,

Republic in the Finance Sector

Cultivating Cyber Secure Behaviour in Finance

Technology has revolutionised the way the finance industry operates, giving significantly greater control to the end-user over their finances.

However, the digitisation and automation of the finance sector has inadvertently created novel ways for attackers to conduct their fraudulent activity , whether that be against the individual and/or the bank itself. As a result, the weaponisation of technological changes has become a lucrative endeavour for cyber criminals, demonstrated by the fact that in the first half of 2023 alone, fraudsters stole over half a billion pounds (£580m; UK Finance, 2023).

Fraud often, if not always, involves an element of manipulation; convincing a person to do something against their best interest. As such, successful attacks not only have financial implications, but also often result in psychological harm, trauma, and aversions to technology, that have significant ongoing impacts on the personal life of victims (Button et al., 2014).

Mechanisms for Fraud and Manipulation

Broadly, fraudulent online and banking activity falls under two categories:

Authorising Push Payments
This is convincing (manipulating) someone to authorise a payment or make a payment that’s against their best interests. These forms of fraud involve a high level of psychological, emotional manipulation. The victim is being targeted directly such that they feel comfortable enough to send money to a fraudulent destination. This includes scams such as:

Purchase Scams

Convincing someone to pay for goods or services that never materialise.

Romance Scams

The manipulation of others to make them believe they are in a relationship, before extorting them.

Impersonation

Pretending to be someone else (e.g. friend or relative), to manipulate the victim into transferring money.

Credential Theft and Fraud
Fraudsters will utilise credentials they should not have (i.e. bank accounts and cards) to conduct fraudulent activities directly. Attackers will often manipulate credentials from the victim to make the purchase or transfer themselves or may even use such credentials to convince the bank to make an unauthorised payment. This tends to take two forms:

Card Present Purchases

The use of a counterfeit, lost or stolen card, or intercept a card that is being sent out by the bank, to make fraudulent purchases.

Card Not Present (Remote Purchase):

Using leaked card and bank details from data breaches, phishing emails, malware or card skimming to make purchases.

How Does Republic Help Prevent This Fraud?

Republic assesses and intervenes on behaviours that increase the risk of both Authorising Push Payment fraud and Credential Theft, such as:
  • Responding to a suspicious (behavioural exploit)
  • phishing message or email, vishing call or smishing text.
  • Connecting freely with unvalidated connections.
  • Not challenging strangers or doing so unconstructively.
  • Failing to report.
  • Ignoring incident cues, like spotting red flags on websites.
  • Undertaking risky online behaviours.
  • Not preventing eavesdropping and shoulder surfing.
  • Working in public.
  • Poor password hygiene.
Republic reduces the risk of fraud by not only focussing on specific risky behaviours, but also by influencing overarching drivers of security behaviour, such as social norms, sentiment, and perceived efficacy. In doing so, Republic reduces the threat of known risks while equipping users with the tools needed to behave securely in response to future threats.

Start Protecting Your Business Today

Please let us know what's on your mind. Have a question for us? Ask away.

Latest Post

recyber logo_female2
Products
  • Republic
  • Services
Contact Us
Newsletter
Get exclusive deals by signing up to our Newsletter.
Follow Us On LinkedIn
© Recyber Opco Ltd, 2025. Registered in England - Company number 15294137