By Dateline India Syndicate
Every year, hundreds of millions of dollars are stolen from online banking services. The increase in mobile banking activity is further adding to the risk. Unfortunately though the threat has evolved – the bank security hasn’t kept pace.
In the period between April to May 2014 Kaspersky Lab solutions — a global security intelligence and innovative security technologies company blocked 341,216 attempts to launch malware capable of stealing money on user computers from online banking accounts.
This itself was a 36.6% increase compared to the previous month (249,812) which could be because of malware activity during the vacation season, when customers actively use their payment data to make all types of purchases online.
Brazil, Italy, Russian Federation, USA, UK, Germany, India, Austria, Vietnam and France were among the Top 10 countries based on the number of users attacked.
Traditional financial security measures – including one-time passwords (SMS, TAN generators), tokens and CVV2 – are inadequate protection against banking Trojans that are able to bypass all the security technologies.
Inspite of all the security measures, organized gangs of criminals using increasingly sophisticated techniques can compromise the security of online and mobile banking services; redirect customer transactions to fake websites; steal customers’ account details and passwords and complete fraudulent financial transactions
The cyber criminals, find it relatively difficult to gain direct access to a bank’s own systems, instead target the ‘weakest link’ – the bank’s customers.
That is because the customers don’t understand the need for security and many of them do not have any security installed on their computers.
The irony of the situation is that even if the customer account is hacked, every time a customer suffers an attack, the bank could lose money… and its hard-won business reputation could be severely damaged.
Even customers who run security software on their PC or Mac may not have adequate protection on their smart phones and tablets. These unprotected endpoint devices outside the security perimeter of the traditional banking security technologies add to the vulnerability.
Experience has shown that even if Banks offer free endpoint security software to customers, there may forget to install it. So – in addition to helping customers to protect their endpoints – banks also need to analyze a customer’s online transactions – in order to block any fraudulent transactions and bolster their own defenses against threats originating from customers’ devices.
Some security products can perform complex ‘risk score’ analysis –based on a range of factors, including the identity of the customer’s device, customer behavior patterns, session and transaction parameters, and more – in order to block malicious transactions.
Although most banks employ highly-skilled Fraud Analysts and IT Security Administrators and Managers, these personnel primarily focus on bank-related security issues and they may not have detailed knowledge of emerging cybercrime techniques, new malware threats and the latest innovations in IT security.