View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Analysis
July 13, 2022updated 14 Jul 2022 12:16pm

How cybercriminals are targeting asset finance instant messaging

With cyber security concerns on the rise thanks to Covid-19, Miles Rogerson considers what this means for commercial brokers and providers of equipment financing.

Free Whitepaper
img

Never Trust, Always Verify: Is Zero Trust the Next Big Thing in Cybersecurity?

Cyberattacks continue to rise every year and no sector seems to be immune. Hackers target sensitive information such as organizational, client, and financial data, as well as intellectual property (IP) and proprietary functions. As digital transformation becomes a top priority for many organizations, traditional perimeter-based security models are no longer sufficient to address the growing cybersecurity concerns. Against the backdrop, enterprises explore zero trust as it takes a micro-level approach to authenticate and approve access at every point within a network. Reasons to read: The cybersecurity landscape is swiftly changing, and businesses need more awareness to meet the evolving change. The report highlights the current state of play and the future potential of the zero trust approach in cybersecurity to protect critical digital infrastructure of enterprises across sectors such as financial services, healthcare, telecom, and transportation, among others. Read our report and gather insights on the following topics:
  • Traditional vs zero trust protection
  • Key advantages and solution providers
  • Major industries and key players
  • Drivers and challenges
  • Top funded startups and Mergers & Acquisitions
  • Implementation challenges
by GlobalData
Enter your details here to receive your free Whitepaper.

Closing IT loopholes exploited by cybercriminals who are targeting the asset finance broker and lending community should be at the top of executives’ agenda, particularly as cybercrime has spiked since the onset of the pandemic, according to Matthew Elliot , chief development officer and co-founder of Nivo, an identity verified messaging service provider.

“Everything has become much more digital in the last two years as a result of the pandemic alongside a shift in consumer expectations” and “this has led to more sensitive data flying around, more opportunities for cybercriminals and fraudsters to exploit,” he said.

In this climate, he said brokers and lenders need to understand exactly what is driving risk and how this is changing.

Cybercrime: risks

Elliot pointed to a 400% increase in cybercrime since the start of the pandemic, highlighting the need for lenders to pay attention to the technology systems and processes they use to ensure they aren’t leaving themselves open to an attack or putting customers’ data at risk.

Paul Spinks, co-founder of Alpha Asset Finance, a brokerage, recently announced a tie-up with Nivo, in a bid to reinforce the company’s application process.

Spinks said there had been a “significant increase in fraudulent activity in the asset finance sector during the pandemic,” and laid the blame at the feet of the restrictions that, while necessary, dulled the due diligence process.

For example, lenders and brokers were suddenly unable to visit a customer to certify their identity face-to-face, meaning that fraudsters manipulating customer data and cloning business websites could impersonate a customer in a much more convincing way.

In other cases, fraudsters were able to intercept customer invoices and direct the payment to themselves instead of the customer.

Cybercrime: What are the solutions?

To help mitigate these risks, Elliot and Spinks identified five key areas that lenders should be vigilant of when conducting business. These include:

  1. How do you prove that the person you’re talking to is who they claim to be?
  2. How can you be confident that the data they’re providing you is accurate?
  3. How do you collect and share personal information with intermediaries and partners?
  4. How do you store this information?
  5. How do you prevent malicious software from entering your organisation?

Elliot hailed “biometric identity verification and open banking” as examples of modern technology solutions that are “not only higher quality and lower risk than traditional checks, but also faster and more convenient for the customer too.

“When it comes to communication, sharing of data, and risk of viruses, email in particular is a major risk area,” he said. “It’s still used across the industry because it’s ubiquitous, but it is a horrible solution from a risk perspective, with a high chance that a fraudster can intercept personal information and it provides a doorway for bad actors to send malicious software through.”

For example, a hacker will monitor legitimate email exchanges between lenders, brokers and customers, then steal the bank account or identity information and use it to create a seemingly legitimate yet fraudulent profile. Alternatively, the hacker may step into the conversation, posing as one of the parties but changing a few lines in an invoice such that the funds are sent to the fraudster’s account.

