Digitization has transformed banking activity. Today, technology has become the great ally of entities, which seek to provide a better service to their customers. Altogether, European banking plans to invest around 62,000 million euros to be competitive in the technological field, according to the consulting firm Celent. In Spain, Santander allocates some 2,000 million euros to technology per year; BBVA, 800 million; CaixaBank, close to 430 million; and Bankia expects to invest 1,000 million until 2020. But the technological bet can pose a threat. Every second more than one computer attack occurs in Spain and in 2017 alone there were more than 123,064 online frauds against companies and individuals, 7% more than a year before, according to the National Institute of Cybersecurity (Incibe). Spain is the third country most affected by these crimes, behind the United States and the United Kingdom. The proliferation of thefts, with methods ranging from the most basic phishing (sending emails to obtain confidential user data) to the most sophisticated hacking formulas, are the order of the day, and banking is one of the most susceptible sectors.
Data Protection Act
On May 25, the new data protection legislation comes into force. The directive obliges entities to work proactively to safeguard their information and that of their clients and establishes penalties with fines that can reach 4% of revenues if they do not comply with the stipulated security requirements. You may hire a hacker here hacker for hire UK
The banks have started to work to face this threat and have insurance that covers the consequences of hacker attacks. Santander has contracted the hedge of its cyber risk with Zurich Financial. While BBVA, CaixaBank, and Bankia have signed protection policies against computer fraud with AIG in recent months.
On average, a cyber attack on electronic banking services has a cost for an entity of 1.6 million euros, according to the cybersecurity company Kaspersky Lab.
In this scenario, it is worth wondering if it is always the bank that responds when a user is the victim of a computer attack. It all depends on the method and channel used, but in most cases, the user will get their money back easily.
Phising’
If criminals access the account of an individual after obtaining the access and electronic signature codes, the entities are the ones that take charge of the stolen capital, provided that it is proven that the consumer has not acted fraudulently or has incurred gross negligence by not adopting all the adequate protection methods, they point out from the entities.
At BBVA they ensure that all claims are investigated by cybersecurity specialists. And Santander points out that they help the client and the authorities in the investigation of each case, to detect the responsibility of the crime as soon as possible. Today, most of the sentences agree with the victims of phishing fraud, according to the OCU, which clarifies that this type of scam is becoming less and less because the entities have strengthened the identification systems.
Hack straight to the bank
If the computer attack reaches the security systems of the entity and with it the hacker accesses the clients’ accounts to steal their money, the regulations also protect the consumer. That is, the bank has the obligation to return the number of unauthorized operations. And in the worst case, if the fraud were to such an extent that it even compromised the solvency of a bank and it could not restore the stolen capital, consumers would be covered by the Deposit Guarantee Fund, which guarantees up to a maximum of 100,000 euros per holder and entity.
Credit cards
When a user purchases a card, the contract carries a series of insurances that cover all kinds of contingencies, including computer fraud. But you have to distinguish between two types.
It is one thing when there is a duplication of the card, that is when the user keeps the plastic in his pocket but detects strange movements in his account. In these cases, the bank must return the amount of the unauthorized operation to the customer.
On the other hand, if the fraud occurs after the theft or loss of the card, the client will be responsible for the first 50 euros, except in cases of fault or gross negligence. This limit is established in the new directive that will come into force this month and is lower than the previous one, which was 150 euros.
However, the entities make it clear that for the reimbursement of cybercrimes to be carried out, it is essential that the client report to the National Police. Also, the return of the principal can take time.
Finally, the banks warn that there is no greater defense than prevention. For this reason, they include on their websites advice on how to avoid attacks and give formulas for maintaining optimal security codes.