Cybercrime is a multi-billion dollar industry with the capacity to target any individual or corporation in the world. As the schemes engineered by cybercriminals grown in complexity and scale, so do the security measures put in place by banking organisations to fight back and protect customer data.
To learn more about cybersecurity in a Cambodian context, the B2B team of writers sits down with representatives of two of the major banking institutions operating in the Kingdom. We discuss the most common cybersecurity threats in Cambodia, and the ways banking institutions are ensuring a safe banking experience for their customers.
B2B: What are the most common cybersecurity challenges facing Cambodia?
Cynthia Liaw, CEO, Maybank Cambodia: There are a variety of cybersecurity challenges faced by customers and financial institutions, not only in Cambodia but around the world. Right from basic data protection issues—where customers may accidentally reveal to strangers their bank account information via email, SMS, etc—to phishing and advanced hacking of servers and emails.
ANZ Royal Management Team: Email hacking and phishing attacks are becoming far more sophisticated across the globe. It is a significant emerging trend with technology and awareness being the key mitigants.
B2B: How do you guarantee the security of your clients against these? What safety nets are in place?
Liaw: At Maybank, we adopt a series of measures to protect our customers’ information. There is always a threat to customers data in the phone or web browser (termed as “data at rest”) and data that travels to our servers and back (termed as “data in transit”). We continuously engage with our customers and educate them to not reveal their account information, to not click on suspicious email links, etc. Besides customer education, we spend a good amount of IT budget in securing our systems. All the customer information is securely encrypted, we do not store any information in our internet or mobile banking. Every digital transaction is secured via TAC (Transaction Authentication Code), which is a one-time code delivered to a registered mobile number of the customer. This prevents unauthorized transfers and payments via the digital channels.
ANZ Royal Management Team: The safety of consumers online is vastly enhanced through use of technology solutions such as internet banking. However, there is still a requirement for the consumer to undertake usual due diligence on password protection, payment details and payee identification.
We have a dual factor authentication log-on for use of our payments channel (2 separate passwords), and a permission suite for our clients to establish duty segregations within our online banking platform (read-only, initiator, approver) as suits the circumstances of the organisation.
However, customers still need to be careful and follow certain precautions: use online banking to ensure that there is a trigger when supplier bank account details are changed; call back your supplier to fully authenticate an invoice being paid or bank account details that have changed; be alert to signs of hurrying or pressure as these are indicators of fraud; and ensure your finance teams are aware of these risks and understand the mitigants.
B2B: What are some other concrete tips you would give your customers to enhance the safety of their online banking experience?
ANZ Royal Management Team: There are a number of key controls we recommend our clients to follow:
- Ensure you record your customer’s or supplier’s bank account details in your financial system so you notice when they have been changed.
- Try to avoid conducting business on personal web domains, which are less secure.
- Always call back a supplier or customer (using your recorded telephone number, rather than that given in the email) to confirm an invoice recently sent to you via email.
- Do not click on any link in any email if you are unsure of its origin.
- Emails which seek to hurry or create pressure are an indicator that the sender may not be who you think.
- Call back the purported sender of an email (not using the number in the email) if you are unsure.
- Use technology solutions to reduce your overall risk.
B2B: Do you anticipate e-commerce affecting current security measures? How so?
Liaw: Yes, we anticipate that e-commerce will pick up pace in Cambodia soon. We will see more Cambodians transacting online for airline ticket, cinemas, lifestyle, etc. In parallel, the security measures will be strengthened to avoid potential customer trust and fraud issues. We will see secure technologies like Verified by Visa deployed where every transaction is secured by a one-time password delivered via SMS.
ANZ Royal Management Team: Awareness of both the benefits and risks associated with e-commerce is increasing. As the market matures, users will be more demanding of providers when it come to the protection of their information and security. Our solutions already provide a high level of security for the user.