Proactive measures include:
Using a multi-layered approach to securing the enterprise. Strengthen access policies by implementing two-factor authentication (2FA) across the enterprise. Incorporate secure and highly complex passwords. With 2FA, a user is granted access after providing two pieces of evidence to the authenticating mechanism (like JPrivacy).
Customer awareness of the importance of securing online and mobile devices, such as installing anti-malware protection on all devices.
Customer awareness of the importance of placing a transfer limit on their bank account, to reduce risk, in case their mobile device is linked to their account and has been compromised.
Continuous information and awareness of various forms of Social Engineering to your customers, will go a long way to help them spot the difference between trusted and fraudulent communication, for instance, a HSBC representative usually asks customers if adequate verifications have been done before completing a financial transaction.
Customer awareness of the importance of signing up for transaction email and sms notification alerts on their account.
You might consider utilizing biometric systems to effectively confirm customer identity, to simplify your verification processes, if not already in place.
Customer awareness of the importance of keeping their private information up to date (such as, changes to contact phone number and address) so that they can be easily contacted.
Machine Learning (ML) systems provide real-time tracking and insight to detecting suspicious activities, enabling banks to be ahead of the ever evolving fraud landscape. Also, ML allow banks to comply with regulatory measures and manage the operational costs of fraud detection and prevention without solely relying on a rule-based approach.
Apart from using security solutions, it is equally important to have a dynamic information security culture within the bank. Continuous security audit and monitoring is important to ensure regulatory compliance and to meet the challenges of an ever changing cyber threat landscape. This helps to identify vulnerabilities for prompt actions to be taken, before an exploitation occurs.
In conclusion, company-wide vigilance is required to ensure the protection of customer data. Continuous employee training and retraining is required to be able to detect the changing face of scams and fraud before they get beyond curtailment.