See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/346996140

An evaluation of the effectiveness of cyber security initiatives in reducing

cyber financial crimes

Research · December 2020

DOI: 10.13140/RG.2.2.10454.47687

CITATIONS READS

0 51

1 author:

Joy Tobore-Agana
Bournemouth University
1 PUBLICATION   0 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

An evaluation of the effectiveness of cyber security initiatives in reducing cyber financial crimes View project

All content following this page was uploaded by Joy Tobore-Agana on 14 December 2020.

The user has requested enhancement of the downloaded file.

An evaluation of the effectiveness of cyber security
initiatives in reducing cyber financial crimes
Joy Tobore-Agana
Depertament of computing and Informatics

Bournemouth University

Bournemouth, United Kingdom

i7724625@bournemouth.ac.uk

Abstract- The main idea of this study is to assess the to criminal opportunities because our everyday
efficiency of current cyber security methods in the reduction or transformation and activities integrates with technology and
mitigation of online financial crime. The study applies the technical (computers, phones) devices.
analysis of wire transfer incidents in assessing established
cyber security measures, as well as makes recommendation for
future improvement. The review of literature reveals a gap
between the use of technical measures and psychological 1.1 SIGNIFICANCE OF STUDY
principles. The paper thus, recommends an empirical testing of
the research hypotheses to ascertain whether a collaboration of A report published by Scott [12], reveals average
both measures (socio-technical approach) will be a more wire transfer amount as $2million compared to $608 cheque
effective mitigation. payment and bank card transaction put together. Thus, it is
safe to say that a great deal of money is at jeopardy in the
Key words- cybersecurity, cyber-attack, socio-technical, online event of a wire transfer fraud. Yet, a payment system of
financial scam, wire transfer. such magnitude is governed by feebly developed legal
framework and disconnected body of common law. While
other payment systems such as cheque and credit cards are
1.0 INTRODUCTION
regulated by comprehensive statutory laws and private
contractual provisions [12]. Similarly, a research conducted
The scope of this study is to evaluate the state of cyber
by Yu [21] suggest that apparent comparative behaviour
security in the financial sector through the analysis of online
control encouraged respondents to use and maintain online
financial scams. The theft of money or other monetary
banking, as empirical result showed the superiority of
assets through technology aided activities is regarded as
internet banking to mobile or traditional banking with
online financial scam [16]. Hence, it is a finance-oriented
respect to user capability, personal usefulness, resource and
crime committed in the virtual space by means of
technology facilitating conditions [21]. Furthermore,
technology and internet [16]. This study aims to appraise
Scornavacca and Hoehle [11] argued that internet banking
security weaknesses, threats and methods employed by
(wire transfer payment) is an alternative channel through
criminals, in addition to current solutions and make
which banks deliver services and for their clients to also
recommendations for the future. A few systems
initiate required services on their own. The motivation of
vulnerabilities and threats such as people, technology,
this study which investigates the effectiveness of cyber
hackers, phishing shall be discussed to evaluate the current
security techniques in the reduction of financial crimes, is
state of cyber security [1]. Nevertheless, it is important to
therefore, born out of the need to secure online financial
note that there is a wide array of financial crimes, that can
platforms due to users’ preference, and the need to protect
be perpetrated through cyber space. They include wire
the financial industry because internet banking has become a
transfer payment fraud, debit and credit card fraud, money
viable alternative to service delivery and the continues
laundry and foreign exchange trading but wire transfer scam
growth of online activities in general [11].
or fraud is the focus of this study.

