Securing business data

High Street Bank - Managed Security

Case Study:
High Street Bank with almost 100 Branches Nationwide Chooses CNS as Cyber Security Partners



The Anti-Phishing Security Initiative conducted by CNS for the High Street Bank supports the bank’s aim to offer a better user experience in retail banking. 

CNS’s leveraged its highly experienced Cyber Consultancy Team to communicate with ISPs, work out their needs, meet them and ultimately get the fake sites taken down from the internet quickly.

CNS also created a new anti-phishing 24/7 service to respond to client's needs. Rather than putting an automated, but ineffective, process in place.

With this Initiative the bank  is not just considering the security of its customers’ financial data, it is addressing a problem which affects people extraneous to their customer base. The bank is rejecting traditional, low levels of customer service in retail banking and taking a similar approach to major retailers, such as Marks & Spencer. The bank has achieved discreet but effective online security and is also protecting its corporate reputation.

________________________________________________________________________________________

Client Overview

Banks have always needed to be secure, from the old days of vaults and steel rooms to the online services we now all expect. Our client are one of the more recent High Street Banks, they are serious very serious about their approach to security and phishing in particular. For a new bank promising to revolutionise retail banking, security is important and demonstrates to customers and prospects that they takes good customer service seriously, but without compromising the user experience. 

________________________________________________________________________________________

Key Business Benefits

  • 20 Fake website take downs per week.
  • Increased brand and customer confidence and assurance.
  • Reduced risk of threat and fraud
  • Integration with internal helpdesk and heightened awareness by internal staff
________________________________________________________________________________________

The Challenge

The High Street Bank takes a customer-centric approach to branch security; there are no glass barriers between customers and bank staff for example. The Bank wanted its online security to be equally discreet, but nonetheless vigilant and effective. CNS recognises that heavy-handed online security controls can be detrimental, as users find a way round time-consuming processes.

The challenge for CNS therefore, is to monitor and respond to phishing attacks and fake websites, addressing the root of the problem by ensuring that ISPs take down the sites.

________________________________________________________________________________________

The Solution

CNS sees that phishing attacks have become more sophisticated in recent years, whilst the skills needed to perform them have decreased because of automation. It is not difficult to access the code or find someone with the capability to exploit the poor usability of current web security technologies.  In addition, the sites are often broken-up and located on multiple servers; in effect, fraudsters are now building redundant systems, in the same way that a bank would. Whilst SOCA may prefer to catch ten coders rather than 1000 fraudsters, CNS and The Bank were concentrating on removing fake sites as they appeared, to prevent fraud from occurring and to protect not only the new bank’s corporate reputation and customers, but also the wider online community.

Given the increasing regularity of phishing attacks and the reluctance of ISPs to involve themselves in the removal of fake sites, CNS established a new anti-phishing service to deliver The Bank’s Security Initiative, with the focus on direct interaction with ISPs, rather than an automated response.

“we spent time in the client’s call centre getting a good understanding of the business and the types of phishing scams they were experiencing. This lead to the development of our anti-phishing service; a team which is on call 24/7 to respond to attacks. Rather than being a function of the bank’s security team, we operate as an integrated department, so anyone in the bank can contact us and we deal with it. It makes the process lightweight, but effective consultants are familiar with technology, but also the ways it can be exploited. We believe that online security is no longer about automated tools, but real people responding efficiently”. Phil Atkin Director - Cyber Security & Compliance CNS.

CNS consultants are able to secure the removal of these sites by the ISPs because of their long experience in the sector. CNS makes it easy for the ISP to take down the site by providing everything they need to prove that it is fake. The company identifies the malicious sites’ ISP from the source IP, discusses the problem with the ISP and provides a CNS evidence pack to prove that the site is fake and its owners fraudulent. ISPs are notorious for not responding to these sorts of requests, but CNS consultants work with their counterparts at the ISP until they find a way.

CNS has created a new anti-phishing 24/7 service to respond to The Bank’s aim. Rather than putting an automated, but ineffective, process in place, 

CNS has created a new anti-phishing 24/7 service to respond to Metro Bank’s aim. Rather than putting an automated, but ineffective, process in place, 

“We believe that all banks should do what they can to eliminate fraud connected to their brands. Our call centre has reported phishing scams and CNS has eliminated them all. This combination of call centre involvement and experienced technology consultants has proved highly effective in ensuring The Bank presents a robustly secure image to the world.”  Technical Manager, High Street Bank


CNS’s anti-phishing team manage a very straight-forward process which involves:

1. Analysis of the threat

2. Tracing of site owners

3. Evidence pack which meets the requirements of ISPs. This usually includes:

  • Screen shot of the malicious site
  • Link to legitimate site
  • Tracing & registration information

4. Removal of the fake site by the ISP

Result 

The Ant-Phishing Security Initiative run by CNS has enabled The Bank to maintain its corporate profile and its retail, rather than banking, levels of customer satisfaction. The Bank has been able to establish a reputation for ruthlessly removing fake sites and protecting its image. Since the Security Initiative’s inception, CNS dealt with up to 20 fake websites and phishing attacks a week. 

Get in touch

Talk to our experts today
call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere