Hackers trying to take control of bank and credit card accounts are on the rise, and are now among the biggest challenges for U.S. financial authorities, a top U.S. Treasury Department official said recently.
So-called account takeovers and are leaving consumers vulnerable across financial platforms such as PayPal and Robinhood, Kenneth A. Blanco, director of the Financial Crimes Enforcement Network, said at the Federal Identity (FedID) Forum and Exposition Sept. 24.
Digital identity is a national security issue and most U.S. financial system users have some information, such as SocialsSecurity numbers, compromised at some point, Blanco said. Most hacking and phishing schemes aiming to get consumer information will target banks because of account volume, but other popular targets are casinos and insurance companies. In turn, captured information can be used to register falsified accounts on other financial platforms to access the U.S. financial market.
FinCEN receives about 5,000 account takeover reports each month involving about $350 million, but compliance officers at banks and other firms with anti-money laundering and know-your-client measures are preventing significant losses from these attempts.
- Blanco, the chief U.S. financial intelligence officer, explained that stronger authentication solutions may curb many of these cybercrimes. “Developments in digital identity solutions and biometrics offer many potential benefits, but industry and government have to account for the attack surface, and what resiliency and recovery look like in the context of a breach,” he added.
- Blanco said that financial technology platforms such as Robinhood may be vulnerable to such schemes: “By using stolen data to create fraudulent accounts on fintech platforms, cybercriminals are able to exploit the platforms’ integration with various financial services to initiate seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts.”
- Anti-money laundering and beneficial ownership registry requirements across financial companies that track data and account information have cut account takeovers through digital identity theft. However, the rapid pace of digital disruptors in financial services industries amplify security challenges under existing frameworks.