During the rush and overall frenzy of holiday shopping, socializing, and celebrating the season has taken over. If you take a moment to look around, you perceive the evolving “smart handheld” catalyst that is fueling it all.  Whether looking at the your neighbor’s new twinkling light display or across the globe at the many multicultural displays of celebration, chances are they started with an on-line purchase likely utilizing an Android, iOS or Windows Mobile device.  And in this day and age of security without boundaries, the smart device is on the front line of cyber security.

The front line is being stress tested this year more than ever.  December is one of the most celebrated months in the world with a wide host of holidays. Wikipedia lists 27 different winter festivals across the globe in December alone.  And this year US shopping sales were up 30% on Cyber Monday with a big boost from mobile1.  In fact 18.4% of retail site traffic came from mobile devices, up from 10.75% in 2011, an increase of 71.4% 2.

Awareness Plays a Big Role

The practice of educating the end customer becomes more important than ever in the throes of a disappearing security perimeter alongside a burgeoning growth of mobile devices.  Risk aware customers practicing informed on-line shopping habits not only protect themselves; they protect the retailer’s business and its brand.  In an environment where security boundaries are quickly vaporizing, financial enterprises should conduct an awareness campaign that extends outside the corporate walls and into the consumer hands.  The campaign should be built on a variety of approaches that are intuitive and easy to use.

Below is just one example of information that can guide the on-line user in identifying malicious campaigns. This information is offered by the US-CERT and is a good place to start in building a front line defense program.

Phishing scams and malware campaigns may include but are not limited to the following:

  • Electronic greeting cards that may contain malware
  • Requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
  • Screensavers or other forms of media that may contain malware
  • Credit card applications that may be phishing scams or identity theft attempts
  • Online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers

Not only will education protect the consumer and the business, it will also build trust with the customer.  Customers depend on their personal banks and financial institution for education on best practices when they bank online.  Educating customers reduces the chances they will become victims of today’s data security threats, as well as ensure they can properly handle an incident should one occur.  As they become armed with good habits and knowledge, they gain trust in their business partners.

Go the Extra Mile and Deputize the Customer

Extending the safe-guarding practice a step further, deputizing the customer to report fraud, can save a business time and money.  It is much like a neighborhood watch program: as much of fraud goes undetected in today’s business, it only makes sense to engage those that notice suspicious behavior so it can be investigated and arrested as soon as possible.

Researcher Phil Blank says even among the United States’ top 25 banking institutions, consumer education and partnership to fight online fraud continue to lag. “We don’t see FIs incenting the consumer to use prevention software,” says Blank of Javelin Strategy & Research. “And there is a deficit in alerts. Many FIs don’t use them or, if they do, they are not two-way.” In a two-way alert, the consumer can respond to or initiate communication with the institution3.

In summary, the world is evolving quickly to an environment where handhelds are prolific, the traditional security perimeters are evaporating, and the end consumer plays a greater role in protecting businesses.  It only makes sense to arm them with education and awareness.

Additional security awareness sites:

Great list of information security awareness sites

Online Shopping Tips: E-Commerce and You

Security Tip: Shopping Safely Online

Top tips for safe online holiday shopping

1 Cyber Monday sets mark as top online shopping day

2 Cyber Monday Report 2012

Fighting Fraud: Deputize the Consumer – Banks Still Struggle to Improve Online Security

More from Banking & Finance

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…