Tamas Kadar, CEO of SEON, shares his expert insights into what neobanks need to look out for when it comes to protecting their operations and their customers in the evolving digital landscape.
How do neobanks differ from traditional banks in terms of their operations and the threats they face?
Neobanks are online-only, usually with app-based banking and a mobile-first approach. Many seek to streamline banking processes and reduce friction compared to traditional banks, to encourage higher volumes of customer onboarding. This is an opportunity in terms of business growth and a level of market access that traditional banks can’t reach. It’s also a threat, as it means that fraudsters may be able to slip through the net more easily than they did previously.
The rapid growth of the neobanking sector is a threat in itself. The sector saw customer numbers shoot up from around two million to fifteen million in just three years. Over the same period, the number of neobanks in the marketplace grew from about 70 to upwards of 250. As new neobanks jostle for position in terms of market share, they need to ensure they’re only welcoming genuine customers and not fraudsters through their virtual doors.
This is particularly relevant, given growth expectations for the neobanking sector. This year, we should see a transaction value of something like US$7.47 trillion in the neobanking market. And with a projected annual growth rate of 18.16% between 2023 and 2027 – meaning that transaction volume should reach US$9.24 trillion in just four years’ time – we’ll see plenty of fraudsters trying to get in on the action.
What are the key emerging threats that neobanks need to guard against in the evolving digital landscape?
Neobanks need to be on their guard against newly emerging threats and against new, more sophisticated versions of existing attack vectors. There’s a lot to keep on top of when it comes to neobanking cybersecurity these days.
Obviously, artificial intelligence has the potential to cause all kinds of headaches for neobanks, with fraudsters still finding new ways to use AI to their advantage. The massive proliferation of malicious bots also means that fraudsters can carry out attacks at scale.The sheer number of assaults on neobank security systems often means it’s only a matter of time before fraudsters find a chink in the cybersecurity armour.
This is particularly significant given the huge growth of phishing as well: Social engineering is further exacerbating the threats that the evolving digital landscape is posing to neobanks and their customers.
With this in mind, neobanks need to be careful of attacks that come in via customer accounts that could be the victim of account takeovers. Fraudsters are increasingly using AI to generate convincing phishing scams designed to fool customers into sharing their login details. Bots mean they can do so at scale, so it becomes a numbers game for the fraudsters – and if they try enough times, they’ll succeed.
Vishing – carrying out phishing attacks using a voice element – is another emerging threat that has been around for a while but is growing increasingly sophisticated as technology advances. Fraudsters can use it in a range of ways, from impersonating neobank employees to target customers, to stealing customers’ identities and impersonating them to try to access their accounts.
Other emerging threats target neobanks directly, rather than seeking a route in through their customers. New account opening fraud attacks are an example of this. Fraudsters are using synthetic identities and deepfake technology to bypass security processes and create accounts that appear to be for legitimate customers. They can then take out loans, spend beyond the given account limits and disappear into the ether.
Neobanks also need to defend against the growth of fraud rings over the coming years, as the availability of bots hugely expands the resources available to organized groups of cybercriminals. With increasingly manipulative social engineering tactics added into the mix, fraud rings are attempting to breach neobanks in a range of ways, meaning that the sector must look out for multifaceted attacks that encompass a wide range of elements.
Of course, neobanks must also be on the lookout for traditional fincrime as well. Their rapid transaction processing and use of digital infrastructure elements such as payment gateways mean they will always be a popular target for money launderers looking to “clean” their ill-gotten gains.
What security measures can neobanks take to defend their operations against these emerging threats?
Defending against emerging threats is all about being proactive. It’s about forecasting potential risks and vulnerabilities and putting processes in place to mitigate the associated threats.
Thankfully, just as technology has provided fraudsters with new tools, it has done the same for those rising to the challenge of fighting fraud. This means that neobanks have a range of sophisticated tools, technologies and methods at their disposal when it comes to shoring up their cybersecurity defenses.
One example outlined in this user activity monitoring guide relates to tracking users’ access to understand patterns of behavior and identify any anomalies that could indicate something is amiss.
Another is digital footprinting, which neobanks can use to investigate their customers’ online presence and identify any red flags (such as a lack of social media accounts). Device fingerprinting – establishing a user’s unique setup and assigning them a device hash – can also be used to flag any login attempts that don’t match the usual expectations.
In all of these examples, data is playing a key role in driving a smarter approach to fighting fraud. By understanding which actions and individuals pose more of a risk, neobanks can use dynamic friction to keep their procedures smooth for as many customers as possible while putting roadblocks in the way of bad actors. Educating staff and customers about emerging threats is also a must. A lack of awareness constitutes a major vulnerability these days!
It bears repeating that all of this needs to be ongoing as neobanks must keep one step ahead of emerging security threats if they are to counter them. It’s not a question of taking a snapshot of the fraud landscape then putting systems in place and relaxing – it’s a continual process, as fraudsters never stop evolving their attack vectors to embrace new technology.
What are the risks for neobanks that don’t get their security strategy right?
Neobanks that misstep when it comes to their cybersecurity can face significant financial loss, but that’s not the only risk. They can also suffer reputational damage, incur regulatory fines, and experience increased customer churn as a result of becoming victims of fraud. In addition, fighting fires becomes a major time drain for staff. This costs the business in terms of lost productivity and can also lead to decreased morale and higher staff turnover.
It’s a domino effect that can take a very long while to recover from. Prevention is definitely preferable to cure when it comes to cybersecurity and defending against the emerging threats that fraudsters pose to neobanks.
The huge potential for neobank growth means that the future is bright for these financial innovators. The World Bank reports that some 1.4 billion adults are currently unbanked. That’s an enormous opportunity for the neobanking industry. Unfortunately, where neobanks see opportunity, so do fraudsters, so constant vigilance and evolution of cybersecurity defence systems is essential.
About the Interviewee
The Co-Founder of SEON Fraud Fighters, the Hungarian startup that broke funding records, Tamas Kadar is also the founder of Central Europe’s first crypto exchange. In fact, it was serendipitous events right then that led him to start working on his own fraud prevention company, when he realized what was already on the market didn’t cover his needs. Starting with the bold idea of utilizing digital footprints and social signals to assess customers’ true intentions, SEON promises to democratize the fight against fraud. Today, the company protects 5000+ brands around the world as an industry-agnostic, fully customizable yet intuitive end-to-end fraud prevention solution that’s highly ranked in the industry