Wire transfer can be defined as the electronic

1.2 STRUCTURE OF THE PAPER
transmission or movement of funds from one bank account
to another, be it personal or corporate account [12]. This
The remaining sections of the paper shall be in the
mode of settlement caters for the transmitting of trillions of
following order. 1.3. Research questions and hypotheses
dollars annually, which surpasses bank payments made
which aims to establish a link between cybersecurity, online
through cards and cheques [12]. The rationale for choosing
financial crime, and user behaviour (cyberpsychology). That
wire transfer payments as the focus of study, is therefore
is, the relationship between the intended research, theory
based on the volume of transaction executed through this
and what obtains. Following that shall be the literature
means and because of the likelihood of an adverse impact,
review, 2.0. The section shall critically evaluate existing
meaning a great deal of money is usually at risk when a wire
literature with respect to cybersecurity and online financial
transfer fraud is crystalized and the negative ripple effect on
crime and the entire aim of study. Define key terms and
the economy [16]. Furthermore, Song [16] also argued that
highlight arguments associated with online financial crimes,
our lifestyles (behaviour) and daily events are tightly related
cybersecurity and cyberpsychology and share findings from
previous research. The section shall also evaluate security
vulnerabilities and threats as well as techniques used by
cyber criminals. Furthermore, the research gap and
contribution to literature shall be discussed in section 2.1
and the final section shall discuss the recommendation and
conclusion of the research in section 2.2
1.3 QUESTIONS AND HYPOTHESES
Research hypotheses are born out of the researcher’s
view on the relationship between theory and the planned
research [3]. Also, a properly defined research question
gives focus to the proposed study and enhances articulated
data collection [3]. Research questioning makes way for
credibility because it allows for scientific testing of the work
and new theories, methods, and formulas are developed
[13]. The following are the questions and hypothesis of the
proposed study.
1. Why do scammers target wire transfer mode of
payment, using social engineering?
2. Why does wire transfer payments account for more
volume of financial transaction?
First hypothesis- The volume of transaction via wire
transfer makes it prone to cyber attacks
Attack on wire transfer is not due to volume of transaction
Second hypothesis- There is a relationship between
cybersecurity and user behaviour
There is no relationship between cybersecurity and user
behaviour.
Third hypothesis- The application of socio-technical
techniques can create a safer cyber space and consequently
safer online financial services
Technology alone can create a safer cyber space and
consequently a more secure online financial service.
To meet the research objectives, this paper shall
seek to answer and test the above questions and hypotheses.
2.0 LITERATURE REVIEW
As inferred from ‘prospect theory’ cyber-attacks
will persist due to perceived gains. Evidence indicate social
engineers are dynamic in their assaults and have many
options [18, 2]. Nonetheless, users are unaware if, when or
how they will be attacked to adequately prepare a mitigation
strategy. Consequently, a key foreseeable issue of scalability
of cybersecurity methods and applications exists [10]. For
example, to mitigate against an attack, the social
engineering tactics or and time of attack is required to
sufficiently determine the right strategy to deploy. This is
unlikely going to be the case hence, cybersecurity
techniques may always lag since criminals are likely to be
ahead in their approach [10, 18]. Nevertheless, some
cybersecurity measures have been applied to tackle the
problem of cyber-attacks, such as the postulation by
Vermesan and Friess [19], that cybersecurity is the
integration of people and technology but acknowledges the
challenge of merging people and technology due to human
vulnerability. Although, human error is a notable concern,
yet companies must include people to technology and
processes to manage risk because only technology cannot
resolve cyber security issues [8, 17]. Consequently, as
technological progress brings more knowledgeable users
and smart devices, plus the campaign for cashless economy,
in addition to the covid-19 current realities, it is reasonable
to expect growth in online financial activities including
scams [2]. Therefore, it can be deduced from the above that
a rise in online financial activities will result in a concurrent
rise in cyber-attacks [18].
Nonetheless, a research by Williamson [20],
depicts the growth and benefits of online banking and
defines it as a banking platform that offers convenience and
flexibility. Allowing customers complete wire money
transfers, bill payments, quick loans, access to information,
lifestyle needs and other banking services. Additionally,
online banking is provided at lower cost than traditional
banking outlets and has continued to grow but not without
challenges. Troubled by cyber criminals, banks and
customers have repeatedly suffered huge losses due to
cyber-attacks. Phishing, pharming, data, and identity theft
are some of the issues faced. Therefore, cybersecurity
measures such as customer authentication have become
necessary to ensure safety of online banking platforms [20].
However, a review conducted by Scott [12] reveals services
