The ground-breaking Dutch neobank, bunq, is renowned for its mobile app-driven financial management services, offering its customers real-time account management and automated budgeting. A decade into their journey, bunq is the second-largest neobank in the EU, helping over 10 million customers bank better every day.
However, like many digital banking platforms, bunq faced potential cybersecurity challenges. As part of its commitment to its customers, bunq needed to optimize its efforts in combating phishing attacks as a part of its customer protection stack.
In a recent LinkedIn post, Ali Niknam, founder and CEO of bunq stated the following:
“Online fraud is a huge problem. Not a bunq or banking problem, but a social problem. A problem that we can only solve together if we dare to look at the objective facts.”
Phishing sites are a digital plague, with 1.4 million new sites cropping up daily, cleverly designed to deceive and exploit users. The rise of “phishing-as-a-service” platforms and “phishing kits” has only intensified the problem, making it alarmingly simple for bad actors to launch attacks. For bunq, this wasn’t just a security concern; it was a matter of maintaining customer trust and the integrity of their services on behalf of their growing customer base.
bunq cybersecurity goes a step further
Previously, bunq’s approach to countering these attacks was reactive and manual, stretching across different teams, which could potentially result in inefficiencies and delays in phishing site takedowns. It was clear that a change was needed—a solution that would protect customers and align with the bank’s forward-thinking ethos instead of playing whack-a-mole as sites became active and began engaging in nefarious activities. They needed to react instantly and effectively to take down phishing domains before they could cause any harm to their customers.
Recognizing that the intricacies of processes and limited oversight throughout business operations can present challenges in maintaining operational resilience, and adhering to emerging regulations on resiliency, bunq resorted to automating the process through Camunda, the process orchestration platform, with the vision of revolutionizing bunq’s anti-phishing efforts. By integrating process orchestration, bunq had a clear goal: to enhance the detection of malicious sites, expedite their takedown, streamline repetitive tasks, and solidify user security and trust—all while achieving operational cost savings and remaining compliant with the strictest cybersecurity regulations and best practices.
Camunda was chosen for its flexibility and ease of integration, crucial for handling bunq’s complex processes. Its open architecture was tailor-made for bunq’s needs, fitting seamlessly within its existing tech ecosystem and empowering the bank’s diverse cross-departmental teams to readily embrace process automation. bunq can now proactively take down phishing sites before they become active, actually stopping the fraudsters before they can cause any harm. Previously, fraustears had around two weeks to set up deceptive schemes after site registration. Now, because bunq is sending the takedowns before they’re even active, they can stop the activities of bad actors from the start.
The introduction of process orchestration improved team coordination significantly, automating crucial steps like alerts, verifications, and communications. While integrating with legacy systems posed a potential challenge, a phased approach and Camunda’s expert support team ensured a smooth transition.
bunq phishing prevention has a big impact
The impact was immediate and profound: bunq slashed the time needed to take down fraudulent websites from weeks to only hours. The volume of takedown requests surged, signaling a proactive and more effective system. Leveraging Camunda, bunq can now process potential phishing sites has at an increased volume, taking down as many fraudulent cases every two months as they previously did in an entire year.
By minimizing manual errors and decreasing threat response time, bunq not only strengthened its defenses but also enhanced its adherence to regulatory standards. bunq was able to maintain a proactive stance in defense of its customers, ensuring their protection remained paramount and living up to its promise of being “the bank of the free.”
Extra benefits of adoption
The collaboration with Camunda and its wider usage has had a ripple effect throughout bunq. bunq were using Camunda so widely, that people felt more and more inclined to try on their own projects.
bunq’s vision continues further. Plans are underway to expand process orchestration to automate more security processes, promoting the continued adoption of company-wide process orchestration. bunq is set on a path to further refine operational efficiency, reduce costs, and scale growth.
Pioneering customer protection
bunq’s strategic adoption of orchestration technology has further bolstered the bank’s credentials as a pioneer in the industry, demonstrating that customers’ best interests are at the heart of their operations. The shift towards empowering employees to take charge of automation is a testament to bunq’s commitment to progress and customer-centricity. As bunq continues to challenge the status quo and Camunda remains at the cutting edge of process orchestration, working together they create an impressive and pre-emptive force against cybersecurity threats. It’s not just about fighting phishing; it’s about setting a precedent for proactive protection and continuous innovation, ensuring that customers’ banking experiences are as secure as they are seamless, now and for the future.
To learn more about how bunq leveraged Camunda to improve phishing site takedown times, customer safety, regulatory compliance, and brand reputation, please see our in-depth case study.
Start the discussion at forum.camunda.io