The issue of skimming caught my attention when a Pastor raised it in a leading newspaper last week. I believe that many Barbadians experienced some level of frustration when dealing with some of our financial institutions. My own father complained loudly as far back as the 1970s. Some may argue that this is a feature of the Barbadian landscape and black Barbadians, they say, get a raw deal from our financial institutions. I have worked in a financial institution and I can say that this is not always the case.
However, the pastor’s complaint raises a more serious concern, which is the security of our money in these institutions. The world has changed considerably over the past 25 years. Most transactions are now done via the internet or electronically by swiping cards to pay for goods or services. Bank customers do not go the bank teller as often now; they go to automatic teller machines to extract cash, make deposits, and transfer funds among accounts.
Customers were robbed, yes, robbed, by some individuals who skimmed money from their accounts. Customers have a legitimate expectation that their money would be secure when held by a bank. Banks as fiduciaries have a responsibility to ensure that a customer’s money is not stolen from him; in other words, the banks have a duty of care. This duty of care was breached when customers’ money was extracted from their accounts via automatic teller machines by individuals who were not account holders at our banks. As a result, account holders suffered loss and damage. This marks the second time within recent years that such breaches were experienced by banks. It is hoped that these accounts will be replenished with those stolen funds within a reasonable time.
At the same time, as it was a robbery, customers should report the matter to the police along with the banks. The banks may have their own internal procedures when dealing with these types of matters; consequently, it may take some time for customers to be refunded their monies. Banks should, however, be as transparent as possible in this situation. Apart from outwardly cosmetic adjustments instituted after the first instance of skimming activity in Barbados, there has been no publicly available information to reassure customers that banks are hardening their computer systems to reduce, if not eliminate, such activity.
There is also the issue of credit card fraud, phishing scams and other electronic forms of computer and cybercrime. It may be prudent, one would think, that the finance industry as a group would endeavour to educate customers and the public about strategies they can use to minimize the risk of being victims of such criminal activity. In addition, financial institutions’ information consisting of customers accounts and personal data can be captured by cyber criminals and used as a means to extort a ransom from financial institutions for its return. This has occurred in more advanced countries and while not generally made public as it would cause these institutions much legal mayhem, it would be wise that we, in this jurisdiction, take appropriate measures to guard against it.
If such matters continue, where persons from outside our jurisdiction steal money from the customers of the financial system using cybercrime techniques, it is only a matter of time before customers seek legal redress against the financial institutions which hold and manage their accounts. The question is – what strategies are being employed by these institutions to mitigate the risk of skimming and other cybercrimes being used to infiltrate these financial institutions?
There are methods by which such risks can be minimized if not eliminated. We have recently noted an introduction of smart cards both for credit and debit transactions, which makes it more difficult to steal account information. There are artificial intelligence systems used by large companies on their computer networks; large financial institutions use these systems as well in developed nations to track customer buying habits. Artificial intelligence systems are also used to protect customer accounts from being hacked by tracking customer habits and when unusual transactions occur, these are immediately flagged, and investigated. As far as I am aware, there is only one financial institution in Barbados which makes use of this type of technology.
The reason for this lack of interest by financial institutions here may be the cost of investing in such measures and the fact that a significant number of financial institutions are controlled from outside the region. Therefore, decisions to invest in such technology may not be made in Barbados. Costs for the purchase of the hardware and software systems as well as the training of staff in all the cybercrime techniques and the hiring of additional human resources to manage such systems are considerable.
When examined from a cost benefit perspective, the management of these institutions may not deem such strategies as cost effective. However, our policy makers and regulators must insist that proper systems to protect customer account information and monies must be one of the criteria by which financial institutions are allowed to operate in this jurisdiction. One of the reasons banks here have lost correspondent banking relationships is the perceived or actual weaknesses in our regulatory systems. This includes the weakness with respect to cybercrime prevention.
This is a matter which requires policymakers to examine and upgrade the legal framework governing computer based and electronic crime. In addition, the regulatory agencies must require the financial institutions to pay particular attention to combating cybercrime.
Edward Hunte, an attorney-at-law, is the holder of an MBA with concentrations in Economics & Finance. He was also an economist with the Ministry of Finance and Economic Affairs.