like wire transfer only provides communication networks
and leave settlement arrangement to third parties. Thereby,
exposing users to counterparty risks like settlement risks,
which differ among settlement systems. While some defer
or postpone settlement to a specified period, wire transfer
settlement occurs at the time of transfer and establishes no
settlement rules but depend on correspondent account [12].
Even though Singh [14] discovered that time sensitive
consumers had preference for mobile banking because of the
“always on” functionality of mobile devices, but Karjaluoto,
[7] found that people considered internet banking (wire
transfer) cheaper and a preferred channel for banking needs.
Other users were attracted by the usefulness and purpose
that online banking provides which they considered a
substantial advantage [9]. While Scornavacca and Hoehle
[11] postulates that online and mobile banking are both
alternate routes through which banks provide services but,
they may differ in channel attributes and user preference.
Therefore, to develop effective systems capable of
protecting users from fraudulent attacks, it is important to
know which attack strategies works and why. Dhamija [4]
claims to provide the first empirical evidence of successful
strategies deployed by marauders to deceive unsuspecting
users. They found that 40% of infiltration was because users
do not look out for security cues in addition to visual deceit
techniques used to trick even highly advanced users. They
conclude that standard security indicators are ineffective for
a significant number of users but rather recommend the use
of alternative method (but the report was silent on the
‘alternative method’) [4]. Best case scenario illustrated by
the study reveals that even when users expect the presence
of spoofs and are encouraged to discover them, yet many
users are unable to distinguish a genuine website from a
fooled webpage. They found the best phishing site was able
to deceive 90% of participants [4]. Likewise, cyber security
programs have been conducted in response to cyber threats,
in other to alert the public about potential internet threats
but, these security awareness events do not guarantee the
public will understand the threats and take precautions [15].
Furthermore, they argued that the objectives of these events
are not reached because they did not address the behavioural
and precise attributes that leads to being hacked in the first
place. Therefore, supplementary technique is required to
tackle cyber security threats and to provide public
information [15]. Arguing that the attacker’s main goal is to
steal classified information such as personal information
with which they carry out their crimes, they further clarified
that cyber-attacks lead to potential losses like, theft of
sensitive information, corrupting viruses, and capture of
data in ransomware. These may and can be used to
perpetrate wire transfer fraud resulting in loss of income,
customer’s trust, risk of litigation against service providers
and perhaps the loss of entire business [15].
Besides, another major threat to online financial
transaction according to Sfakianakis [1], is Business email
compromise (BEC), targeting business executives and
employees in finance departments and human resource, with
the goal to defraud organisations of money and sensitive
information. BEC attacks reportedly accounts for over $12.5
billion of reported losses worldwide, between October 2013
and May 2018. 65% of members had experience BEC
phishing attacks at the time of reporting [1]. Showcasing
that cyber criminals’ lures targets using a social engineering
technique called phishing. They intentionally trap targets via
crafted legitimate looking messages and emails to open
malign attachments or click unsafe URL (Uniform Resource
Locator) to divulge confidential information, wire money et
cetera. The report presents phishing (especially BEC) as
attackers preferred way of compromising businesses and
individuals, as they target persons with access to company’s
financial accounts, wealthy people, those with classified
business records as well as public authorities in their scams
[1]. A few precautionary measures were however advised, in
the case of wire money transfer, a second level review of
receiver’s account information using a medium different
from the first level check was recommended .Do not trust
unencrypted, unsigned, or unsolicited emails particularly for
sensitive cases and implementation of multiple controls such
as two factor authentications for financial transactions were
part of the suggested measures [1].
Moreover, Raposo [10] advises that cyber threats
and privacy concerns can be averted, using technology to
intercept the scammers strategies, like phishing emails.
Technical security protection can be enhanced via the use of
firewalls, antivirus, and the use of network sensors like
intruder detection systems (IDS) to protect internet
gateways. While Hadnagy [6], argued in favour of
psychological standpoint and maintained that attackers are
known to apply psychological tools such as manipulation, to
persuade users to provide or capture sensitive information
using malicious links or security breaches through which
users are defrauded therefore, same principles should be
applied in mitigation. Similarly, Dix [5] depicts that the
study of the mind and user behaviour regarding
cybersecurity or action and cognitive reasoning will help
users understand, detect, and unravel cyber threat prior to an
