The cyber-attack on British Airways that compromised customers personal and financial data serves as a pertinent reminder of the risk of putting our data online and the sophisticated measures today’s criminals are taking. Most firms, JM Finn included, place the security of their data as a top priority. This is evidenced by the spend within the IT budget on cybersecurity, including the installation of multi-faceted detection and prevention tools, the quality and experience of our IT staff and the mandatory training of our staff.
This last point is crucial as a firm can have the most sophisticated prevention software in place, but more often than not data breaches occur as a result of human error. Phishing, when someone impersonates an organisation or, in our case a client, with the aim of getting them to transfer money elsewhere, is the main threat to firms such as ours. At JM Finn, head of IT Jon Cosson who recently achieved an MSc with distinction in Cyber Security, goes to great lengths to remind staff about the dangers inherent with online communication and is always keen to show us that people are often the weakest link.
To counter some of the threats and risks to us and your data, we have put in place a number of new measures in addition to current policies, some of which might seem to be compromising the service we offer, but we believe these are measures that are essential in safeguarding our clients’ privacy, financial information and funds.
Cheque payments
We will no longer be offering cheques as a payment tool. Payments will instead be made electronically via BACS or CHAPS. This will help to protect your payments from being intercepted or amended by potential fraudsters and increase the speed at which you receive your funds.
Third party payees
From 1 January 2019, we will be reducing the list of third party payees that we allow to be paid from a client’s account. This change is designed to protect clients from payment fraud which may arise from client or payee email accounts being hacked and payment instructions being redirected to the fraudster. The firm will instead send funds to the client’s own account.
We recognise that some existing arrangements will have to change but firmly believe this is in the best interests of all.
Email fraud
Email payment fraud occurs when a fraudster hacks into the email communications between a client and a company. The fraudster places malware into a computer which will lie dormant, monitoring email activity until it recognises specific keywords relating to a request for payment. The fraudster will then contact the client and either amend a genuine payment request with different bank account details or send a request informing the client that the company's bank details have changed and requesting that they transfer the funds into the 'new' account. This type of fraud can be difficult to identify as the payment request will appear legitimate and also be a payment the client is expecting to make.
Please contact your investment manager to discuss how these changes might affect you and for any other concerns you may have.
Please also ask about our award-winning client portal which, in addition to providing up to date information about your portfolio, also stores your account documentation securely and supports secure messaging to share sensitive documents, like copies of your passport and bank statements, helping you avoid increasingly vulnerable emails. Available via an app, you can also use your fingerprint (where supported) to avoid the headache of forgotten passwords to access the portal in seconds.
An award winning portal: Won Best Online Development at the Systems in the City Awards 2017. View the portal via the app.
