How to strengthen weak links in your security

The past year has provided more sobering examples of just how big a threat cyber criminals and fraudsters pose to all industries, particularly financial services.  Even tech giants like Google have been vulnerable to hackers.

Human action remains the largest threat to bank security. Despite this, your business also needs to be ready to tackle the other risks it faces in the digital age.

Encouragingly, the development of cutting-edge technologies like geolocation and biometric authentication could provide increasingly powerful weapons in the fight against fraud over the coming years.

The weakest link in mobile banking security?

In a recent report focusing on security in mobile banking, Mobey Forum, a global industry body representing financial institutions (FIs), said human fallibility has become “one of the biggest risks” for banks to manage. The potential for human error has made end users of financial services a key target for criminals through schemes such as social engineering and phishing, as well as the fraudulent impersonation of individuals to access new apps and services.

Ron van Wezel, co-chair of Mobey Forum’s Risk Mitigation Workgroup, said the rising complexity of mobile devices, applications and operating systems can become such a distraction for FIs that they overlook the user-oriented threats that “are now commonplace in mobile fraud”.

Sirpa Nordlund, the industry group’s executive director, said banks must strike the right balance between user convenience and security.

“To succeed, banks must take a holistic view of risk; one that considers the weaknesses in both the technologies and their customers’ behavior,” she added. “As adoption rates increase, device-oriented financial services will diversify, making the risk landscape more convoluted and difficult for banks to navigate.”

How to keep up with evolving threats

Many factors are contributing to the evolving threat landscape in financial services, some of which go far beyond human fallibility.

Speaking to the Guardian, Ilia Kolochenko, chief executive of web security firm High-Tech Bridge, pointed out that an increasing number of skilled computing professionals are “turning to the dark side” and working for criminals, because they can’t find regular jobs. “And at the same time you’ve got a lot of companies trying to optimize their costs, and preferring to save money on the cyber side,” she added. “It’s hard to predict how successful and how large the scale will be, but I’m pretty sure it will get worse.”

If one thing is clear, it’s that cybersecurity isn’t an area where banks should be cutting back. Simon Moores, an independent security consultant, pointed out that there are thought to be more than 500 million different types of malware in circulation. Malware can pose just as big a risk to corporate IT infrastructure as it does to personal computers, so it’s vital that assets like your ATM network are equipped with software that can identify and neutralize these threats.

With such a wide range of risks to contend with, what other solutions are available to help you keep your systems and customers safe? One technology that offers promise is geolocation, which could strengthen online banking security and fight threats such as card-not-present fraud. Posting on the Samsung Insights blog, Jea Yu, co-founder of Undergroundtrader.com, pointed out that geolocation can reduce the risk of fraud by pairing the location of a payment card with the customer’s phone to verify their identity.

As far as mobile banking and payments are concerned, another technology that could advance the fight against fraud is biometric authentication. In Thailand, all mobile operators will soon be required to have an online fingerprint ID system in place for SIM card registration, which will be used to verify payments. Some 14 million of the country’s 103 million mobile subscribers use mobile banking, according to the National Broadcasting and Telecommunications Commission (NBTC).

“We urge all mobile users to participate in the system to ensure greater security of the mobile banking channel and prevent the risk of fraud, which is likely to increase in a cashless society,” said NBTC secretary-general Takorn Tantasith.

Whatever new threats arise in the future, innovations and initiatives like these will become increasingly important if the financial services industry wants to stay one step ahead of the criminals.

Written by DenaHamilton

Dena is NCR's Director of Enterprise Fraud & Security Software Solutions. She specializes in fraud, risk, compliance and security, with over 35 years of experience in the financial services space. Her focus is the development and deployment of enterprise financial crime solutions optimized in prevention, detection and back office efficiency.

Read more articles from Dena Hamilton