As the recent cyber attack on Tesco Bank shows, the threat from cyber criminals is a constant one for banks. However, as Brian Caplen describes, simply building ever-higher tech walls will not solve the problem; staff monitoring and customer education must be carried out too.

Cyber attacks on banks are becoming more frightening. The latest attack on the UK’s Tesco Bank, for example, involved money being taken directly out of tens of thousands of current accounts and ending up, say customers, in countries such as Brazil and Spain.

Up to this point most attacks on banks have been on individual accounts – in which case individual error was likely to have contributed to the security breach – or involved large-scale data theft rather than money, such as that from JPMorgan in 2014. 

The danger is that in reacting to the situation, banks spend huge sums on new IT but fail to fix the basics concerning processes and people. For all its sophistication many commentators think the attack on Tesco Bank would have required insider help. The same is true of the $81m heist at Bangladesh’s central bank in February. 

So that means banks need to spend as much effort on monitoring processes and hiring policies as on building ever-higher tech walls. But even this would not get near to solving the problem – that requires educating the customers. Research shows that the most favoured internet password is '123456' followed by 'password' and that young people are the biggest​ offenders when it comes to online carelessness. The comparison website Gocompare.com claims that half of millennials use the same passwords and PINs across multiple accounts, and since they share their personal data on social media, the task of figuring out their passwords is made a whole lot easier.

This presents banks with a difficult problem to solve but only by focusing as much on education as tech spend can there be any progress.

Brian Caplen is the editor of The Banker.

PLEASE ENTER YOUR DETAILS TO WATCH THIS VIDEO

All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker



For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Join our community

The Banker on Twitter