Cyber Security firm, E-crime Bureau, has warned businesses in Ghana may have to brace themselves for more and worse cases of cyber-fraud in the coming years unless they invest a lot more in their electronic security systems.

It follows last week’s ATM fraud case involving two Bulgarians who reportedly caused series of unauthorized withdrawals from the accounts of their victims.

The two fraudsters were arrested following a formal a complaint by Prudential Bank Ghana whose customers were affected.

Speaking to JOY BUSINESS, the Founder and Principal Consultant of E-crime Bureau, Albert Antwi-Bosiako noted this is only a wake-up call for businesses across all sectors to channel more investments into cyber security to avert possible attacks in the near future.

“At least for the next five years, we are going to see complex and sophisticated cyber-attacks and out of that a lot of investments will be made in terms of the cyber environment," he said.

It is not just the banking sector, it cuts across all sectors – including SME’s; they are all suffering cyber threats.

Remember we are living in an information technology age now where everything has a cyber platform. 

E-governance is there from the governance side, the telecommunication side, e-commerce so we are expecting one thing for sure - more complex attacks until we come to a level that maximum attention is given to security and investment in that area” he noted.

On the 15th May 2016 more than 13million dollars were also stolen within a period of 3 hours from the accounts of customers of Standard Bank in South Africa. 

Here, the criminals targeted database systems rather than just individuals - involving more than 100 perpetrators and more than 1500 ATM machines in Japan to cash the money.

Critical role of banks

The bureau is also impressing on universal banks the need to pay more attention to the roles of their staff - citing background checks on staff before recruitment as well as training on security protocols in electronic transactions. 

Mr. Antwi-Bosiako explains, this has become even more critical because of the paradigm shift where most banks are now focusing more on electronic products and services (e-banking).

“Sometimes internal employees also aid the process. They might not be aware but indirectly they might be giving assistance to the perpetrators who are outside and so should be cautious. 

Good banks do background checks on their employees as well as training so they become aware of some of these risks. Also is general HR and welfare. 

You could have few people who have gone in there for their own malicious intentions and these are the areas that the banks risk strategies in addressing them” he noted.

Customer-Alert

According to E-crime Bureau, Cyber attackers are targeting weak databases and payment card channels and using this information to create duplicate cards for ATM transactions or shopping online.  

Isolated ATMs in unsecured locations, it says are also being targeted for skimming attacks, which are later used to reproduce victims’ cards.

The bureau is therefore urging users of financial services to be more security-conscious in their everyday transactions.

“As a user of ATM services, you need to be aware of the security implications. Where do you store your card for example? You see the cyber security culture of Ghanaians is minimal. We need to step up our thinking on security," he explained. 

"Somebody meets you at the ATM machine holding a physical scheming device pretending to be a technician and offers to help you to withdraw due to a system upgrade and you accept. In such instance, your details have been given out completely. Sometimes the fraudsters also intercept these details through emails where phishy links are sent to customers for them to enter their ATM details for a system upgrade. These are all common tricks they use which customers need to be aware of,” he added.

The increasing integration of visa and master-card payments into traditional cards, though secure are said to be providing avenues for card data to be stolen and exploited. Newer technologies like the "Contactless Infusion X5" are also said to be making possible to clone payment and ATM cards without physical exploit – a relatively cheap option ($700-800)for  attackers.