The new wave of frauds against individuals to steal money from checking accounts by impersonating telephone numbers and corporate websites has angered banks, which want telecommunications operators to tackle the problem and for the Government to get involved in its solution.
The discomfort of the entities focuses on practices such as vishing, in which clients receive calls from criminals with the bank’s telephone number, which leads them to end up giving personal passwords without suspicion. “It is a very serious issue, and the banks are not to blame. They are hacking a telephone line, and we must hold the operators accountable,” they say from one of the country’s largest banks.
The entities have detected an increase in scams, and warn that the problem is increasing. Last year, some technical meetings were held between banks, operators and the Government that were suspended while waiting for the new Minister for Digital Transformation, José Luis Escrivá, to form his team. The meetings resumed in mid-January.
From the telecommunications operators the silence is total. Although in the sector it is recognized that “any measure taken by the Administration that covers this task and maximizes the effectiveness of coordinated actions between the different sectors is always welcome.”
The Government limits itself to indicating that there are “still very preliminary conversations with technicians from the Secretary of State for Telecommunications”, but does not specify what topics.
However, among the banks the mood is more agitated and they want to elevate the meetings to a forum between banking employers, AEB and CECA, telecommunications companies and the Government. “This is going to get worse, and telecom companies are going to have to implement technology to solve it,” they say from another of the large Spanish banks. “Telecommunications companies are not putting up barriers to prevent deception,” they add from one of the two banking associations.
The National Cybersecurity Institute (Incibe) indicates that these days there has been a wave of smishing attacks, in which an SMS is used to direct the user to a fake website. It has been suffered by clients of ING, Abanca, Sabadell, Bankinter, Laboral Kutxa, BBVA, Santander, CajaSur, CaixaBank and Deutsche Bank, who have received texts warning of suspicious transfers of high amounts, blocking of accounts, processing of loans or unauthorized charges. “They try to create a sense of alert so that the victim feels the need to respond immediately,” they indicate.
“To fight fraud we understand that a holistic approach is necessary, covering all areas,” says Natalia Ortega, head of BBVA’s new global financial crime prevention unit. On the bank’s part, it is necessary to guarantee “that all the tools used in banking operations, from the app to BBVA’s own technological platform, follow the best security standards in the industry.” However, it is a “necessary but not sufficient condition”, and the involvement of clients is also necessary, she explains.
CaixaBank has warned of new frauds in which fake SMS and fraudulent calls are combined. “Cybercriminals know that the more complex the attack, the more realistic it will appear to the victim,” the bank warns on its blog. At Santander they recommend never giving out personal passwords, except within the entity’s app, and they have carried out 1,024 financial education sessions with an emphasis on the risk of fraud. In its latest complaints report, the Bank of Spain already warned that scam attempts through online means or with cards had doubled in just one year.
