According to McKinsey, cybersecurity issues in the global financial services sector are not only growing in the number of incidents but also in scale, sophistication, and size. The World Economic Forum in 2018 reported that financial crime and fraud was a trillion-dollar business, noting that private financial firms spent nearly $8.2 billion on anti-money laundering strategies alone in 2017 (Uddin et al., 2020). In the financial services industry, cybercrime includes activities such as gaining access to financial accounts to initiate unauthorized transactions, identity fraud, stealing payment card information, and extortion. On a series of cybercrimes, researchers found that attackers used denial-of-service attacks, spear phishing, the use of infected systems in search of administrator computers, and stolen credentials to open a backdoor (Akinbowale et al., 2020) . In recent years, attackers have displayed advanced knowledge in the cyber financial environment and likely understood baking vulnerabilities, controls, and processes rising from siloed enterprises and governance.
Peter Persaud, a former banker at JP Morgan Chase, abused his position at the institution by selling personal identifying information of bank customers to confidential informants and federal agents. Persaud's activities were revealed in 2014 when he sold personal identification numbers for a sum of $2,500 to a confidential informant (Department of Justice, 2018). Later, he offered the undercover officer four additional accounts for $180,000. (Department of Justice, 2018) Court documents revealed that Persaud was accused of stealing customer account information in an attempt to use them to make unauthorized withdrawals from the accounts. During the initial meeting with the confidential informant, Persaud provided the agent with two documents containing their Chase account information and ways of identifying the victim, such as their chase debit card number, its security code, and expiration date, date of birth, social security numbers, and the bank account numbers (Bouveret, 2018). Wired transfer details from Western Union confirmed that the officer used these details to wire $2,500 from the customer's Chase account to a Pay-O-Matic check cashing store located in Corona, Queens.
Delegate your assignment to our experts and they will do the rest.
Prosecutors in the case noted that between 2011 and 2015, Persaud stole customer information and either sold or used it himself. Most of his victims were above 60 years old. Persaud's activities were brought into light after the informant he approached to sell the information informed the FBI of the situation (Department of Justice, 2018). This led to the informant wearing a wire and recording phone calls in later dealings with Persaud to gather evidence. Persaud was caught after he started offering the informant a set of higher value accounts, four of which had a total balance of over $150,000, for $17,000 (Department of Justice, 2018).
Persaud was sentenced to four years in prison for using his position to victimize unsuspecting customers after pleading guilty to aggravated identity theft in 2017. Also, the judge asked Persaud to return over $17,500 in proceeds from his activities (Department of Justice, 2018). As a result, the bank decided to offer free credit card monitoring services to the affected clients and refunded their monies related to the incident. The case is filed under U.S. v. Persaud, 15-MJ-00358, U.S. District Court, Eastern District of New York (Department of Justice, 2018).
In many ways, the financial sector synonymous with cybercrime. Terrorist funding, bank account theft, fraud, and personal data breaches are the types of threats affecting financial institutions. The critical infrastructure operated by financial institutions is a prime target for cybercriminals. The Phenom Institute and Accenture study revealed that bank customers lost more than $16.8 billion due to identity theft and other activities in 2017 (Uddin et al., 2020) . Also, the study reported that in the first half of 2018, financial losses in the U.K. due to cybercrime stood at £705.7 million (Bouveret, 2018) . Going over the years, several cyber-attacks have affected the financial sector. They include the 2017 data breach at Wonga which exposed personally-identifying information and bank account numbers of more than 270,000 people. The Equifax data breach that affected more than 146 million people led the company to be fined £500,000 in the U.K. – the maximum amount before the legislation of GDPR in 2018 (Akinbowale et al., 2020) .
In the eyes of a cybercriminal, sensitive customer data is of vital importance. As a result, attackers continue to get more sophisticated in their methods of acquiring critical information from accounting firms by accessing their networks, encrypting data, and destroying backups. After gaining access to data, also, the attackers threaten to post the data to online databases if their ransom demands are not met (Akinbowale et al., 2020) . It has become challenging to overestimate the financial implications of cybersecurity threats. However, the loss of sensitive, personally identifiable information results in the loss of reputation, customers, legal ramifications, reduced efficiency, and fines (Uddin et al., 2020) . Research shows that corporations with stained reputations, acquiring and retaining talent, costs approximately $7.6 million annually in financial outlays. In addition, global cybercrime is expected to grow by 15 percent annually over the next five years, reaching approximately $10.5 trillion annually by 2025, an increase from $3 trillion in 2015 (Akinbowale et al., 2020) .
To prevent cybercrimes and to better protect businesses and client data, enterprises should:
Provide security and awareness training to their employees. Lack of cybersecurity training is the leading cause of successful spear-phishing and ransomware attacks (Doffman, 2019).
Conduct regular risk assessments. Auditing a firm's critical infrastructure and customer information helps identify new loopholes for cyber risks (Doffman, 2019).
Risk-based and multi-factor authentication. For all users with privileged access and customers, risk-based and multi-factor authentication should be a mandatory requirement (Doffman, 2019).
References
Akinbowale, O., Klingelhöfer, H., & Zerihun, M. (2020). Analysis of cyber-crime effects on the banking sector using the balanced score card: a survey of literature. Journal Of Financial Crime , 27 (3), 945-958. https://doi.org/10.1108/jfc-03-2020-0037
Bouveret, A. (2018). Cyber risk for the financial sector: A framework for quantitative assessment. SSRN Electronic Journal . https://doi.org/10.2139/ssrn.3203026
Department of Justice. (2018) . Former JP Morgan Chase Bank employee sentenced to four years in prison for selling customer account information . Retrieved from https://www.justice.gov/usao-edny/pr/former-jp-morgan-chase-bank-employee-sentenced-four-years-prison-selling-customer.
Doffman, Z. (2019). C ybercrime: 25% Of all malware targets financial services, credit card fraud up 200% . Retrieved from https://www.forbes.com/sites/zakdoffman/2019/04/29/new-cyber-report-25-of-all-malware-hits-financial-services-card-fraud-up-200/?sh=2e907c8b7a47
Uddin, M., Ali, M., & Hassan, M. (2020). Cybersecurity hazards and financial system vulnerability: a synthesis of literature. Risk Management , 22 (4), 239-309. https://doi.org/10.1057/s41283-020-00063-2
