Monzo Loses at Revenue But Wins in Security

Courtesy of William Iven

U.K. challenger bank Monzo has made headlines recently for massive losses that quadrupled year-over-year. Loses were recorded at £33.1 million ($43.6 million) in 2017, up from £7.9 million ($10.4 million) the previous year, according to the Financial Times. But customers may care more that the digital-first bank had a win when it comes to security.

Recently, Monzo revealed that it was proactive in replacing the debit cards of 6,000 customers who may have been affected by a Ticketmaster breach detected this past April.

BAE Systems, a UK-based defense and financial crime prevention and cybersecurity firm, helps challenger banks to make intel actionable.

“As a global defense contractor, we’ve been turning data into intelligence, usable, actionable intelligence for many years,” Colin McKinty, BAE Systems cyber security vice president, told Bank Innovation. “Similar principles we’ve learned from the government side that we apply to the commercial side.”

McKinty noted that once a threat is detected, not letting fraudsters know you’re on to them is key.

“You might find a command-and-control line, if someone’s got a bridgehead into your network, they’ll be setting up command control to ultimately exfiltrate data out of your network,” said McKinty. “Maybe you’ve found one of those, but you don’t know what else they’ve set up.”

A new report found that there were more command-and-control centers per 10,000 devices in financial services than all other industries combined. “For every 10,000 devices across all industries, 11 hidden HTTPS tunnels were detected. But in financial services, that number more than doubled to 23,” according to the June 2018 Vectra report. HTTPS tunnels are links that establish an unseen connection between two online locations.

As concerning as this is, HTTPS attacks are not the most common attack type in financial services. According to the report, data smuggles are most common, per 10,000 devices there were 47 data smuggling attacks compared with 5 HTTPS attacks.

The source of the breach Monzo uncovered was due to a malware attack on Ticketmaster.

Bank Innovation is awaiting comment from Monzo to understand the timeline of detecting the breach and sharing details with customers.

2 - Readers Like This Post