Digital banking (online and mobile banking) makes managing finances easy. We live in an increasingly online world where, thanks to digital banking technology, we can pay bills, deposit cheques and transfer money from wherever we are located. Sadly, in the last several years, there has been a surge in attacks by cyber criminals who target banks’ systems to steal data and money from customers.

The Financial Services Arbiter recently decided on two complaints made by Bank of Valletta customers who argue that the bank contributed to their being scammed by cybercriminals through its negligence. Through his decisions, the arbiter introduced an essential principle that apportions negligence on the part of banks and their clients in cybercrimes.

One of the core ways criminals target banks is through their customers. They prey on the naivety and ignorance of those who do not understand the dangers in the digital space and who they can trick into disclosing important information.

A BOV spokesperson argued with the arbiter that the bank “was fully compliant with the law and that the complainant was entirely to blame for being defrauded due to gross negligence”.

Banks have deep pockets and can resort to legal tactics to limit their liability to the bare minimum when they fail to protect clients’ assets adequately.

Still, the duty of care towards customers is a fundamental principle when professionals deal with ordinary people who may not always understand the complexities of modern technology. The arbiter correctly decided that banks must do more to observe their duty of care to their customers effectively.

In today’s society it isn’t easy to imagine functioning without smartphones, computers and internet communication. Our whole lives are thus contained in devices that fit in the palms of our hands. Thousands of bank customers receive ‘spoof’ e-mails and SMSs impersonating a bank’s website using a website similar to the original.

It is no longer a question of merely preventing cyberattacks. This has become nearly impossible. It is about being prepared for a cyberattack and having a response already planned out. Banks must continuously deploy new cybersecurity defences to counteract the ever-evolving world of cybercrime.

Bank customers must know what cyberattacks look like to prevent these scams from proving successful.

This is why investment in educating people must be more intensive. This includes teaching customers about the dangers of revealing their credentials and how to respond if they suspect an attempted fraud is taking place.

Acting quickly is crucial to preventing damage. But contacting the bank urgently is next to impossible as online help desk facilities are often inadequate to get a quick response and guidance from bank staff. Banks must invest more in efficient online customer support to assist people who need help in an emergency.

Today, many banks team up with third-party fintech companies because they believe they help them serve their customers more efficiently. However, banks can suffer badly if they partner with third-party vendors with poor cybersecurity. Banks must, therefore, select ITC partners with extreme care and caution if they want to avoid the consequences of reputational risk.

Protecting clients’ assets is the most fundamental purpose of cybersecurity in digital banking, especially in our increasingly cashless society, where more payments and transactions happen online.

Ultimately, the banks’ duty of care to their customers must be the topmost priority.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.