News & Commentary

09:45 AM
B.C. Krishna, MineralTree
B.C. Krishna, MineralTree

Banks Face Crisis of Trust with Their Small Business Customers

Small businesses are increasingly targeted by fraudsters, requiring banks to better tailor security strategies to fit their small business customers.

Small and medium-sized businesses (SMBs) are under attack.

There are over 25 million SMBs in the United States – each with a business plan and a dream to turn an innovation, service, or hobby into a lasting monument to resourcefulness, perseverance and hard work.

For SMBs, growth (and indeed, existence alone) brings risks, and nothing can be more devastating and confusing than stealthily losing hundreds of thousands of dollars to fraud schemes that exploit relationships that they normally trust – their banking relationships. The breakdown in trust is hugely damaging for both parties, and often results in costly lawsuits.

Businesses may believe that fraud can’t or won’t happen within their organization, but we all know that fraud is an equal opportunity crime. Creative fraud schemes, a lack of fraud awareness, limited security resources, and downright denial have conspired to give rise to SMB losses that are reaching epidemic proportions.

[See Related: Getting the Customer Involved in Fraud Prevention ]

Precisely tabulating losses is extremely difficult, but recent data shows that more than half of small businesses have suffered a data breach – and nearly a third of all cyber attacks in 2012 were aimed at small businesses. While some reports suggest that both the number of incidents and the loss per incident is down, the reality is that fundamentals have not changed: fraudsters are creative, fraud is an industry, small businesses have limited resources, and denial is rampant.

For banks, the rise of cybercrime on small businesses presents a new opportunity – not to drive new revenue, but to reinforce the reason why small business choose banks in the first place: trust. In fact, by not effectively addressing SMBs’ security concerns, banks risk shaking the foundations of their customer relationships.

Reality Check

Security experts have long focused on promoting smarter banking strategies and building powerful tools to fend off cybercriminals. Both small businesses and their banks invest a lot of time and money to ensure the security of sensitive information, yet the cyber-assault on SMBs continues.

The primary issue is that technologies and policies put forth by banks are not always practical on a small business level. Many common security strategies – such as consistently patching vulnerabilities, ensuring antivirus programs are up-to-date, limiting banking activities to certain devices – are practical for most large corporations, but can be problematic for small businesses. With small business owners often already stretched too thin, the time and commitment required to maintain security falls off the radar.

Additionally, many small businesses don’t fully realize the security risks they face, or fail take the threat seriously – even though evidence that SMBs are likely to be targeted by cybercriminals piles up.

But this reality doesn’t excuse banks from providing optimal security – in fact, with banks’ reputations and customer relationships highly at stake, banks need to be leaders for small businesses in protecting sensitive information, go above and beyond what is required, and act as a true security partner.

The Security To-Do List for Banks

The industry can’t force every single small business to dedicate time, resources, and focus to security – so it’s up to banks to ensure that normal, everyday payment behaviors are secured. Banks can strengthen the security standing of their small business customers’ payments by embedding secure protocols into the services they offer, and by educating SMBs on the must-implement security practices, including:

• Two-factor authentication, which requires two forms of identification – often a physical token and digital code – to complete a transaction.

• Transaction verification, which ensures that the content of the transaction is accurate.

• Transaction monitoring, which continually monitors transaction activity, and sends alerts when something is amiss.

• Segregation of duties, which adds a layer of security by requiring at least two people to approve and process a transaction.

• Multi-stage approvals for large payments, which places an additional degree of control and security in the hands of the business making the payment.

More importantly, banks need build secure solutions that simple, seamless, and packaged in a way that they can easily be adopted, to ensure that more customers are using the most secure tools possible. Additionally, banks should build these protocols an inherent feature of their payments and online banking services – not offer them as value-adds. The value for banks stems from the competitive advantages and increased customer loyalty gained by becoming a better security partner.

Implementing the Security To-Do list can be a challenge for banks – especially when their customers are SMBs. Security procedures are often seen as detracting from a friendly user experience, and banks are loathe to do anything that impacts usability.

But, it is only a matter of time before security becomes the selling point, and customers become aware of why they do business with their banking partners – trust, after all, is important.

Don’t Put Trust At Risk

The relationships between small businesses and security, banks and small businesses, and security and banks are complex. Banks rarely come up short when managing security for consumers and large corporations; investing in small business security, though, is an often challenging and uneasy task. But with their most valuable assets – trust, customer service, and reputation – on the line, banks need to transform the security risks and solutions for small businesses in order to deliver a more secure and practical payments experience for SMBs.

The cyber-attacks that small businesses face are a threat to banks, as well – to their reputations and their customers relationships. It’s imperative that banks overcome the disconnect that frequently occurs between them and small business customers, and establish a security-focused dialogue that ensures that customers’ trust in their banks is not broken.

B.C. Krishna is the CEO of MineralTree, which provides small business payments solutions to banks.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
9/11/2013 | 5:05:31 PM
re: Banks Face Crisis of Trust with Their Small Business Customers
Interesting article. Came across something on security
and managing information security risks that readers will find very usefulǥ

it offers good information on the need for robust security and managing
information security risks
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.