In these cases, if the lender had used a secured communications network to transfer sensitive information to brokers and consumers instead of email, the fraud could have been avoided.

“It’s also crucial for brokers and lenders to maintain security after an approval has been received,” Spinks added. “Just because it has been approved, it doesn’t mean that information sharing is now less risky.”

“A number of conditions come with an approval and this process involves further sharing of confidential information. Maintain vigilance!” he warned.

Added benefits

Elliot was quick to highlight the silver lining, stating that the vast array of “new technologies which have been developed to mitigate these risks typically also speed deals up with a more streamlined user experience and as such have a time and cost business case alongside the risk benefits.”

Identity verified messaging, which mixes the speed and convenience of instant messaging services such as WhatsApp with bank standard security and FinTech features such as ID checks and e-signing, is an ideal way to shift away from the unsecure legacy channels such as email, paper and phone.

Earlier this year, Nivo and ALPHA announced a partnership based around combatting the rising fraud in the asset finance sector. On 30 May, the pair launched a mobile app, integrated with Alpha’s ACE portal, featuring Nivo’s white-label technology that enables customers to complete biometric ID verification via their mobile device in minutes.

Speaking on the experience, Spinks said the new tech “gives the customer a seamless, secure experience. Information can be sent securely to the lender, so [Alpha] knows it’s not going to get interrupted, and from a customer perspective, they know they’re minimising their risk of future ID fraud when, historically, it would have been sent via email.”

Elliot added that in the interests of a safe, regulated industry, it’s “far from best practice” to ask customers to share sensitive personal information over email, because it is “putting that data and that individual at risk.”

Cybercrime: What will the future bring?

Spinks highlighted the responsibility for all asset finance brokers to run a “tight application process”, as they are the first line of defence in identifying fraudulent activity.

“It’s part of the regulatory requirements, as laid out by The Financial Conduct Authority (FCA ), as well as the relationship with the lender,” he said.

Elliot forecast an industry shift away from emails for risk and compliance reasons; GDPR puts an onus on service providers to keep customer information safe. “That’s impossible as soon as you put it out on email,” he said. “I am also anticipating wider industry adoption of trusted standards such as ID verification, e-signing and open banking which are harder to defraud.”

Another area that Elliot and Spinks highlighted for development in the coming years was the secure sharing of verified customer data.

“Under the traditional approach, the customer often shares their personal information multiple times with a broker, lender and solicitor,” which Elliot condemned as a waste of effort.

As such, Elliot said Nivo was strongly advocating for technology to allow the customer to provide this data once, and then consent for it to be instantly shared across multiple different organisations through the course of a loan application.

“The technology to do this exists,” Elliot said, “the challenge and opportunity rests with lenders and intermediaries collaborating to adopt it and realise the speed and security benefits at an industry level.”

QuSecure Launches Post-Quantum Cybersecurity Solution

Seclore Offers Data-Centric Security Platform

SecureAge Technology Unveils Malware Protection Software

Free Whitepaper
img

Never Trust, Always Verify: Is Zero Trust the Next Big Thing in Cybersecurity?

Cyberattacks continue to rise every year and no sector seems to be immune. Hackers target sensitive information such as organizational, client, and financial data, as well as intellectual property (IP) and proprietary functions. As digital transformation becomes a top priority for many organizations, traditional perimeter-based security models are no longer sufficient to address the growing cybersecurity concerns. Against the backdrop, enterprises explore zero trust as it takes a micro-level approach to authenticate and approve access at every point within a network. Reasons to read: The cybersecurity landscape is swiftly changing, and businesses need more awareness to meet the evolving change. The report highlights the current state of play and the future potential of the zero trust approach in cybersecurity to protect critical digital infrastructure of enterprises across sectors such as financial services, healthcare, telecom, and transportation, among others. Read our report and gather insights on the following topics:
  • Traditional vs zero trust protection
  • Key advantages and solution providers
  • Major industries and key players
  • Drivers and challenges
  • Top funded startups and Mergers & Acquisitions
  • Implementation challenges
by GlobalData
Enter your details here to receive your free Whitepaper.

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Friday. The leasing industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU

Thank you for subscribing to Leasing Life