attack. They opine that cloud security such as firewalls and
antivirus are effective where human vulnerabilities have
been duly managed [5]. A position that aligns with the study
by Ki-Aries and Faily [8] where they upheld, technology
alone cannot safeguard the virtual world but instead
recommend the concept of socio-technical
(cyberpsychology) approach to solving cyber threats, that is
the study of mind and behaviour aligned with human
computer interaction (HCI). The study orates that
psychological precepts are applied in social engineering
attacks and as such, same approach should be applied to
thwart such assaults for effective solution [8].
2.1 RESEARCH GAP AND CONTRIBUTION TO STUDY
This aim of this paper is to evaluate the state of
cyber security in the financial sector using the analysis of
online financial scam, in other to ascertain the security of
the virtual world of financial transactions and the needed
remediation and enhancement. The literature review thus far
reveals the associated risks and measures so far taken. It
also finds that established cyber security measures have not
been effective till now because of failure to include the
“human factor” that is the application of socio-technical
measures in combating cyber threats, arguing that since
psychological principles are used in cyber-attacks, same
principles must be employed in combating cyber threats [8].
It appears that there have not been or insufficient deliberate
research in the field of combining psychological principles
to technical measures in mitigating cyber threats especially
in the finance sector and that is the gap this paper seeks to
fill.
2.2 RECOMMENDATION AND CONCLUSION
The report conducted reveals users’ preference for
online financial services but, security vulnerability around
online financial services (wire transfer) due to cybersecurity
lapses exists. The report also exposes that attackers exploit
these lapses via social engineering tactics [8]. Taylor [17],
claimed that technology alone has not been effective in
mitigating online financial scams. This research therefore,
recommends that the above hypotheses be tested to ascertain
if a combination of psychological principles with
technology (socio-technical) will bring about more secure
cyber space, a stance also supported by Ki-Aries and Faily
[8] and Taylor [17].
REFERENCES
[1] A. D. C. M. L. L. M. a. R. O. Sfakianakis, "15 Top Cyberthreats and
Trends," ENISA Threat Landscape Report 2018, Heraklion, 2019.
[2] FBI,
"https://assets.documentcloud.org/documents/6299590/Obinwanne-
Okeke-Affidavit.pdf," 02 August 2019. [Online]. Available:
https://assets.documentcloud.org/documents/6299590/Obinwanne-
Okeke-Affidavit.pdf. [Accessed 20 November 2020].
[3] A. Bryman and E. Bell, Social Research methods, Oxford: Oxford
University Press, 2012.
[4] R. T. J. a. H. M. Dhamija, "Why phishing works," in In Proceedings
of the SIGCHI conference on Human Factors in computing systems,
2006.
[5] A. D. A. F. J. A. G. a. B. R. Dix, Human-computer interaction.,
Pearson Education., 2003.
[6] C. Hadnagy, Social Engineering: The Art of Human Hacking.,
Indianapolis:: John Wiley & Sons., 2010..
[7] H. K. N. P. A. a. M. A. Karjaluoto, "Predicting young consumers' take
up of mobile banking services.," International journal of bank
marketing., vol. 28, no. 5, 2010..
[8] D. a. F. S. Ki-Aries, "“Persona-Centred Information Security
Awareness,," Computers & Security, vol. 20, pp. 663-674., 2017.
[9] T. B. S. a. M. S. Natarajan, "Customers Choice amongst Self Service
Technology (SST) Channels in Retail Banking: A Study Using
Analytical Hierarchy Process (AHP).," The Journal of Internet
Banking and Commerce,, vol. 15, no. 2, pp. 1-16., 2010.
[10] D. Raposo, "Software Security," SCADA Security, Florida, 2018.
[11] E. a. H. H. Scornavacca, "Mobile banking in Germany: a strategic
perspective," International Journal of Electronic Finance, vol. 1, no.
3, pp. 304-320, 2007.
[12] H. Scott, "Corporate Wire Transfers and the Uniform New Payments
Code," HeinOnline, vol. Colum. L. Rev, no. 83, p. 1664, 1983.
[13] W. Shehzad, "Outlining purposes, stating the nature of the present
View publication stats
research and listing research questions or hypotheses in academic
papers," Journal of technical writing and communication,, vol. 41, no.
2, pp. 139-160, 2011.
[14] S. S. V. a. S. R. Singh, "Customer acceptance of mobile banking: A
conceptual framework.," Sies journal of management, vol. 7, no. 1, pp.
55-64, 2010.
[15] D. a. A. A. Smith, "YOU'VE BEEN HACKED: A TECHNIQUE FOR
RAISING CYBER SECURITY AWARENESS.," Issues in
Information Systems, vol. 20, no. 1, pp. 186-194, 2019.
[16] H. Song, "An exploratory study of macro-social correlates of online
property crime.," scholarcommons.usf.edu, Florida, 2017.
[17] J. M. J. F. J. B. A. M. A. a. D. J. Taylor-Jackson, "Incorporating
Psychology into Cyber Security Education: A Pedagogical
Approach.," in Proceedings of Asia USEC, 20., Chicago, 2020.
[18] A. a. K. D. Tversky, "Prospect theory: An analysis of decision under
risk," Econometrica, vol. 47, no. 2, pp. 263-291, 1979.
[19] O. a. F. P. Vermesan, Internet of things: converging technologies for
smart environments and integrated ecosystems., Aalborg: River
Publishers, 2013.
[20] G. a. M. G. Williamson, Enhanced authentication in online banking,
Utica: Doctoral dissertation, Utica College, 2006..
[21] C. Yu, "Consumer switching behavior from online banking to mobile
banking," International Journal of Cyber Society and Education, vol.
7, no. 1, pp. 1-28, 2014.