Banks warned on growing threat of cyber fraud

A man exits an ATM yesterday afternoon in Phnom Penh. Pha Lina

Banks warned on growing threat of cyber fraud

Thu, 5 May 2016 ppp

Kali Kotoski

Local financial institutions need to ensure that adequate safeguards are in place to stop cyber criminals and protect their customers’ deposits from increasingly sophisticated fraud scenarios, a banking expert told a forum in Phnom Penh yesterday.

Leonie Lethbridge, the newly appointed CEO of ANZ Royal Bank, told members of business chambers and the local banking community attending the forum that there has been a global upsurge in cyber and financial fraud, and Cambodia must take measures to ensure that it “does not become the next destination”.

“New forms of cyber crime have developed in recent years and some of those forms are becoming increasingly severe,” she said.

Lethbridge cited the recent case of US-based Ubiquiti Networks, which fell victim to so-called “CEO fraud” or “business email compromise” – a tactic where con-artists use “phishing” and other email spoofs on companies that regularly perform wire transfers. If they are lucky, the recipient will approve an otherwise unauthorised transaction to their offshore bank accounts.

In Ubiquiti’s case, scammers managed to transfer $47 million of funds held by a company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties.

Ou Phanarith, director of ICT Security at the Ministry of Posts and Telecommunications, warned that Cambodian financial institutions were particularly vulnerable to cyber fraud given the generally low level of education about cyber security.

“Students and employees at banks need to learn about cyber security,” he said. “Unfortunately we lack the ICT certification courses to fight against cyber crime.”

He said among ASEAN counties, Cambodia’s cyber security abilities ranked only above those of Laos.

“Even Myanmar is ranked higher than Cambodia,” he said, urging institutions to send students abroad to receive training despite the high cost.

Speakers at the forum spoke of various cyber security threats, including phishing attacks, malware and Trojan horse viruses. They also discussed increasingly common ATM scams and point-of-sale (POS) fraud.

Chrork Pengsrorn, ANZ Royal’s head of international risk, stressed the importance of banks and microfinance institutions continually upgrading their security systems.

“When it comes to ATM card skimming and point-of-sale fraud, it is still very hard to track down criminals in Cambodia if banks don’t continue to push for security upgrades,” he said, adding that it was also important for customers to inspect machines and report any signs of tampering.

As an example, he cited the case of three Bulgarians who were arrested last November for trying to infiltrate an ANZ Royal ATM on Norodom Boulevard in Phnom Penh. The criminals inserted a compact disc infected with malware into the ATM in an attempt to access the machine’s cash reserves remotely using a smartphone.

“If the bank didn’t have the highest level of security in place, it would have been hard to arrest them,” Pengsrorn said.