Technology is constantly evolving, so banks and other financial institutions must keep revising their systems to keep ahead of cyber criminals, says Marlon Fetzner, director of Legal and Corporate Affairs for Latam New Markets at Microsoft.
"Criminals are always exploiting technology and looking for new vulnerabilities, that is why it is important for banks and other financial institutions to always invest in technology. You cannot purchase technology today and review it in five years. You have to be constantly looking for improvements. They must have awareness campaigns on the threats of cyber crimes," he said during a Skype interview conducted at Microsoft's T&T headquarters at Mucurapo Road, St James.
Fetzner is responsible for ensuring Microsoft's legal and regulatory compliance and he provides legal support and strategic advice on opportunities and trends in law and public policy to subsidiary business leaders, as well as creates ties with governments, industry and community organisations.
He weighed in to last month's skimming attack on the accounts of customers at RBC and other local commercial banks. Skimming refers to the use of fraudulent methods to obtain customer details from debit and credit cards at ATMs or points of sale.
Fetzner said while the term "cyber crime" is not always appropriate to cover illicit activities like bank skimming, all are technology related and must be dealt with.
"We do not have the specific details about what happened in T&T, but I can say it is hard to come up with specific data for T&T as cyber crime has no borders. Over the Internet, you can carry out a crime from Brazil to T&T banks, so there is no borders," he said, adding that criminals are now using technology to commit "old fashioned fraud."
"We have a programme in the United States where we are trying to fight and protect the under-served population. There is a lot of fraud over the phone where someone calls you and say he is from the IT department of your Internet provider and they detected that your computer is infected so they want to clean your computer. If you believe what they say and follow their steps you will infect your computer and give them access. It is an old fashioned techniques merged with technology," he said.
Fetzner said Microsoft has the digital crime unit (DCU) to investigate botnets. This is where a number of computers, unknown to their owners, are set up to forward transmissions, including spam or viruses, to other computers via the Internet.
"People try to steal credit card numbers online from computers so we do investigations and co-operate with authorities to take down those botnets. We have maps to show this takes place in multiple countries and the people who are involved in organised crime are in different countries."
He recommended that local banks and financial institutions collaborate to combat these technology-related crimes.
"In Brazil, there is the Brazilian Banking Association. This organisation is very strong in bringing banks together to discuss new technology. It is important to find similar solutions," he said.
Edison Stephen, public sector director at Microsoft, who sat in on the interview in T&T, said they are seeing an increased number of cases locally where new technologies are mixed with old fashioned fraud.
"The one we have been seeing a lot is someone calling and saying they are from x provider and the customer's machine is infected. They offer advice on how to do things. It exposes the machine. We have also seen in past years someone pretending to help others in the ATMs and stealing their PINs," he said.
Social engineering
Marcelo Tozin–a security architect who supports clients with Microsoft technology, local area network (LAN) infrastructure and Cloud computing, and who spoke in the Skype interview from Brazil–said, while many positive things can be learnt with the Internet, it also provides new opportunities for criminals.
He referred to social engineering, a technique where criminals use technology to get access to people's passwords, account and other personal data.
"Why do you have malicious people who seek techniques to get your personal information? Someone may go online to learn new things and come across how to get into a bank account. Banks must really come together to discuss ways to help each other and implement one resolution or agreement whereby they can protect themselves from this," he said.
Stephen said there is a constant battle to stay ahead of the cyber criminals.
Tozin said Brazilian banks placed infra-red systems at ATMs to detect if anyone was standing there but criminals uses aluminim to cover themselves and nullify the infra-red systems.
"Right now, in Brazil we are trying to deal with the situation. Hackers are always looking for ways to escape or avoid these systems and technologies."
Tozin said banking fraud is a big problem in Brazil. The 2013 statistics from the Banking Association show that US$500 million was stolen through banking fraud. He said Brazilian banks are considering using biometric systems–like face scanners and fingerprints–to combat cyber and ATM fraud.
Tozin said the chip technology in credit cards, as opposed to magnetic strips which are still standard in T&T, have been shown to reduce 95 per cent of fraud.
"But already you have new ways of cloning this chip, so it is not the final solution in technology."
Microsoft's digital crime unit
Fetzner said Microsoft's DCU monitors systems and platforms across the world that their clients use.
"We have online investigators and people who have previously worked with the FBI and other law enforcement agencies. We also have a group of lawyers who work with the investigators. They get infections, they reverse engineer in order to find where the virus comes from and identify who is responsible. We then get a court order to authorise taking over of the botnet. After the court orders we become owners of that network and we have the IP addresses," he said.
"It started years ago as a unit going after online piracy and evolved into an investigation team fighting cyber crime."
