Sophisticated scammers, increasingly challenging threats and a high price tag – fraud and scams are costing the financial sector more than money, says Richard Frost, Head of Consulting at Armata Cyber Security

Bank fraud and scams are becoming increasingly expensive for the financial sector. According to the South African Banking Risk Information Centre (SABRIC) Annual Crime Statistics Report for 2023, the cost of financial crime has nearly exceeded R3.3 billion. Digital banking fraud has increased by 45% and criminals are using smart tools to perpetrate clever crimes on unsuspecting users. For financial institutions, the environment has become critically challenging as has the growing need for solutions that protect the bottom line and the customer.

It's a need reflected in the rising cost of doing business, and in how leading financial institutions are approaching cybersecurity spend. Standard Bank, one of the largest financial services institutions in Africa, spends R25 billion on its IT operations, prioritising security and the mitigation of risk. Other institutions are unlikely to be far behind, even if their information isn’t publicly available. All are prioritising ongoing education with push notifications, blog posts, and application alerts constantly reminding consumers of the risk.

But is it enough?

The answer is no – companies are not putting enough emphasis on security, awareness and spend and this is going to affect how their users perceive them. When SABRIC shows how the big five banks account for 20% of reported online incidents and that they contribute to 45% of gross annual losses, it’s easy to see how customers are going to start picking financial partners based on their very visible, very transparent commitment to security. They’re also going to work with banks that make it easier for them to identify fraudulent behaviours.

Consumers don’t necessarily understand the threats, nor do many people have the tools required to recognise when a call or transaction is being faked. The increase in calls from fake bank employees is an example of this – consumers are used to getting calls from banks, insurance companies and other trusted service providers, so they don’t know that the call isn’t genuine. Financial institutions need to significantly enhance their real-time controls so they can protect consumers at the point of risk.

Financial institutions have to do more than just put alerts on apps and send out emails. They need to invest in customer training, into security awareness strategies and solutions that offer an immediate line of defence against scams and fraud. Constant visibility into the threats alongside real-time protection and controls will put institutions in a stronger position to combat fraud and protect their customers.  

Some banks are already implementing features, such as in-app verification, to ensure the person calling is indeed a bank employee. Additionally, mitigation strategies are in place to assist with business email compromise fraud. However, banks need to do more to assist customers here. Although banks offer some form of fraud protection on a financial level, the current process is often too slow. For instance, taking six months to return 30% of someone’s income is just too long for the average consumer.

Financial institutions stand at a critical juncture. While current efforts in cybersecurity awareness are a step in the right direction, they’re not enough – there has to be more work done to develop a comprehensive and proactive approach to financial security. This means investment into a three-pronged strategy: real-time protection systems, continuous customer education, and transparent security protocols that build trust.

The institutions that will thrive will be those that move beyond passive alerts to active defence mechanisms, investing in innovative technologies that can detect and prevent fraud at the point of transaction, while simultaneously empowering customers with the knowledge and tools they need to protect themselves.

The traditional approach of reactive security measures is no longer enough. The future belongs to institutions that can demonstrate not just a commitment to security, but a proven ability to protect their customers in real-time, every time.