Why Exchanging Financial Information Via Email Is So Risky – And How It's Gotten Worse


No matter how secure the vault is, there will always be someone willing to take a chance and force their way in. We not only see this in movies where criminals try to break into casinos, banks, art galleries, and jewelry stores, but also in real life. In the past, criminals would have to go to a physical location to steal. Today, theft is most often committed from behind a screen through identity scams and phishing attacks.

The financial services sector, especially including private equity and venture capital firms, investment banks, and others, continues to be a prime target for cyberattacks as they deal with the transfer of large sums of capital. Although Deloitte reports that financial services companies have increased investment in cybersecurity to cover at least six to 14 percent of their IT budget, fraudsters are adapting to new technologies to perpetuate identity theft and phishing attacks.

Looking at the way financial instructions have been shared throughout the years, the safety and security of confidential information has decreased – often as a result of a greater emphasis on convenience. Years ago, financial instructions were first shared through the pneumatic capsule where customers used a tube to instruct banks on withdrawals and deposits. With the introduction of credit cards and ATM machines, financial institutions adopted the file transfer protocol in the early 1970s, enabling customers to send their ACH information on a disk or a tape. In the private capital markets, capital call and distribution notices containing wire instructions were sent via FedEx as recently as 5-10 years ago.  Today, instead of FedEx, it’s sent via email as a PDF or posted to an investor portal.

In the past, a fraudster could only obtain financial information by physically intercepting the file. And if that happened everyone involved in the transaction would know that the information had been compromised, which made it easier to detect and dispute the fraud in real-time.

But the internet has revolutionized communication between financial services firms and customers. Email has become the preferred form of communication for the sake of time and ease, and financial instructions are commonly shared in this format as well. The problem? Email is simple to hack into and cybercriminals could linger undetected for long periods of time. While portals have helped to address this, they are defenseless if password information has been uncovered.

According to McKinsey, synthetic identity fraud is the fastest-growing form of financial crime and accounts for over 61 percent of losses at large US banks. With easy access to information online, fraudsters can steal data from multiple people and create a fake identity.

Phishing, which has increased by 45 percent, is another primary method for cybercriminals to obtain confidential information through unauthorized methods. Phishing is typically initiated through a fake email that resembles a company email.

Successful identity fraud scams and phishing attacks compromise bank logins, account numbers, credit card numbers, and PIN numbers to access accounts, make transfers, commit credit card fraud, or sell the information on the black market. This can result in billions of dollars being stolen, so it’s important for all financial firms to take steps to protect themselves and their customers.

Fortunately, technology can enhance the efficiency of email while making it more secure. For example, multi-factor authentication (MFA) is a multi-layered framework that is used to verify the identity of users who are trying to login to an account or make a transaction. Access is granted only after the user successfully presents two or more pieces of identification evidence. Although two-factor authentication is another commonly used method, it remains a risk to ‘man-in-the-middle’ attacks, where customers’ data is intercepted before it reaches the financial institution.

To maximize security, biometric verification adds an additional verification step by utilizing unique biological characteristics like physical attributes or behavioral characteristics to verify a user’s identity. Unlike other authentication methods such as passwords, biometrics are inherent and use unique characteristics that cannot be forgotten, lost, faked, or compromised.

Biometric and MFA technology integrates seamlessly with existing email and portal systems, enabling users to continue conducting business uninterrupted. Although cybercriminals will always try to break through security measures, financial firms can stay on guard by using verification methods that cannot be stolen or replicated such as fingerprints, facial recognition, cross-checking with government-issued IDS, and more.

Posted In: OpinionTechcontributorscyber securityemailsFinancial Information