News

Ransomware attacks increase as more people work from home

Wilbur Rodgers
June 30, 2020
2 minutes read
381

According to a study published by the cybersecurity firm, Proofpoint, there has been an increase in the number of email-based phishing attacks used to deliver ransomware over the past few months.

Proofpoint noted a surge in phishing-based ransomware attacks during the COVID-19 pandemic https://t.co/rsDBxt7ZNY

— Cointelegraph (@Cointelegraph) June 29, 2020

As per the report, first-stage deployments of ransomware are reportedly increasing and have mostly targetted the United States, France, Germany, Greece, and Italy.

The attacks seem to be capitalizing on the large number of people now working from home during the Coronavirus pandemic. Research indicates that the ransom demands are very low in comparison to the amounts usually noticed in these attacks.

Previously, a ransomware application called “Mr. Robot” has successfully targeted numerous people and businesses across the United States. Findings imply that this has changed in previous months, however, with home users becoming the major victims of the attack. To display the software’s new utilization, ransom amounts have reduced to as low as $100 in Bitcoin (BTC).

Ransomware is known as Avaddon distributed over one million messages in a single week. It too is known to target U.S. companies and individuals.

The hackers behind Avaddon usually demand $800 ransom payments, that too, in digital currency. Surprisingly, this particular team provides a “24/7 support” service to its victims, offering them advice on how to pay the ransom and how cryptocurrencies work.

Recently, the Cybersecurity firm Symantec blocked a ransomware attack focused at 30 U.S.-based firms and Fortune 500 companies.

Latest News

News
Lawyers in Malta Lag Behind in Complying with AML Measures
Malta obliged the various sectors to comply with risk assessment measures. According to the Financial Intelligence Analysis Unit, the legal industry is lagging behind in complying with these measures.

Only 57 per cent of the legal businesses had a system for business risk assessment (BRA) in place the previous year which places the legal industry at the bottom of the list of sectors for compliance requirements including credit institutions, gaming companies, service providers, auditors and accountants.

However, FIAU is driven to gain more compliance management measures from the listed sectors. The overall results indicate that the improvement was seen in every sector as Malta continues to focus on its fight against money laundering terrorism funding.

Business Risk Assessment is a tool through which the members of the financial services can analyse the risks attached to a client and which measures can ensure minimized risks. This tool is a part of anti-money laundering compliance.

FIAU reported a significant improvement among real estate agents that shot up to 73% from 40% in a year regarding the Business Risk Assessment.

Credit institutions made it to the top of the list with a 100% increase in having the Business Risk Assessment in place and the financial institutions made it to the second with 94%.

“The FIAU acknowledges the subject persons’ commitment to engage consultants to assist them in carrying out certain anti-money laundering and financing of terrorism obligations. However, subject persons remain solely responsible for the BRA and most importantly should ensure that they have knowledge of both the content and result of it,” the FIAU said.

The FIAU highlighted that the BRA must not be a side document that the operators are required to fulfil. It must be tailored to represent the business operations, scenarios, and models.

The financial watchdogs revealed that a number of operators took the help of consultants to carry out the risk assessment and they were responsible and understood the importance of the exercise.

FIAU analysed one risk assessment and discovered that “An operator listed the application of client due diligence (CDD) measures as a safeguard against risks arising from exposure to politically exposed persons (PEPs).” FIAU added, “This is not sufficient given that CDD measures are to be applied in all circumstances irrespective of the risk level. In cases PEPs, subject persons are expected to define in more detail the type of enhanced due diligence measures to be applied.”

Recent Posts

Blog
Periodic to Perpetual KYC — The Changing Landscape in Banks
The employment of effective Know Your Customer (KYC) procedures has long been a challenge for financial institutions, resulting in investments worth billions of dollars and numerous non-compliance penalties for major industry leaders. To counter the complexity and inconvenience of conventional methods of identity verification, KYC procedures must evolve in a way that lowers down the cost for a company while also maintaining regulatory compliance.

The Current State of KYC in Banking

In a traditional set-up, KYC processes are implemented on a periodic basis, with the frequency of the reviews varying between every financial institution. However, a significant amount of deficiencies within the traditional periodic KYC process have reinforced the need for a transition.

But before we get to that, let’s take a look at what happens in a periodic KYC review process.

What is KYC Periodic Review?

