Banks play down cyber attack levels

Banks are under-reporting cyber fraud because they don’t want to scare customers, a parliamentary committee has been told

Banks are under-reporting cyber fraud because they don’t want to scare customers, a parliamentary committee has been told.

A University of Cambridge researcher told a Treasury select committee that the amount of money being taken from people's accounts through cyber crime is twice as much as what is reported.

Speaking at a meeting about the treatment of customers by finance firms Dr Richard Clayton, a senior researcher in security economics at the University of Cambridge, said: “Insiders tell me the going rate is about twice the amount of money [reported by banks] goes walkies out of people’s accounts.” 

He said banks keep this secret because a lot of it is recovered.

One senior security professional in the banking sector said banks are by constantly being attacked by cyber criminals, and that banks play down the level of cyber crime. 

“I think it is true that the banks choose very carefully how they report cyber crime for exactly that reason. The financial service industry relies on confidence in the system so anything that worries customers can hurt,” he said.

He said it is not just the public that are kept in the dark: “It is not something the banks share internally either. Even reasonably senior level IT staff I don't even hear about the incidents banks may or may not suffer."

Committee chairman Andrew Tyrie said he would raise the issue with banks and regulators.

“The committee today heard that the amount of fraud reported by banks may substantially understate the true scale of the problem. This is concerning," he said in a statement. “I will be writing to the banks and regulators to obtain a fuller picture on this issue.”

It is not just consumers pockets that can be hurt as a result of cyber crime. In September, Benjamin Lawsky, superintendent of the New York State Department of Financial Services, said a cyber attack on the US finance system could be the computer equivalent of the 9/11 attacks in 2001.

He said he is worried about a major cyber attack on the US finance system: "We like to say that, to some extent, the failures to detect the 9/11 plot were a failure of imagination and communication.

"I'm worried about the same thing here – that an event will happen and we'll look back and say: 'How did we not do more?'"

He said he thought it only a matter of time before such an attack happens.


Read more on IT for financial services