Latest news: cybersecurity in banking

74% of business leaders view cybersecurity as the main disruptive threat to their organisations either currently or over the next twelve months, according to GlobalData’s Tech Sentiment Polls Q1 2024 survey. 

The survey asked respondents which technologies are already disrupting their varied industries or would do over the next 12 months, one to four years, five to ten years or never. 

Fuelled by increasingly sophisticated ransomware and distributed denial of service (DDoS) attacks, cybersecurity is at the forefront of business leaders’ minds. 

Prominent cyberattacks have stolen headlines of late. 

Just this week, Germany recalled its ambassador to Russia over alleged state-sponsored cyberattacks on Monday (6 May), hours before it was revealed that a hack stole payroll data from the UK Ministry of Defence. 

Geopolitical discord has seen governmental infrastructure heavily targeted, like that of Sweden as it attempted to join Nato. But companies including American Express, Change Healthcare, Fujitsu and Roku have all been hit by cyberattacks just this year. 

More respondents said that cybersecurity (66%), cloud computing (63%) and the internet of things (48%) are already disrupting their business than AI (41%).   

AI, however, had the highest percentage of respondents (13%) say it would disrupt their industry over the next twelve months. 

This transcends concerns about mass job losses. In defence, AI-powered drones have threatened global security, exemplified by the Israeli Defence Forces’ (IDF) indiscriminate Lavender AI system.   

EU regulation is tightening over the potential use of AI in medical device trials. Data collation in the financial services sector has become reliant on AI processing. AI-powered digital twin technologies are increasingly involved in transport logistics. 

And, in media, AI companies are signing agreements with news organisations, seen with the Financial Times and OpenAI’s partnership at the end of April. 

The generative AI platform for alternative investment managers, BlueFlame AI, has concluded its Series A funding round. 

With a 25% oversubscription rate, BlueFlame’s network of influential businesspeople and strategic partners helped collect $5m in private finance. 

The management team also played a major role in the fundraising process. With this round, BlueFlame’s valuation rises to $50m and it will be able to maintain its quick pace of product innovation for customers. 

With this financing, BlueFlame will be able to enlarge its staff of expert client success managers, engineers, product managers, and operations specialists, as well as quicken its pace of growth and improve its generative AI platform. 

Moreover, this funding demonstrates BlueFlame’s dedication to providing client assistance while it explores new AI use cases and solutions intended to improve productivity and simplify data sources for alternative investment managers.  

In the alternative investment management sector, BlueFlame has made a name for itself fast by developing modern AI and machine learning techniques that create shifting approaches to use AI. 

BlueFlame, which was set up by former cybersecurity experts, financial technology pioneers, and GRC specialists, is in a unique position to not only comprehend the operational difficulties faced by alternative investment managers, but also provide an AI platform with features that address investor and regulatory mandates in terms of security, privacy, and compliance. 

Founded in October 2023, BlueFlame leverages data and sophisticated algorithms to produce insights that may be put to use and enhance results. With over 20 employees, it offers over 50 pre-built workflows to assist worldwide clients in managing billions of AUM. 

Raj Bakhru, CEO of BlueFlame AI stated: “AI is now a “must-have” tool that alternative investment managers recognise is critical to streamline their operations, improve efficiencies and help them deliver cutting edge strategies.  The value AI can deliver is clear, and our investors understand the challenges of bringing structured and unstructured data together through AI tools while meeting compliance, security, and regulatory requirements. This funding is a testament to the potential our investors see in our model, the strength of our technology, and the value we bring to the industry. With this capital, we can remain focused on our core goals of product innovation and customer value as we continue to push the boundaries of how our clients can use AI to reduce time spent on low value tasks and devote more time to delivering results for their limited partners.”  

Barclays Eagle Labs has announced the launch of the Ecosystem Partnership Programme, which will provide a considerable boost to technology businesses. 

The project will collaborate with local corporate partners to promote creativity and economic development by giving startups the resources they need to advance in the UK technology sector. 

Moreover, the Ecosystem Partnership Programme will be provided by Barclays Eagle Labs, which offers access to vital skills, educational tools, and business assistance and is financed by the Digital Growth Grant (DGG). 

Through the scheme, nine local groups in various UK regions have been chosen to receive funding of up to £250,000 ($315,821) 

In order to support their initiatives, which aim to encourage and accelerate the rise of tech and digital enterprises in their particular regions, the chosen businesses will match the funds they receive pound for pound. 

Amanda Allan, director of Barclays Eagle Labs, stated: “We are delighted to support these projects aimed at assisting early-stage tech entrepreneurs across the UK. It’s crucial to bolster startups and scaleups, especially in sectors such as AI, climate tech, and digital innovation. 

