Security and fraud prevention
We are working harder than ever to keep our customers safe and secure. It is vital we protect their money, personal information and the services they rely on.
During 2019, the impact of scams on our customers has increased as methods used by organised crime groups has evolved and become more sophisticated. At the same time, our customers and NatWest Group continue to face the threat of fraud. Across the financial industry, criminals continue to exploit compromised data, and obtain customers’ security information through social engineering and, on occasion, bypassing our security checks.
In 2019 our security systems detected and stopped over 569,660 instances of fraud against our customers with a value of £256.8m (*) and last year reduced the 3rd party fraud against our customers by 8%. It is in response to these threats, we are continually improving our security using innovative solutions, introducing additional security features for our customers and collaborating with our peers across the industry. We are upgrading our payment profiling system to allow us to profile unusual activity for each customer individually.
NatWest, Royal Bank of Scotland and Ulster Bank North are founding members of the industry’s Contingent Reimbursement Model to protect and support customers who fall victim to scams. The Code came into force on 28th May 2019 and since introduction we have refunded or returned funds in excess of £14.2m to 2,999 customers.
How we have improved our security
We have continued to implement new and innovative capabilities within the Group to protect our data and our services. New tooling allows us to identify anomalous behaviour on our network and on our systems and allows us to monitor for malicious activity directed at the Group.
During 2019, NatWest Group Security identified criminals attempting to send 11.1m phishing emails to our customers that impersonate NatWest Group brands. 96.01% of these attempts were blocked as a result of enhanced controls deployed by the bank.
Security continues to work closely with our anti-phishing/smishing and online brand protection provider to identify and takedown websites used in phishing emails and text messages. In 2019 we took down 1,149 live websites and proactively identified a further 1,234 websites before they were able to go live as fraud threat to customers. Additionally, through our telecommunications partners we also removed 253 phone numbers that had been set up by fraudsters in an attempt to dupe our customers into divulging banking details that could be used to commit fraud.
We continually educate our colleagues on security, cyber and fraud prevention in order to advise customers and keep them safe. We delivered 609 security awareness seminars and events for around 16,885 customers, staff and industry partners in 2019.
We actively support STEM education (Science, Technology, Engineering & Mathematics) to encourage school pupils to engage with these subjects and careers. We work in partnership with Skills Development Scotland and others to host interactive events to bring these subjects alive, providing an insight into the wide variety of careers available within the technology and cyber industry.
How we keep track of our security needs
- We innovate and collaborate with peers to keep up to date with any developments in the world of physical and cyber security, so we can anticipate threats and improve our responses if needed.
- We work with law enforcement, government and other agencies to share intelligence on emerging threats and security events.