Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Malware attacks on banking and what the finance industry should do to regulate against these attacks.

As the internet continues to provide more ways to add convenience and enrichment to our lives, it becomes a fertile ground for today’s e-criminals who are technically savvy, highly motivated, and highly focused in their attacks. It used to be that thieves could only steal from those close enough for them to touch. Now, assets can be plundered from half a world a way, drastically increasing the number of malevolent actors we need defend against. How can we beat this global threat of cyber crime? Fundamentally, a flexible security approach is perhaps the single-most important step to protect against hacking-based theft.christy

Emerging online threats bring to light the sophistication of today’s hackers – which starkly contrast the preparedness of most financial institutions. Organised cyber criminals cleverly exploit the unprotected and exposed vulnerabilities of end users and their PCs. They perpetuate advanced targeted attacks, taking a variety of forms, from social engineered phishing email attacks that trick users into disclosing authentication credentials onto a counterfeit web site, through to drive-by download of spyware, virus and malware on the PC without the users’ consent. 

Web malware is perhaps the most dangerous, along with stolen or weak credentials, causing the most worrisome security breaches. Existing traditional firewall, IDS, antivirus and gateway defences provide little protection against them. These sophisticated exploits are able to control the application used to transact online (e.g. the web browser) and can be successful irrespective of the authentication method in place.The threats they pose to the resources and data of both financial organisations and users are contributing to rising fraud-suffered losses.

Understandably, most financial organisations are feeling some level of insecurity, and if they’re not, they should be. In the past few years there have been a spate of attacks by hackers and other cyber criminals. One of the most notorious being the attacks using the Zeus Trojan malwareto scam hundreds of millions of dollars from banking customers around the world, demonstrating that there are seriously skilled and dangerous cyber criminals out there, and that no financial organisation should rest on its laurels.

In light of this, the classical “perimeter” defence no longer exists as a method of securing online assets.Security threats are advancing at a rapid rate and therefore the level of protectionemployed by an organisation must be heightened. With the number of security attacks varying in strength and design, a proactive means of securing data and resources is required. To help identify the gaps in endpoint security and flexibility needed to serve a broad user base, fraud risk assessments must be conducted.

Notwithstanding, many financial service organisations are not equipped with a layered security and fraud prevention strategy advocated by regulators and security experts. Many are constrained by limited resources, fear of alienating customers with unfriendly user-interfaces or simply ablinkered view of the risks associated with cybercrime.The next level of technology to be adopted by banks needs to be cost effective, multi-functional, and holistic to ensure both security and compliance requirements can be addressed for the medium and long-term (such as avoiding fraud losses, minimising reputational risk, limiting customer impact, and scaling for the future).

Banks in particular now have a wide selection of token and token-less authentication, out-of-band (OOB) verification, malware detection and device/IP profiling, and risk scoring options to employ stronger adaptive authentication and real-time fraud prevention. Their retail and corporate customers can be distinguished for the appropriate level of security and user-friendliness, as well as contextually invoked for step-up authorisation on riskier transactions. This ensures compliance can be achieved when dealing with the multitude of customer data that streams through their online systems.

As more banks extend mobile banking and payment services, threat and risk opportunities for cyber criminals to perpetrate cross-channel fraud increase. To remain compliant banks must realise that the level of threats are ever changing and in order to prevent a breach they must have more flexibility in adapting security to their online and mobile applications. The increasing number of end users accessing networks via mobile devices, some of which will be unauthorised personal devices, means that defence in layers beyond strong user credentials is ever more apparent. As mentioned earlier, the most dangerous threats to a bank is unauthorised users hijacking the online experience of legitimate end users, and the mobile platform present similar threats and risks. 

Banks looking to migrate services to the cloud to harness efficiency and scalability will also require a cost-effective, in-depth security solution that is highly manageable and convenient for a large volume of end-users.Despite the increase of sophisticated malware, which has been a strong catalyst for more multi-layered security, banks need to strike a delicate balance between regulatory and risk requirements and their customers’ user experience to retain online transaction efficiency.

Whilst all of the above should be on the radar of all senior finance professionals who need to meet compliance regulations, there are plenty of warning signs out there aside from the security threats themselves. Earlier this year the Financial Services Authority (FSA) revealed that more than half of the fines handed out to financial services businesses in 2011 were due to weak risk management systems, including inadequate anti-money laundering controls and ring-fencing of client assets. A lightly disguised warning from the FSA on the need for financial organisations to prioritise their risk management strategies; this should not be ignored as the level of fines is likely to increase.