“Through the Ecosystem Partnership Programme, funded by the Digital Growth Grant, Barclays allocates funding to organisations deeply integrated into their national and regional ecosystems. These initiatives are poised to play a pivotal role in supporting startups and scaleups, which are integral to driving local economies forward.” 

Furthermore, during the second year of funding, Barclays Eagle Labs has set aside £1.2m of the Digital Growth Grant to assist implementing efforts in local ecosystems. 

The chosen partners will match the investment; thus, the Ecosystem Partnership Program will contribute £2.4m in value to the UK ecosystem. 

The programmes supported by the Digital Growth Grant will include: 

• Bayspace St Ives 
• BetaDen Incubate 
• BCU Enterprise Limited 
• Cyber Cheltenham 
• Manchester Digital Ltd 
• Northern Reach 
• Opportunity North East 
• Sunderland Software City 
• Tramshed Tech 

PAYSTRAX, a payment processing solution for merchants across the EU and UK, has teamed with global fraud and financial crime prevention company Featurespace to enhance security measures against fraudulent activities. 

PAYSTRAX works with merchants across various industries and will utilise Featurespace’s Technology to analyse merchants’ transactional behaviour. The solution identifies suspicious transactions, safeguarding PAYSTRAX from processing payments that contribute to fraud. 

Research data published by Merchantsavvy shows that cumulative global losses in online payments due to fraud are expected to amount to $343bn for merchants between 2023 and 2027. Money laundering remains one of the most significant contributors to losses to financial crime, with the United Nations Office on Drugs and Crime (UNODC) totalling up to $2trn, or up to 5% of global GDP. 

Featurespace’s Merchant Monitoring solution has been configured for PAYSTRAX to have real-time data analytics, allowing quick recalibration of rules to identify and prevent existing and new fraud forms. 

This functionality will help PAYSTRAX detect suspicious activity, identify a list of high-risk merchants and provide relevant transactional scores 

The solution also predicts fraud risk on each transaction, generating merchant alerts based on where the fraud occurs. Featurespace will provide ongoing consultancy support to PAYSTRAX as part of the partnership. 

Wolfgang Specht, Head of Merchant Risk and Project Management at PAYSTRAX, said: “Featurespace’s solution provides unprecedented speed and accuracy of insight into merchant transactional behaviours and history, giving us peace of mind as we optimise our decision-making and the processing of genuine or fraudulent transactions. With Featurespace, we can process data within minutes and quickly adapt to changing rules. Featurespace is an invaluable partner. Their technology will undoubtedly enhance our ability to support merchants in today’s real-time transaction landscape.” 

Martina King, CEO at Featurespace, commented: “We thank PAYSTRAX for their selection of Featurespace to support their fast-growth trajectory and meet the needs of their customers across the UK and Europe. PAYSTRAX can now quickly, securely, and cost-efficiently protect the electronic payments of their merchants. In partnership we can identify and stop fraud and financial crime and make the world a safer place to transact.”    

UK technology company Zenoo warns the use of AI in banking fraud is just getting started and collaboration with AI specialists is required to stem its flow. 

Cambridge-based Zenoo whose clients include London Stock Exchange, Experian, TransUnion and NASA supplies digital onboarding and protection from financial crime for businesses and has issued a warning to the banking community that the malevolent use of AI will only become more sophisticated and prevalent in the future. 

Zenoo UK managing director George Taylor said: “It’s an enormous concern how quickly and significantly AI is being innovated to assist in banking fraud. In particular, social engineering attacks to steal personal information, enable identity theft and unauthorised access to bank accounts, is becoming remarkably advanced.” 

Key areas of concern include Psychographic Profiling, where AI will analyse extensive data to create detailed psychographic profiles of individuals, tailoring social engineering attacks to exploit specific psychological traits and manipulative interactions where the rising use of chatbots and virtual assistants in banking will be taken advantage of to engage in prolonged, convincing interactions with targets to extract sensitive information or induce them to perform actions that compromise their security. 

Taylor calls for banking to respond to the AI threat with AI too by collaborating with AI defence systems that can learn and adapt in real-time to detect and respond to emerging threats and machine learning models to identify and predict potential fraud based on evolving patterns and behaviours. 

He added: “The key word in combatting the AI threat is ‘collaboration’. Here at Zenoo we partner with cutting-edge providers of the latest AI deepfake detection solutions which can be easily integrated into existing or new customer on boarding flows to combat fraud. We must take advantage of those specialists who are analysing and responding to the AI threat on a daily basis.” 

A new report examining digital banking fraud and financial crime trends in France identifies this summer’s Olympic Games as a potential hub for cybercrime. Citing warnings from the French government, the International Olympic Committee, and the Paris Prosecutor’s office, BioCatch outlines the many opportunities for fraud created by the gathering of 10,000 athletes and millions of fans from more than 200 nations, in Paris at the end of July. 

