- The average data breach takes 45 days to remedy at a cost of $15 million (which doesn’t include regulatory fines).
- A single breach could bankrupt a small to mid-size business.
- 97% of all companies have already been hacked.
Lenders Held Accountable With No Clear Directive
Law enforcement and government regulatory agencies are fighting cybercrime with a 2-prong approach – criminal prosecution and prevention. They actively prosecute criminals for all types of cybercrime including: hacking, identity theft, money laundering and account fraud. Money laundering alone tops $500 billion each year. And this figure is probably the tip of the iceberg. The stealth nature of computer hacking makes it next to impossible to identify and physically locate the criminals. It’s an overwhelming challenge, which has caused regulators in the US to shift their focus from prosecution to prevention. They are forcing accountability onto individual lenders, and requiring stringent, documented cybersecurity programs. These government directed programs can be tricky to implement. Regulatory guidelines typically include a broad objective like, “Anticipate and prevent security issues.” The guidelines include suggestions on how to achieve the objective, but there’s no clear blueprint for implementation. Regulatory penalties can be severe when you don’t get it right. According to Boston Consulting Group, the worldwide fines levied against lenders since 2008 exceeds $321 billion. Fines imposed when poorly managed cybersecurity programs caused banks, and more importantly bank customers, to get caught up in money laundering and fraud schemes that may have been financing terrorist organizations.Digital Lenders Are Most Vulnerable

Cyber Safety, Lender Best Practices
At Turnkey Lender we’ve identified six cyber safety best practices that should be part of every lender’s playbook:- build a solid foundation
- turn staff into cyber warriors
- detect fraudulent loan applications
- prevent account takeovers
- identify cross-device use
- deploy a cloud-based lending platform.
Build A Solid Foundation
Lenders who treat cybersecurity like a DIY project are taking a big risk. Cybersecurity must be an ongoing initiative led by a designated cyber safety director. Your company should tap the expertise of both cyber safety and compliance consultants to help you develop, implement and maintain your program. Their experience should include a strong track record in the lending industry. And experience defending cybersecurity programs that were audited by a regulatory agency. They’ll start by reviewing your entire ecosystem for potential security gaps, including: data collection, storage, encryption, transmission protocols, and interfaces with outside third-party vendors. Mobile apps require special scrutiny, including: platform, servers, GPS receivers, cameras, sensors, social media accounts, etc. And you’ll want to monitor and maintain proper security over the life of a financial product, not just during launch. Your program will include four distinct components:- plans to protect against a breach
- plans to encrypt and obfuscate data in case of a breach
- plans to decoy data and lure attackers away from valuable information
- plans to respond immediately when a threat has been identified or an actual breach has occurred.
Turn Staff Into Cyber Warriors
The vast majority of system breaches are caused by employee error or third-party vendors who mishandle data. Unfortunately, hacking via these two entry points is on the rise. Help your staff understand how easy it is to cause a breach. That it’s no more complicated than opening an email attachment, installing a thumb drive on a network computer system, sharing a document via personal email, or installing a business program on a personal computer. Your entire system can be instantly infiltrated with the intrusion lying dormant and difficult to detect until triggered from an outside source. As soon as your team understands how they can become a hacker’s best friend (or worst enemy), then they’re already armed with the weapons they need to defend against an attack. Your company may want to connect with one of many employee education programs that specializes in teaching and reinforcing cyber safety practices. They can even conduct blind tests to show your staff how vulnerable they are to a cleverly designed Trojan horse. The high cost of a data breach makes these programs well worth the investment.Detect Fraudulent Loan Applications
Lenders are constantly balancing risk and reward. As the credit decision process becomes more automated lenders must determine the best way to use security filters to reduce risk. Underuse increases the risk of fraud as you approve more bad accounts, but overuse reduces sales revenue as customers abandon applications and go to your competition. Start by implementing basic security protocols for AML (anti-money laundering), CIP (customer identification program) and KYC (know your customer). An advanced approach is to participate in a global shared intelligence database that flags stolen identities in real time. These tactics can all be integrated into an automated system, where potential fraud is detected and prevented without any inconvenience to a good application.Prevent Account Takeovers
