It may be time for a revision of, \u201cthe customer is always right,\u201d at least in the financial sector.That, Boston Police Detective Steven Blair told an audience of bankers at the Boston Fed\u2019s 2017 Cybersecurity Conference on Monday, is because too many banking \u201ccustomers\u201d are fraudsters, who take advantage of the generally laudable desire of front-line employees to provide good customer service.Attendees had heard Kenneth Montgomery, first vice president and COO of the Boston Fed, say earlier that cybersecurity is now, \u201cthe number-one operational and enterprise issue\u201d for the financial sector. He said the worldwide costs of cybercrime are estimated at $3 trillion annually now, and expected to double by 2021.Blair, who handles most of the white-collar and cybercrime cases in the department, said a significant chunk of those losses are coming in two cybercrime \u201chot spots\u201d \u2013 business phishing emails and counterfeit credit cards. \u201cWe\u2019re getting killed. We\u2019re chasing our tails,\u201d he said.He called reports that credit card fraud is declining, \u201cfluff.\u201d\u201cIt\u2019s gotten to inner city kids,\u201d he said. They\u2019re buying them on the black market like crazy \u2013 1,000 at a time. They get all the numbers by email and then make their own cards. Business is booming.\u201dTheir success, he said, is because of another long-time reality \u2013 humans are the weakest link in the cybersecurity chain.We\u2019re getting killed. We\u2019re chasing our tails.Boston Police Detective Steven BlairThat weakness exists at two levels. The one that is better known is when an employee falls for a phishing email and either downloads malware into the company network, or wires money to a criminal\u2019s bank account, thinking the instruction came from a bank officer.\u201cThe emails look really legitimate,\u201d he said, as if they come from the CEO or other high bank officer.Blair said he handles 15 to 20 cases a day involving that kind of fraud, and spends a considerable amount of time contacting banks, \u201cpleading with them to send money back.\u201dThat, he said, is difficult because the \u201creceiving bank\u201d will generally ask for a \u201chold-harmless\u201d letter from the bank that made the fraudulent transfer.He said one of the largest banks in the region, which he called the \u201cevil empire,\u201d generally won\u2019t send out such letters. \u201cThey tell customers they\u2019re on their own,\u201d he said.The other weakness is on display in customer service, he said, when fraudsters, \u201cwalk in with a counterfeit driver\u2019s license. They say they left their debit card at home and need to do a wire transfer.\u201cCustomer service helps them out immensely,\u201d he said, with obvious sarcasm. \u201cThey come in with out-of-state license for an out-of-state customer. They take $10,000 to $15,000 in cash, but also send $200,000 or $300,000 by wire, usually to the UK, China or South Korea.\u201dHe said thieves who know which account they are going to rob will even do some advance authentication work. \u201cThey\u2019re pretty smart,\u201d he said. \u201cThey\u2019ll call customer service a couple of weeks ahead and change the phone number. Then if you call, you\u2019re getting the bad guy.\u201dBlair said a lot of that fraud could be stopped if banks simply got more aggressive about authentication. \u201cMake a copy of every customer\u2019s driver\u2019s license. Then you can pull it up to check. Yes, it takes up a lot of space, but we\u2019ve got the cloud.\u201dHe also said bank service employees should do a more detailed check of the account information. \u201cIf the phone number has changed recently, that\u2019s a red flag,\u201d he said, adding that they should also demand passwords and PIN numbers.He said he is mystified that many banks won\u2019t change their policies because they don\u2019t want to alienate customers. \u201cI\u2019d be happy if my bank was a bit more diligent,\u201d he said.Yet another depressing fact for victims, he said, is that even if a thief is caught, \u201cin Massachusetts, the law is that if he no longer has the money, he doesn\u2019t have to pay it back.\u201dThe only note of hope he offered was, \u201cIf we get notified within 24 hours, we have a good chance of getting it back for you.\u201dOtherwise, \u201cif you want to protect your money, don\u2019t lose it,\u201d he said.What do you think? Head to our Facebook page to let us know.