Fraud: An Alarming Lack of PreparednessNeira Jones on Global Fraud Threats, Strategies
Today's sophisticated fraud threats are daunting. But security adviser Neira Jones is more concerned about financial institutions' lack of preparedness to face these threats.
"We see time and time again, technology evolves at a [rapid] pace," says Jones, a security expert with deep experience in financial services. "But it really saddens me that, at the end of the day, [financial institutions] still have a lack of awareness, and people are still not fixing the basics, so they can be better prepared to fight the criminals."
In Europe, the shift to EMV has curtailed card-present fraud, but financial institutions see a great migration to card-not-present, mobile and other forms of payments fraud, Jones says.
How can institutions improve their preparedness? A good start is to just get back to the security basics, Jones says. Assess risks and patch known vulnerabilities.
"I know Heartbleed has been in the news very recently," she says, "but if we look at something even simpler than that, such as the SQL injection, still organisations haven't fixed these types of [vulnerabilities]."
Jones also calls for more emphasis on threat intelligence sharing, which she describes as "Not only good for business, but bad for criminals."
In an interview in advance of the London Fraud Summit, where she will deliver a keynote address on Global Fraud, Jones discusses:
- Global fraud threats of top concern;
- Why banking institutions are ill-prepared to face these threats;
- What's needed to improve anti-fraud defenses.
More than 20 years in financial services made Jones believe in change through innovation and partnerships. She is regularly invited to advise organisations at the board level and address global audiences on payments, cybercrime, risk, information security and business turnaround. She has directed many global change programmes, launched new products and services, and has managed process re-engineering practices. Jones strives to demystify payments, risk and raise cybercrime awareness whilst promoting digital innovation.