In response to the recent highly publicized social engineering attack which resulted in bank customers losing significant sums of money, Bank of Jamaica (the Bank) has acted swiftly to engage in dialogue, both internally and with the wider commercial banking sector, to discuss possible steps that can be taken to reduce phishing, smishing, vishing and other technology-based fraud.
The Bank recognizes that the increased reliance on technology for the delivery of and access to financial services has resulted in increasing cyber and social engineering attacks locally and globally to, among other things, steal data or funds. The Bank has therefore incorporated more robust reviews of banks and other licensees under the Banking Services Act (BSA) using data analytics to assist with faster identification of gaps in systems and measures that could pose a risk for criminal activity including cyberattacks.
Additionally, banks and other licensees under the BSA, are required to have in place effective mechanisms and system controls to protect and mitigate against the risk of cyberattacks and other fraudulent activities. Given the evolving nature of the cybercrimes landscape, the licensees’ Board and Management are expected to be proactive in managing this risk. Our efforts are also complemented by the Cybercrimes Act which criminalizes such activities.
In recognition of the fact that even with robust technology systems, banking customers may still become victims of fraud through social engineering attacks where they are manipulated into compromising their own information, we implore our licensees to increase their vigilance and be proactive in educating the public on ways to protect themselves and their money.
The Bank has been and continues to be a strong advocate for financial literacy and has been utilizing programmes such as “Under the Law” to increase awareness of customers’ in accessing financial services as safely as possible (i.e. ensuring only licensed service providers are utilized and information is only shared in the manner stated by the licensed service provider).
We encourage banking customers to, if even in the slightest of doubt, call your financial institution to verify the authenticity of any communication from any email address, text message or via telephone purporting to be your bank before divulging sensitive information, especially if this is information that your bank should already have in its possession.