Periodic KYC involves the simple procedure of submitting the latest identity and address documents to the bank. This is initially done when the customer opens a bank account and the information is then updated at periodic intervals.
The Periodic KYC Process

Typically, compliance officers review the following elements during the periodic AML and KYC process:

Review of the customer’s information: This includes collecting and verifying their full name, date of birth, address, ID number, and the collection of the customer’s original ID documents to identify any material changes

Screening of the customer against global and country-based watch lists and sanctions

Reassessment of risk ratings in case of substantive changes in the ID documents (e.g. a different residential address)

Periodic review of the customer’s transactions and comparing it against forecasted account activity (this is generally performed via fully automated identity verification and screening tools)

Detection of potentially suspicious activities

Pinning Down the Problem

Responding back to periodic KYC data requests made by the bank drives customers crazy if handled incorrectly. At times, customers are even required to show up in person to have their documents verified. For most businesses, the emergence of artificial intelligence-backed identity verification solutions has eliminated the need for such manual methods of document verification. Nevertheless, a high amount of inefficiency still remains.

KYC experts are often caught up between the expectations of the bank and the customers. Repeatedly requesting for additional documents results in unsatisfied and frustrated customers — a situation that can prove to be detrimental to the financial well-being of a company.

With the bar on compliance being globally raised, the costs and resources associated with secure customer onboarding and periodic KYC checks have increased exponentially. Because of this, KYC procedures are often placed at the bottom of to-do lists, which ultimately harms the bank in the form of hefty non-compliance fines on top of reputational damage.

Is There An Alternative?

A basic solution to overcome the above-mentioned problems is to analyze the KYC process from the perspective of the customer i.e., the KYC procedures within a bank must be designed in such a way that the experience of the customer is optimized.

With the help of digital strategies – such as online customer portals, support for multiple channel communication, and direct engagement with bank branches or relationship managers, the inherent friction in obtaining the necessary customer documentation can be substantially reduced.

Further improvements in the efficiency, productivity, and customer experience can be gained by shifting from periodic KYC reviews to perpetual KYC.

What is Perpetual KYC?

In the perpetual “know your customer” process, also known as ongoing KYC, the information of the customer is updated based on specific triggers or events, rather than on the specified amount of elapsed time. Triggers for perpetual KYC can be determined by the bank’s internal KYC policies. Typically, it includes any event that indicates outdated information.

Once combined with robust KYC verification tools, customers can be engaged in the KYC process in a manner that makes sense to them and is not deemed as burdensome.

By gathering updated customer data on an ongoing basis, risk profiling can be enhanced which allows a bank to particularly focus on the customer accounts where the information or circumstances are changing. Additionally, whenever minor non-material changes occur, AI-powered automated processes will be updating records continuously.

What Makes Perpetual KYC Standout?

Due to ever-increasing AML and KYC regulations, having accurate and up-to-date customer information has become more crucial than ever. If banks aim to sustain themselves in a highly competitive market, they need to adopt a data-driven approach and perform ongoing KYC verification on their customers. The benefits of perpetual KYC include but are not confined to:

Mitigation of Friction in the Customer Relationship

For periodic KYC, relationship managers act as the middlemen. They are responsible for requesting current information and additional paperwork from customers and communicating this information back to KYC compliance officers. Repeated requests and resulting transaction delays, however, cause customers to feel dissatisfied with the bank’s customer service. This can result in long-lasting damage to the relationship.

Moving towards perpetual KYC procedures can eliminate this friction by greatly minimizing requests from clients. Customer information is updated based on event-based triggers, rather than a pre-defined period of time.

Risk Reduction

Imagine a scenario where a bank has onboarded a low-risk customer. In periodic KYC, their information is refreshed once every five years. After one year has passed in the five-year review period, this individual is nominated as the director of a firm and becomes a UBO. In addition, that firm’s parent company is domiciled in a high-risk territory. Unless the customer communicates this change to the bank, it may be left undetected for another four years. This can potentially increase the risk of financial crime exposure of the bank.

On the other hand, if this same bank had shifted towards perpetual KYC, the change in the customer’s circumstance would have been identified in mere seconds. Consequently, it would have initiated an immediate review and an updated risk assessment.

Key Takeaways

In a traditional set-up, KYC is implemented on a periodic basis

Periodic KYC has now become insufficient due to higher costs and lower levels of customer satisfaction

Perpetual KYC has the ability to fill these gaps and provides an edge in the form of risk reduction and elimination of friction

Ransomware attacks increase as more people work from home

The Current State of KYC in Banking

The Periodic KYC Process

Pinning Down the Problem

Is There An Alternative?

What is Perpetual KYC?

What Makes Perpetual KYC Standout?

Mitigation of Friction in the Customer Relationship

Risk Reduction

Key Takeaways

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.

Sweden

Cyprus

United Kingdom

Dubai

Add to your Homescreen!

Ransomware attacks increase as more people work from home

The Current State of KYC in Banking

What is KYC Periodic Review?

The Periodic KYC Process

Pinning Down the Problem

Is There An Alternative?

What is Perpetual KYC?

What Makes Perpetual KYC Standout?

Mitigation of Friction in the Customer Relationship

Risk Reduction

Key Takeaways

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.

Add to your Homescreen!