By Faisal Nadeem
Technology has revolutionised all sectors of business including banking. Banking is quicker and easier than ever before. With ease of access to new technologies, customer expectations are also increasing. Customers expect easy, instant access to their financial information yet at the same time want the highest levels of security to be the number one priority. Balancing these two issues is key for financial institutions.
To keep up with customer expectations banks must upgrade and adapt their technology to meet these new challenges. If they fail to do so then businesses will remain vulnerable to attacks by cybercriminals. These security breaches can lead to fraud and other malpractices. The number of fraud cases is rising every year due to the variety of different methods that criminals use.
This article looks at some of the security issues faced by banks today including:
- DDoS security
In the current banking landscape, cybersecurity is a major problem facing the finance industry. With advances in technology there has been a considerable shift in the way customers deal with their banking transactions. Rapid increase of digital channels like ATMs, credit cards, e-wallets, mobile wallets, mobile banking and internet banking has increased the exposure to cyberattacks such as:
- unauthorised access to the bank’s network and system
- financial data loss that includes customer personal information, credit card information etc.
The advancement of technology brings a new generation of ransomware and cyberattacks. Various security factors need to be considered by banks like multi-factor identification and image recognition with strong password policies.
Distributed Denial of Service (DDoS) attacks are co-ordinated online attacks. The perpetrators overwhelm a bank’s servers with large number of requests or transactions that affect the bank’s server, forcing it to slow down or completely come to a standstill, interrupting banking services. Token-based security with limited time access after authentication is effective against these attacks and is considered best policy.
Phishing is the most straightforward bank security issue whereby criminals will try to obtain banking details or personal information via unethical or illegal means. They try to scam bank customers over the phone or by email. A fake email or message will warn customers about some security incident or closure of account and encourage the customer to expose security information of their bank account. One reason this is so successful is because fake emails or messages feel authentic to customers and it is difficult for the banks to notice this issue early enough to prevent fraud.
Criminals hoping to scam unsuspecting customers set up websites that look and feel identical to authentic finance providers. They use the same logos and imagery and can be exceedingly hard to spot. Customers are lured into revealing their personal information which in turn can be used to commit financial fraud, spread malware through infected links and create havoc in the banking system. This also leads to a loss of reputation and public confidence in an organisation. Banks can protect against spoofing by creating awareness amongst their customers, urging them to be vigilant for the signs of a spoof, whether by email, web, or phone. In particularly, customers need to look for poor spelling or grammar and any unusual sentence structure or word phrasing or by checking the email address or URL which are often modified by one or two letters.
Criminals use skimming devices and attach them to an ATM machine and then when the customer swipes their credit card or debit card it captures important information like their PIN number and personal account information. Later, their personal banking information can be used for fraudulent online transactions.
What is clear is that the war on fraud is far from over. The double-edged sword of providing quicker, easier access to customers whilst making it harder for criminals, will continue to remain the number one issue for banks and their customers for the foreseeable future.
Faisal Nadeem, Solutions Developer, Qarar
Faisal has over 12 years’ experience in the design, development and implementation of system solutions across a broad range of industries including finance, e-commerce, telecommunications and oil & gas.
As a Solutions Developer at Qarar, Faisal is the project architect for the full product lifecycle, including analysing, designing, developing, testing and documenting solutions; together with providing client support to resolve complex system queries. Faisal holds a B.Sc. degree and a Microsoft Certified Solutions Developer certification.