Michael Joerin, general manager, EMEA, at cyber security experts Namogoo, writes about how and why the private banking and wealth management sector needs to wake up to a new malicious malware security threat

As cyber security threats continue to increase, with personal customer data and brand reputations at high risk, the banking sector is always on state of high alert.

Unfortunately, the forecast for the future is for increased attacks with ever-more sophisticated tactics being deployed – but there is good news; there are robust and quick response solutions that can be put in place to protect customers and enterprises online.

But it is not just the wider consumer banking sector that’s under threat. Private banking and wealth management brands and customers are just as likely to be targeted, if not more so, because the potential prize for unscrupulous hackers is far greater.

Research by my colleagues shows that one in three online banking users could be infected with a new type of malware that is forcing a complete re-think of security systems from the outside in. One of my customers has described this as "the biggest threat to our customer experience we don’t know about".

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Tick here to opt out of curated industry news, reports, and event updates from Private Banker International.

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Many enterprises I am regularly talking to focus their security efforts on servers, network and infrastructure – but Client Side Injected Malware, or "CSIM" as it is known, runs through users’ devices and browsers and therefore bypasses any server-side security systems.

CSIM injects spyware, fake adverts and many other forms of malware into a user’s live online session that sits on top of the authentic site and looks like it belongs within native customer experience – but it can lead customers away to make purchases elsewhere or attack online bank accounts and steal personal financial information.

Common tactics used to target banking customers specifically may look innocuous and contain phrases such as ‘Enter Our Customer Survey’ or ‘Recommended Products’ but when clicked can trigger a CSIM attack, downloading malware directly and invisibly onto a computer or mobile device or creating fraudulent transactions.

High net worth customers are not immune from being unwittingly drawn into online activity that could put them at risk. Our research shows that, in a private banking and wealth management relationship in particular, there is already a greater level of trust between the customer and the brand – which can create a ‘guard down’ approach on the customer side.

The cost to banks could be high without adequate protection, way beyond loss of confidence among customers. We have seen with the recent news about Barclays £72m fine from the Financial Conduct Authority (FCA) how important it is for banks to maintain the most robust processes and systems.

CSIM infection on the user side is much more sophisticated than a hack that targets the server owner, because on the server side it can be detected more easily, but on the client side you don’t always know it’s there. A client-side script that sits within a user’s browser can literally do anything: steal personal data and payment information and completely negatively change their online experience.

All the protections and safeguards you put in place to secure your website will do nothing to stop CSIM attacking your site visitors on their own computers. What’s more, your customers will assume its your website at fault. Once the customer’s trust is gone, it’s nearly impossible to win back.

The finance industry needs to wake up to the fact that their customer’s front door has become the hackers new back door.

As a general rule, we estimates that between 15% to 30% of online banking visitors are infected with CSIM, increasing by 30% to 50% with seasonal spikes particularly around major holiday and peak spending events.

Namogoo’s patented technology allows banks, e-commerce sites, publishers and even government sites to combat CSIM for the first time by detecting and suppressing all active CSIM on a consumer’s browser or computer when they visit a Namogoo-protected site. Our software scans billions of pages and creates malware injecting blocking snapshot in real time, so that site publishers can control the user experience, right down to the individual computer. We are currently in high-level talks with a number of International banks to implement the technology in the next few weeks, and are already providing CSIM protection for select retailers.