned are some of the challenges where banks are exposed to nowadays. However, there is one major challenge that is larger than ever before: fighting cyber risk.

Types of cyber risks

The rise of new financial technologies raises opportunities for cyber criminals. This makes the risk of cyber-attacks from a minor, annoying business challenge one of the leading risks for banks.  According to Raghavan and Parthiban (2014), one of the risks cyber criminals bring for banks, is the risk of illegally removing or transferring money using online technologies (Raghavan & Parthiban, 2014). However, illegally transferring money is not even the only risk. Banks are exposed to a wide variety of cyber risks, which arise from both external as well as internal factors (Lanner, 2018). One of them is the risk of online application attacks. This includes threats on online banking, apps, trading and online services. Cyber criminals seek to find vulnerabilities in the systems on which they can act to get into the systems and obtain sensitive information or disturb operational processes. Second, the development of new technologies itself is also a major risk for existing banks. If a bank wants to adopt new technologies, this means that it needs to develop this, but also to protect itself against threats to these new implementations. This means that a bank also increases cyber risk by implementing new technologies. Third, banks must make sure that their (existing) hardware and software security is stable and safe. For many financial institutions it is a challenge to keep up with the rapidly changing technological developments, but to reduce vulnerabilities and remain secure, it is necessary to invest in IT security. Fourth, the fact that there are big data sets of information available at banks and third parties involves risk. Collaboration of banks with third parties is needed for security and protection against cyber criminality. Finally, banks are exposed to insider risk. Especially in large organizations, which possesses a lot of sensitive and private information it is key to work with integer employees and being strict in the allowance to certain information and online services (Lanner, 2018). These cyber risks show that banks are in many ways vulnerable to cyber-attacks and therefore a prey for cyber criminals.

Cyber-attacks: disrupting the financial industry?

The last couple of years, cyberattacks on banks have been rising. The losses from cyber-attacks almost reached $1 trillion globally (Positive Technologies, 2018). Cyber-attacks are the exploitation or misuse of computer systems, internet enabled applications and networks. Cyber attackers try to get illegal access to a computer system, with the purpose of causing damage. This will have disruptive consequences, for example identity theft and fraud (Techopedia, 2018).

SWIFT attacks

In 2016, the Central Bank of Bangladesh had been victim of these cyber attackers. They stole $100 million by making use of the global money transfer system called SWIFT. It was one of the biggest robberies in history. After this attack, other banks were confronted with similar kind of attacks, some of them successful and others not (Onaran, 2018). These attacks were carried out by the same group of hackers, called APT38 by FireEye (Cyber Security Experts & Solution Providers). Advanced Persistent Threat (APT) groups are doing the same as cyber attackers, but these hackers are trying to achieve their goals over a long term period. In October 2018, FireEye released details about this APT38 group. The APT38 is a threat group which operates on behalf of the North Korean government and has already infiltrated in more than 16 organizations in over 11 countries. According to FireEye, the APT38 works careful, spends a lot of time on understanding the networks and system technologies, and therefore understands the networks of banks very well (FireEye, 2018).

DDoS attacks

Another example of a cyber-attack is the undermining of operational processes through a Distributed Denial of Service (DDoS) attack. The largest DDoS attack took place in February 2018 and was aimed at GitHub. This is an online software development service, used by 28 million developers from all over the world. A DDoS-attack basically means that at one moment, there is a lot of data send from a network of computers to a server, which is way more than normal. The network of computers that sends the data is called a botnet. Because of this extreme amount of information, the online service is offline or temporarily less available. The incoming data at the highest point of the attack on GitHub had a rate of 1.3 terabytes per second via 129.6 million packets per second (GitHub, 2018). This attack on GitHub is called a Memcached DDoS attack, because it did not include botnets. Memcached has the ability to speed up websites, which can be used to conduct a DDoS attack. By outpouring the Memcached services with imitation requests, the cyber criminals could intensify their attack 50 000 times. As GitHub was using a DDoS security system, this largest DDoS attack terminated after 20 minutes.

The Dutch case

In January 2018, four major Dutch banks: ING, Rabobank, ABN AMRO and SNS bank were victims of several DDoS attacks. Banks have to deal with these kinds of attacks many times, but these DDoS attacks were larger and more extensive than before. The DDoS attacks caused online banking to be offline for some hours. In this case, the DDoS attacks did not cause any leakage of sensitive information or danger to payment services. Nevertheless, it shows that banks are a major prey for cyber criminals (Cloudflare, 2018).

These examples show that the banks are a major target of the sophisticated cyber criminals. Cyber attackers are attracted by the big amounts of money. Also, the risk of getting caught by performing these kind of attacks is relatively low. Banks already do a lot to protect themselves against cyberattacks. Luckily, most of the time the banks are able to defend themselves against the cyber criminals. In 2017, the number of successful cyber-attacks was 36 percent. In 2018 this number decreased to 15 percent. Banks have been investing a lot of money in cybersecurity. Compared to non-financial firms, banks spend three times more on cybersecurity. Nevertheless, 15 percent of successful cyber-attacks shows that cybercriminals are still able to infiltrate into the banks systems (Accenture, 2018).

How can banks fight back?

One out of seven cyber-attacks are still successful which means that banks were not able not defend themselves (Accenture, 2018). So, what could banks do better to find against these cyber attackers?

Cyber criminals started using Artificial Intelligence (AI) and new machine learning technologies to conduct their attacks. Therefore, the banks should invest in these new technologies as well, to go against the cyber attackers. New machine learning technologies are a very good tool to detect cyber-attacks. While banks are already investing a lot in cybersecurity and improving it, cybercriminals also improve their attacks. Therefore banks need to continue this trend (Accenture, 2018).

Nowadays, most banks want to hide the incidents regarding the cyber-attacks and therefore do not disclose them. They are afraid of getting a bad reputation and a loss in confidence of their customers. However, in order to fight the cyber criminals, it would be better to share all the information and insights about the attacks which makes other banks aware of it. By bundling all the knowledge, banks could improve their security systems and better prevent cyber-attacks (Positive Technologies, 2018).

Banks vs cyber criminals: who is the fastest in the FinTech world?

Technological developments in the financial industry cause banks to be more vulnerable towards cyber-crime than ever before. Cyber criminals are quick adapters in this disrupted world. The race between banks and cyber criminals is crucial. Banks should unite and cooperate with each other to share information and combine their forces to protect themselves against this advancing risk. Cyber criminals seem to be the fastest in the FinTech world, so banks must speed up in order retain their position and avoid a new financial crisis.




Meilina Hoogland

MSc Econometrics and Operations Research at VU Amsterdam

Marlieke Ruissaard

MSc Econometrics and Operations Research at VU Amsterdam