The loans, savings and payments market is changing and becoming increasingly more challenging with the advent of new parties and the dawn of the data age. In this highly dynamic environment, institutions must give first priority to the security, governance, optimum use and quality of...Read more
Cybercrime has increased over the past few years. This is dangerous for you as a bank customer, but also for the economy and the financial system. Below, you can read what you can do against cybercrime and what we do at De Nederlandsche Bank (DNB).
Risks for you as a customer…
Digital innovations make life easier when you make payments and do your banking. If you want, you can immediately transfer money or pay for your groceries using our card, smartphone or wearable. At the same time, digitisation has led to new types of crime. Consumers are an important target. Criminals nowadays use phishing, smishing and spoofing techniques (see definitions in the box below) to try and gain access your bank account. While the number of victims of more conventional types of crimes, such as burglary and theft, has steadily decreased in the Netherlands, an increasing number of people fall victim to cybercrime.
…but also for our financial system
Cybercriminals target not only consumers but also financial institutions such as banks. For example, they try to steal large sums of money or customer data from a bank. They may also try to put financial institutions out of operation by means of a cyberattack. This could in turn affect other financial institutions. In a worst-case scenario, all electronic payments would be down. This would cause serious disruption to our economy and society.
Ransomwhat? Frequently used jargon
Spoofing Criminals pose as someone else, for example by mimicking your bank's website or telephone number.
Phishing Criminals use falsified websites or emails to obtain your bank login details.
Smishing Phishing using text messages (SMS).
Ransomware Criminals effectively take your computer hostage by making it unusable and demand a ransom.
DDoS attack Someone directs a massive amount of traffic to a website, so that it goes down.
Malware Harmful software that allows criminals to access or damage your computer.
What you can do against cybercrime
All in all, cybercrime poses serious risks. Fortunately, there are several things you can do to prevent becoming a victim. A few examples:
- Never disclose your login details to anyone over the phone, by email or any way other than prescribed by your bank. Your bank will never ask you to share your login details by phone or email.
- Do not use a public WiFi network to log into your banking environment.
Never click any links or open any attachments you have not asked for, not even if they appear to be sent by your bank.
And there is much more you can do. You can find more information on the following websites:
What the financial sector does
Financial institutions also work hard to fight cybercrime. Each year, banks and other financial institutions invest millions of euros to safeguard the security of online banking and other applications. Working closely alongside the police and law enforcement, they also share information among themselves and join forces to educate the general public, such as in the information campaign on secure banking (Dutch only).
What we do
At DNB, we do everything we can to make sure that financial institutions are resilient against cybercrime:
- We have developed a programme of test attacks to assess whether banks and other institutions in the core of our payments infrastructure can withstand cyberattacks. This TIBER-NL programme was conceived by DNB, but other sectors in the Netherlands have also rolled it out, as have central banks in the EU.
- We also hold crisis drills with the financial sector on a regular basis to practice our response to fictitious severe disruptions of the payment system, caused for example by a cyberattack.
- As part of our supervision, we also check whether financial institutions adequately manage their IT, including their cybersecurity. This concerns institutions such as banks but also, for example, firms operating as a link between a shop and your bank. We expect them to have their payment systems up for nearly 100% of the time. If a financial institution has shortcomings, we discuss these or may impose specific measures.
- We work alongside and share information with financial institutions and the government.
- We provide input for European laws and regulations. For example, a current trend is that financial institutions outsource their IT processes to big technology firms (BigTechs), giving rise to new security risks. This is why the European Commission is considering the need for new rules, including on supervision.
Besides cybercrime, online privacy is a subject of vital importance. As you share your personal data with banks and other firms, they must handle those data securely and with due care. Financial institutions can share your data, but only with your express consent, under the revised European Payment Services Directive (PSD2). For more information, go to our PSD2 page. The Dutch Data Protection Authority supervises the processing of personal data.