BioCatch Director of Global Fraud Intelligence Tom Peacock, said: “Paris expects to play host to more than 15 million tourists during this summer’s Olympic games, generating an estimated $3.75bn in economic benefits. This creates fertile grounds for fraudsters, who will look to take their cut. The spectacle of the Games has the potential to distract both Parisians and visitors from best security practices, making them more vulnerable to fraud.” 

Paris’ chief prosecutor has warned of European and South American gangs specialising in street theft flooding the streets of Paris for the Games 

BioCatch warns this could lead to an increase in stolen device fraud, already a growing problem on the continent. 

Peacock added: “London experienced a 151% increase in mobile device fraud last year. Most of these stolen devices end up in China, where they’re stripped for parts. But in other instances, thieves have turned into digital banking fraudsters, logging into online banking apps and wreaking havoc.” 

Consumers should also expect to see a deluge of Olympics-related phishing attacks, where cybercriminals fill our inboxes with promises of last-minute ticket sales. 

BioCatch France Pre-Sales Manager Matthew Platten, commented: “Fraud is a natural selection process. The less skilled fraudsters have already been eliminated from the herd, leaving only the smart ones. We cannot underestimate the creativity of these cybercriminals. They won’t just look to impersonate the Olympic brand. The Games’ sponsors, Coca-Cola, Samsung, and Visa, to name a few, offer fraudsters a wealth of additional phishing and impersonation scam opportunities.” 

Intigriti has published Sharpening SLAs for Vulnerability Management, a new report highlighting the need for strong cybersecurity practices and service-level agreements (SLAs) for vulnerability management. 

This report combines qualitative and quantitative research, featuring insights from 250 info security professionals. 

The UK demonstrates a more rapid response and remediation rate for critical vulnerabilities, suggesting a more proactive and efficient approach to cybersecurity threats. Conversely, the US excels in automation, vendor collaboration, and conducting thorough cost-benefit analyses, indicating a more strategic and comprehensive approach.  

Globally, 75% of businesses fail to respond to critical vulnerabilities within 24 hours consequences could include customer dissatisfaction, loss of business, and reputational damage. 

In the UK, 29% respond within 24 hours compared to 20% in the US. 

More UK respondents (82%) aim to resolve a critical to exceptional vulnerability within 15 days compared to the US (69%) a promising start, but more organisations should aim for this target. 

The UK is also faster at disclosure, with 73% disclosing a vulnerability within 15 days versus 66% in the US. 

Stakeholder consultation when assessing critical vulnerabilities. 

Over half (52%) of companies skip consulting their executive leadership when facing critical vulnerabilities, and only 44% involve legal and risk management teams. This oversight is concerning, as regulatory bodies must be informed about such vulnerabilities. 

Stijn Jan, CEO and Founder at Intigrit, said: “At Intigriti, we understand the immense pressure on cybersecurity leaders to defend against a rapidly evolving threat landscape with limited resources. Still, failing to plan is planning to fail, which is why SLAs are so crucial for protecting against cyber threats. Our report provides clear and actionable standards for performance and accountability, giving businesses a competitive edge in the process. By equipping security teams with tools and knowledge, we can turn vulnerabilities into victories. Collectively, we can ensure a safer digital future for all but there’s no time left to waste.” 

On June 26, 2024, Evolve announced that its systems were breached in May 2024 in a ransomware attack by cybercriminal group LockBit. The group appears to have gained access to Evolve’s systems after an employee invertedly clicked on a malicious Internet link. LockBit subsequently accessed and downloaded Evolve’s customer information from its databases and a file share in February and May 2024. The group also encrypted some of Evolve’s data. 

According to the hackers, LockBit claims to have stolen “33 terabytes of juicy banking information containing American’s banking secrets.” It has subsequently released the data it downloaded on the Dark Web. 

As a fintech firm, Evolve partnered with numerous other companies, including Affirm, Bilt, Shopify, Mercury, Plaid, and Stripe. Therefore anyone who may have done business with any of these companies will have the concern that their private information may have been posted on the Dark Web as part of the Evolve breach. 

This incident will strike fear into the customers of the companies involved. Cybersecurity is a word used so frequently that customers can often become desensitised to it, perhaps taking it for granted. This incident serves as a reminder that the worst-case scenario is often a probable one. 

Schubert Jonckheer & Kolbe LLP is investigating a data breach impacting the private information of millions of customers who used financial services provided by Evolve Bank & Trust, an Arkansas-based fintech startup. 

Evolve has informed customers that this data appears to at least include names, Social Security numbers, bank account numbers, and contact information, this is both for its own customers and for customers of its Open Banking partners. It may also include other private information. 

Those who are affected by this may be at risk of identity theft, financial fraud, and other serious violations of your privacy. As a result, you may be entitled to money damages and an injunction requiring changes to Evolve’s cybersecurity practices.